Hosting Provided By

Re: 0day: PDF pwns Windows

From: Lamont Granquist <lamont(at)scriptkiddie.org>
Date: Mon Sep 24 2007 - 18:57:41 EDT

On Sun, 23 Sep 2007, Chad Perrin wrote:
> In the case of that "private zero day exploit", then, nobody will ever
> know about it except the person that has it waiting in reserve -- and if
> someone else discovers and patches the vulnerability before the exploit
> is ever used, it never becomes a "public" zero day exploit. In other
> words, you can always posit that there's sort of a Heisenbergian state of
> potential private zero day exploitedness, but in real, practical terms
> there's no zero day anything unless it's public.
>
> The moment you have an opportunity to measure it, the waveforms collapse.

The exploit is not made public by its use. The exploit is not even made public by (back-channel) sharing amongst the hacker/cracker community. The exploit is only made public if detected or the vulnerability is disclosed. Until detected/disclosed the hacker/cracker can use their 31337 0day spl01tz to break into whichever vulnerable machines they like. 0day exploits are valuable because the opposition is ignorant of them.

Posting exploits to BUGTRAQ, however, inherently makes them not 0day... Received on Tue Sep 25 11:17:09 2007

This message: [ Message body ]
Next message: Jason Kratzer: "JSPWiki Multiple Vulnerabilities"
Previous message: zdi-disclosures(at)3com.com: "ZDI-07-054: IBM Tivoli Storage Manager Express CAD Service Buffer Overflow Vulnerability"
In reply to: Chad Perrin: "Re: 0day: PDF pwns Windows"
Next in thread: Roland Kuhn: "Re: 0day: PDF pwns Windows"
Maybe reply: rmk115(at)mailandnews.com: "Re: Re: 0day: PDF pwns Windows"
Maybe reply: johanfunsale(at)yahoo.com: "Re: Re: 0day: PDF pwns Windows"
Reply: Roland Kuhn: "Re: 0day: PDF pwns Windows"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sun Oct 28 2007 - 06:17:37 EDT