This make sense,but if we can't even agree on what the public
perceives
as a threat that they know nothing about,until a patch comes out
or a
full blown exploit shows up ITW (such trivial bullshit),how can we
even
say that we agree on the terms like
disclosure,vulnerability,etc,etc,etc.
How about we all agree that certain things can have different
terms that
mean the same thing.It's all semantics,really.I'm not going to go
to New
Orleans and tell them they speak English all wrong,although an
English
professor might try.
Would he get anywhere?Very doubtful.Same thing applies here.
Cheers, Scott
Gadi Evron wrote:
On Wed, 26 Sep 2007, Charles Miller wrote:
On 26/09/2007, at 5:02 AM, Gadi Evron wrote:
Okay. I think we exhausted the different views, and maybe we
are now
able to come to a conlusion on what we WANT 0day to mean.
What do you, as professional, believe 0day should mean,
regardless
of previous definitions?
As a professional, I would be happy to see terms like '0day'
banished
from the lexicon entirely. It's an essentially meaningless --
all
third-party exploits are zero-day to _somebody_ -- term of
boast
co-opted from the warez scene, and we can do perfectly well
without it.
Quibbling over its precise definition seems a ridiculous waste
of bytes.
It would if we are to stay stuck in our niche, but you need to
remember - security is about niches, we are all experts -- but
in very
specific fields.
These past 2 years we faced multiple targeted attacks with
previously
unknown vulnerabilities. We experience MASSIVE exploitation of
users
with 0days used on web sites and ine mail, etc.
As an industry, as professionals, it is time to get our act
together
on the basics.
I am operations manager for ZERT, and for me, this is indeed at
the
very heart of the matter. How you define this silliness is
directly
linked to how you do two of the most essential parts of
security:
1. Vulnerability disclosure - for researchers.
2. Incident response - for.. responders.
If a vulnerabiliy is fully disclosed, unpatched, being actively
exploited, etc. caused real confusion, and non of us, or any of
the
written material, can agree on the basics.
It's not about fighting on what 0day means as much as it is
about how
we as an industry, a community, conduct ourselves and can reach
a
common language, which directly impacts operations.
So, if WMF was disclosed today after being actively exploited
itw for
a while, what would you call it? How would you respond to it?
How long
would it stay unpatched and when will you realize its
importance?
C
Gadi.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
