Hosting Provided By

Re: defining 0day

From: Chad Perrin <perrin(at)apotheon.com>
Date: Wed Sep 26 2007 - 19:10:32 EDT

On Wed, Sep 26, 2007 at 04:25:30PM -0700, Zow Terry Brugger wrote:
> > As a professional, I would be happy to see terms like '0day' banished
> > from the lexicon entirely. It's an essentially meaningless -- all
> > third-party exploits are zero-day to _somebody_ -- term of boast co-
> > opted from the warez scene, and we can do perfectly well without it.
>
> I'd accept that. Can we agree on a term that means: "Right now you're
> learning about a vulnerability for which there is a working exploit, and no
> way to protect yourself short of impacting the availability of your systems
> by unplugging them or disabling the affected service."?
>
> I'd propose "unpatched vulnerability with known working exploit", but it's
> kind of verbose, and I don't think some of the kids joining our ranks can
> string that many complete words together anymore (too much texting).

UV:WE

Unpatched Vulnerability: Working Exploit

. . . or maybe "zero day exploit".

-- 
CCD CopyWrite Chad Perrin [ 
http://ccd.apotheon.org ]
Brian K. Reid: "In computer science, we stand on each other's feet."

Received on Thu Sep 27 17:34:24 2007

This message: [ Message body ]
Next message: dann frazier: "[SECURITY] [DSA 1378-1] New Linux 2.6.18 packages fix several vulnerabilities"
Previous message: Pierre-Yves Rofes: "[ GLSA 200709-16 ] Lighttpd: Buffer overflow"
In reply to: Zow: "Re: defining 0day"
Next in thread: Marvin Simkin: "RE: defining 0day"
Reply: Marvin Simkin: "RE: defining 0day"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sun Oct 28 2007 - 06:18:21 EDT