<<< Date Index >>>     <<< Thread Index >>>

Re: [Full-disclosure] 0day: PDF pwns Windows



Can we close this thread now?

http://en.wikipedia.org/wiki/Zero_day

"A zero-day (or zero-hour) attack is a computer threat that exposes undisclosed 
or unpatched computer application vulnerabilities. Zero-day attacks take 
advantage of computer security holes for which no solution is currently 
available."


> Steven Adair wrote:
> > Not in my book.  I guess the people on this list are working off too many
> > different definitions of 0day.  0day to me is something for which there is
> > no patch/update at the time of the exploit being coded/used.  So if I code
> > an exploit for IE right now and they don't patch it until April September
> > 2008, it's a 0day exploit for a year.  It's not necessarily new and it
> > doesn't have to be used maliciously.
> > 
> > If I code an exploit (for which there is no patch) and use it on my own
> > servers, does that mean it's not 0day?  I don't think so.  If my WordPress
> > blog gets owned by pwnpress, that's not 0day.. there's patches/updates for
> > everything on there.  It just makes me an idiot for not upgrading.  Now if
> > I get hit with some WP exploit that's not patched, then that's another
> > [0-day] story.
> > 
> > Steven
> > securityzone.org
> > 
> 
> If you're going to steal a term from the biological community at least 
> use in in the same context.  The biological metaphor is getting 
> stretched so much that people forget that these terms have meaning 
> outside the IT realm.
> 
> -- 
> Wayne D. Hoxsie Jr.
> 
- Robert
http://www.cgisecurity.com/