Yeah, just for the record, this thread is now hitting google spam filters :S
On Fri, Oct 29, 2010 at 2:03 AM, Josey Yelsef <hg_expo...@yahoo.com> wrote: > 0-day is a scene word. Connotations are inferred, you're more precise > definition is pretty much what people already assume. > > Desensitization to security is a serious issue also. Look at homeland > security's warning level system. Look at the news of deaths in Iraq and > Afghanistan. It's boring as looking up at the blue sky. > > --- On *Thu, 10/28/10, Thor (Hammer of God) <t...@hammerofgod.com>* wrote: > > > From: Thor (Hammer of God) <t...@hammerofgod.com> > Subject: Re: [Full-disclosure] 0-day "vulnerability" > To: "Curt Purdy" <infosy...@gmail.com>, "Thor (Hammer of God)" < > t...@hammerofgod.com> > Cc: "full-disclosure@lists.grok.org.uk" <full-disclosure@lists.grok.org.uk>, > "full-disclosure-boun...@lists.grok.org.uk" < > full-disclosure-boun...@lists.grok.org.uk> > Date: Thursday, October 28, 2010, 5:14 PM > > I would further define it as "code that can be run on a machine remotely > without any human interaction." What I think would be ultimately effective > is if researches and those who make disclosure announcements quit trying to > make their discoveries or processes "cool" and just stick to the facts. > Vendors want to downplay vulnerabilities, disclosures want it to sound as > bad as it can be. That's why we have people describing a user following a > link in an email to download something from their site to be subsequently > executed as "Remote Code Execution" that is "Moderately Critical" as if > there are actually varying degrees of "Critical." > > The same holds true for quantifying "likelihood of exploitation" as "high" > based on what researchers call "extremely common deployment environments in > many businesses" when they are actually inferring what they THINK is common > based on what two of their 5-10 workstation clients are doing with XP > peer-to-peer configurations. > > I think that the only people really paying any attention to this are other > researchers, who basically ignore what other people call something - this > doesn't really benefit the "user." People want the "vulnerability" they > "discover" to be awesome and cool and critical because it substantiates > their egos. For now, preceding anything with "0-day" is a way of invoking > fear and urgency as if it represents some immanent disaster, but soon people > will become desensitized to that as well. > > t > > >-----Original Message----- > >From: Curt Purdy > >[mailto:infosy...@gmail.com<http://mc/compose?to=infosy...@gmail.com> > ] > >Sent: Thursday, October 28, 2010 9:51 AM > >To: Thor (Hammer of God) > >Cc: w0lfd...@gmail.com <http://mc/compose?to=w0lfd...@gmail.com>; > full-disclosure-boun...@lists.grok.org.uk<http://mc/compose?to=full-disclosure-boun...@lists.grok.org.uk>; > full- > >disclos...@lists.grok.org.uk<http://mc/compose?to=disclos...@lists.grok.org.uk> > >Subject: Re: [Full-disclosure] 0-day "vulnerability" > > > >Right as usual t-man, but while we are doing F&Ws job for them, "Remote > >code execution" is: any program you can run on a machine you can't touch > (for > >further explanation, "man touch"). > > > >Curt > > > > > > > >On Thu, Oct 28, 2010 at 12:35 PM, Thor (Hammer of God) > ><t...@hammerofgod.com <http://mc/compose?to=t...@hammerofgod.com>> wrote: > >> None of this really matters. People will call it whatever they want > >to. Generally, all software has some sort of vulnerability. If they want > to call > >the process of that vulnerability being communicated for the first time "0 > day > >vulnerability" then so what. > >> > >> The industry can't (and won't) even come up with what "Remote Code > >Execution" really means, so trying to standardize disclosure nomenclature > is a > >waste of time IMO. > >> t > >> > >>>-----Original Message----- > >>>From: > >>>full-disclosure-boun...@lists.grok.org.uk<http://mc/compose?to=full-disclosure-boun...@lists.grok.org.uk> > >>>[mailto:full-disclosure- > >>>boun...@lists.grok.org.uk<http://mc/compose?to=boun...@lists.grok.org.uk>] > On Behalf Of > >>>w0lfd...@gmail.com <http://mc/compose?to=w0lfd...@gmail.com> > >>>Sent: Thursday, October 28, 2010 9:25 AM > >>>To: Curt Purdy; > >>>full-disclosure-boun...@lists.grok.org.uk<http://mc/compose?to=full-disclosure-boun...@lists.grok.org.uk>; > full- > >>>disclos...@lists.grok.org.uk<http://mc/compose?to=disclos...@lists.grok.org.uk> > >>>Subject: Re: [Full-disclosure] 0-day "vulnerability" > >>> > >>>Yep. Totally agree. Vulnerability exists in the system since it has > >>>been developed. It is just the matter when it has been disclosed or > being > >exploited. > >>> > >>>I would suggest " 0 day disclosure" instead of "0 day vulnerability" > >>>:) > >>> > >>> > >>>------Original Message------ > >>>From: Curt Purdy > >>>Sender: > >>>full-disclosure-boun...@lists.grok.org.uk<http://mc/compose?to=full-disclosure-boun...@lists.grok.org.uk> > >>>To: > >>>full-disclosure@lists.grok.org.uk<http://mc/compose?to=full-disclos...@lists.grok.org.uk> > >>>Subject: [Full-disclosure] 0-day "vulnerability" > >>>Sent: Oct 28, 2010 8:48 PM > >>> > >>>Sorry to rant, but I have seen this term used once too many times to > >>>sit idly by. And used today by what I once thought was a respectable > >>>infosec publication (that will remain nameless) while referring to the > >>>current Firefox vulnerability (that did, by the way, once have a 0-day > >>>sploit) Also, by definition, a 0-day no longer exists the moment it > >>>is announced ;) > >>> > >>>For once and for all: There is no such thing as a "zero-day > vulnerability" > >>>(quoted), only a 0-day exploit... > >>> > >>>Curt Purdy CISSP, GSNA, GSEC, MCSE+I, CCNA > >>> > >>>_______________________________________________ > >>>Full-Disclosure - We believe in it. > >>>Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >>>Hosted and sponsored by Secunia - http://secunia.com/ > >>> > >>> > >>>Sent from BlackBerry(r) on Airtel > >>>_______________________________________________ > >>>Full-Disclosure - We believe in it. > >>>Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >>>Hosted and sponsored by Secunia - http://secunia.com/ > >> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- Cal Leeming Operational Security & Support Team *Out of Hours: *+44 (07534) 971120 | *Support Tickets: * supp...@simplicitymedialtd.co.uk *Fax: *+44 (02476) 578987 | *Email: *cal.leem...@simplicitymedialtd.co.uk *IM: *AIM / ICQ / MSN / Skype (available upon request) Simplicity Media Ltd. All rights reserved. Registered company number 7143564
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
