Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] defining 0day

from [Juergen Marester] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] defining 0day
Date: Tue, 25 Sep 2007 23:23:26 +0200 
0day means vulnerability which was never used IRL, or use 0 time, thats why
we use term 0day.

But 0day doesnt mean it's an new type of vulnerability, otherwise the
appopriate term should be 0-vulnerability.

On 9/25/07, Gadi Evron <ge@linuxbox.org> wrote:


On Tue, 25 Sep 2007, Thor (Hammer of God) wrote:

For the record, the original term "O-Day" was coined by a dyslexic
security engineer who listened to too much Harry Belafonte while working
all night on a drink of rum.  It's true.  Really.

t


Okay. I think we exhausted the different views, and maybe we are now able
to come to a conlusion on what we WANT 0day
to mean.

What do you, as professional, believe 0day should mean, regardless of
previous definitions?

Obviously, the term has become charged in the past couple of years with
the targeted office vulnerabilities attacks,
WMF, ANI, etc.

We require a term to address these, just as much as we do "unpatched
vulnerability" or "fully disclosed
vulnerability".

What other such descriptions should we consider before proceeding?
non-disclosure?

         Gadi.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] CORE-2007-0817: Remote Command execution, HTML and JavaScript injection vulnerabilities in AOL's Instant Messaging software, avivra
Next by Date:  Re: [Full-disclosure] 0-day inquiry, Joey Mengele
Previous by Thread:  [Full-disclosure] defining 0day, Gadi Evron
Next by Thread:  Re: [Full-disclosure] defining 0day, Juergen Marester
Indexes:  [Date] [Thread] [Top] [All Lists]