Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: 0day: PDF pwns Windows

from [Thor (Hammer of God)] Network Security [Permanent Link]
Subject: RE: 0day: PDF pwns Windows
Date: Tue, 25 Sep 2007 11:39:24 -0700 
For the record, the original term "O-Day" was coined by a dyslexic
security engineer who listened to too much Harry Belafonte while working
all night on a drink of rum.  It's true.  Really.
 
t


-----Original Message-----
From: Roland Kuhn [mailto:rkuhn@e18.physik.tu-muenchen.de]
Sent: Tuesday, September 25, 2007 10:58 AM
To: Lamont Granquist
Cc: Chad Perrin; Crispin Cowan; Casper.Dik@Sun.COM; Gadi Evron; pdp
(architect); bugtraq@securityfocus.com; full-
disclosure@lists.grok.org.uk
Subject: Re: 0day: PDF pwns Windows

On 25 Sep 2007, at 00:57, Lamont Granquist wrote:


The exploit is not made public by its use.  The exploit is not even
made public by (back-channel) sharing amongst the hacker/cracker
community. The exploit is only made public if detected or the
vulnerability is disclosed.  Until detected/disclosed the hacker/
cracker can use their 31337 0day spl01tz to break into whichever
vulnerable machines they like. 0day exploits are valuable because

the

opposition is ignorant of them.

Posting exploits to BUGTRAQ, however, inherently makes them not
0day...


And my ignorant self thought until this thread that the "0" in the

term

referred to the number of days of head start granted to the vendor.
Silly me. Because that would make all vulnerabilities published

without

prior warning to the vendor a "0day"...

Roland (who seems to remember that this was once the meaning of this
term)
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: 0day: PDF pwns Windows, Roland Kuhn
Next by Date:  defining 0day, Gadi Evron
Previous by Thread:  Re: 0day: PDF pwns Windows, Roland Kuhn
Next by Thread:  defining 0day, Gadi Evron
Indexes:  [Date] [Thread] [Top] [All Lists]