Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: 0-day "vulnerability"
From: w0lfd33m () gmail com
Date: Thu, 28 Oct 2010 16:51:57 +0000

Yup. We arguing here on fine tuning industry accepted terms would hardly make any difference.  But here we are just 
trying to argue what "should had been" the terminology. 
You can say that just cutting out time when there is really no work ;) :P
Regards;
w0lf
-- sent from BlackBerry --

-----Original Message-----
From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Thu, 28 Oct 2010 16:35:33 
To: w0lfd33m () gmail com<w0lfd33m () gmail com>; Curt Purdy<infosysec () gmail com>; full-disclosure-bounces () lists 
grok org uk<full-disclosure-bounces () lists grok org uk>; full-disclosure () lists grok org uk<full-disclosure () 
lists grok org uk>
Subject: RE: [Full-disclosure] 0-day "vulnerability"

None of this really matters.  People will call it whatever they want to.  Generally, all software has some sort of 
vulnerability.  If they want to call the process of that vulnerability being communicated for the first time "0 day 
vulnerability" then so what.  

The industry can't (and won't) even come up with what "Remote Code Execution" really means, so trying to standardize 
disclosure nomenclature is a waste of time IMO. 
t

-----Original Message-----
From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-
bounces () lists grok org uk] On Behalf Of w0lfd33m () gmail com
Sent: Thursday, October 28, 2010 9:25 AM
To: Curt Purdy; full-disclosure-bounces () lists grok org uk; full-
disclosure () lists grok org uk
Subject: Re: [Full-disclosure] 0-day "vulnerability"

Yep. Totally agree. Vulnerability exists in the system since it has been
developed. It is just the matter when it has been disclosed or being exploited.

I would suggest " 0 day disclosure" instead of "0 day vulnerability" :)


------Original Message------
From: Curt Purdy
Sender: full-disclosure-bounces () lists grok org uk
To: full-disclosure () lists grok org uk
Subject: [Full-disclosure] 0-day "vulnerability"
Sent: Oct 28, 2010 8:48 PM

Sorry to rant, but I have seen this term used once too many times to sit idly
by. And used today by what I once thought was a respectable infosec
publication (that will remain nameless) while referring to the current Firefox
vulnerability (that did, by the way, once have a 0-day
sploit)  Also, by definition, a 0-day no longer exists the moment it is
announced ;)

For once and for all: There is no such thing as a "zero-day vulnerability"
(quoted), only a 0-day exploit...

Curt Purdy CISSP, GSNA, GSEC, MCSE+I, CCNA

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Sent from BlackBerry(r) on Airtel
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]