Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Internet Explorer 0day exploit

from [T Biehn] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Internet Explorer 0day exploit
Date: Tue, 24 Jul 2007 20:01:26 -0400 
How does DNS work again, Gadi?

On 7/14/07, Gadi Evron <ge@linuxbox.org> wrote: 

On Sat, 14 Jul 2007, Dragos Ruiu wrote:
> On Tuesday 10 July 2007 08:53, Gadi Evron wrote:
>> To paraphrase Guninski, this is still not a 0day. It is a vulnerability
>> being disclosed.
>
> You're being pedantic Gadi. :-)
>
> We have to accept the term "0day" has passed into
> the realm of meaningless nebulousness along with
> "hacker" and other misused terms.
>
> If we are to be pedantic, the original meaning of
> 0day is new warez release :-).

I think there is still hope for us buddy, at least when professionals make
releases.
For example, instead of saying I'm being pedantic on this (which I am),
you could (also, in addition) reply and say "yep" or "nope", thus
contributing to some discussion. Meaning, we would either make a stand for
our profession or at the very least get educated as we go along.

Some people believe the way to reach a "mature industry" is time, others
believe it's training or in a more specific fashion, certifications. I
don't know what the answer is, and I am sure it isn't terminology (or
certifications, hehe).

I do know though, what a 0day is, and don't intend to compromise it for
the sake of what the press makes of it. It's a strong term and concept
which shouldn't be abused. That or we can decide on a new term for what
0day used to mean. How about "blubla"?

>From professionals, we can expect good language and for their work to
speak for them. We shouldn't compromise on silly things like what 0day
means.

Maybe I will give this up next year, but for now, advisories named "0day"
have disapeared lately. Maybe peer pressure does have some effect.

The above is over-thinking and some could consider it very silly, but for
now, I believe in it. It's just like I resent those among consultants who
conduct themselves in a fashion that makes me ashamed of my profession, as
a far-off analogy.

> cheers,
> --dr
>
> --
> World Security Pros. Cutting Edge Training, Tools, and Techniques
> Tokyo, Japan   November 29/30 - 2007    http://pacsec.jp
> pgpkey http://dragos.com/ kyxpgp
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] Fast HTTP Auth Scanner, Amichai Teumim
Next by Date:  [Full-disclosure] [CAID 35527]: CA Message Queuing (CAM / CAFT) Buffer Overflow Vulnerability, Williams, James K
Previous by Thread:  Re: [Full-disclosure] Internet Explorer 0day exploit, Anupam Mishra
Next by Thread:  Re: [Full-disclosure] Internet Explorer 0day exploit, Paul Szabo
Indexes:  [Date] [Thread] [Top] [All Lists]