Hosting Provided By

Re: 0day: PDF pwns Windows

From: Roland Kuhn <rkuhn(at)e18.physik.tu-muenchen.de>
Date: Tue Sep 25 2007 - 13:57:59 EDT

On 25 Sep 2007, at 00:57, Lamont Granquist wrote:

> The exploit is not made public by its use. The exploit is not even
> made public by (back-channel) sharing amongst the hacker/cracker
> community. The exploit is only made public if detected or the
> vulnerability is disclosed. Until detected/disclosed the hacker/
> cracker can use their 31337 0day spl01tz to break into whichever
> vulnerable machines they like. 0day exploits are valuable because
> the opposition is ignorant of them.
>
> Posting exploits to BUGTRAQ, however, inherently makes them not
> 0day...

And my ignorant self thought until this thread that the "0" in the term referred to the number of days of head start granted to the vendor. Silly me. Because that would make all vulnerabilities published without prior warning to the vendor a "0day"...

Roland (who seems to remember that this was once the meaning of this term)

application/pgp-signature attachment: This is a digitally signed message part

Received on Tue Sep 25 14:23:56 2007

This message: [ Message body ]
Next message: Thor (Hammer of God): "RE: 0day: PDF pwns Windows"
Previous message: rocheml(at)httrack.com: "Possible Windows Explorer bad PNG file preview integer overflow handling"
In reply to: Lamont Granquist: "Re: 0day: PDF pwns Windows"
Next in thread: rmk115(at)mailandnews.com: "Re: Re: 0day: PDF pwns Windows"
Maybe reply: rmk115(at)mailandnews.com: "Re: Re: 0day: PDF pwns Windows"
Maybe reply: johanfunsale(at)yahoo.com: "Re: Re: 0day: PDF pwns Windows"
Reply: Thor (Hammer of God): "RE: 0day: PDF pwns Windows"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sun Oct 28 2007 - 06:17:53 EDT