Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] 0day: PDF pwns Windows

from [Casper . Dik] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] 0day: PDF pwns Windows
Date: Fri, 21 Sep 2007 20:34:51 +0200 


But then there is the important concept of the "private 0day", a new
vulnerability that a malicious person has but has not used yet.


But the point is there is no such thing as a 0day *vulnerability"; there's
a 0day exploit, an exploit in the wild before the vulnerability id
discovered.

By claiming all "new" vulnerabilities are 0day the term becomes completely
meaningless; by your reasoning there is no such thing as a non-0day 
vulnerabillity; well, the next they it's no longer a 0day vulnerability but
the funny thing is that everybody keeps calling it that.

When a vulnerability is discovered you cannot be sure no-one found it
before; the only thing you can ever be sure of whether at that point
an exploit was detected in the wild.



I don't like this chain of logic. Whether a new vulnerability is an 0day
or not depends entirely too much on the disclosure process, with funky
race conditions in there.


But by your reasoning *all* vulnerabilities are 0day at some point; or
is the only exception those found by the vendor itself?


Rather, I just treat "0day" as a synonym for "new vulnerability" and
don't give a hoot about the alleged intentions of whoever discovered it.
What makes it an "0" day is that whoever is announcing it is first to
announce it in public. You could only invalidate the 0day claim by
showing that the same vulnerability had previously been disclosed by
someone else.



The point is that it is not supposed to be moniker for vulnerabilities;
it's a moniker for exploits.  In any other context it does not make sense.

Specifically considering that "0-day exploit" is the only definition which
holds meaning with respect to a particular exploit over time.  "An exploit
which existed before the vulnerability was publicly known".

But a "0 day vulnerability" is meaningless as a definition; it applies to
a vulnerability for exactly 24 hours and then is meaningless.  ALL 
vulnerabilities were discovered at some point and had their 24 hours of
"0 day fame" by your definition.  It just does not make sense.

Casper

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] iDefense Security Advisory 09.19.07: Multiple Vendor ImageMagick Multiple Integer Overflow Vulnerabilities, iDefense Labs
Next by Date:  [Full-disclosure] iDefense Security Advisory 09.19.07: Multiple Vendor ImageMagick Off-By-One Vulnerability, iDefense Labs
Previous by Thread:  Re: [Full-disclosure] 0day: PDF pwns Windows, bugtraq
Next by Thread:  Re: [Full-disclosure] 0day: PDF pwns Windows, J. Oquendo
Indexes:  [Date] [Thread] [Top] [All Lists]