Re: [Full-disclosure] 0day: PDF pwns Windows
Can we close this thread now?
http://en.wikipedia.org/wiki/Zero_day
"A zero-day (or zero-hour) attack is a computer threat that exposes undisclosed
or unpatched computer application vulnerabilities. Zero-day attacks take
advantage of computer security holes for which no solution is currently
available."
> Steven Adair wrote:
> > Not in my book. I guess the people on this list are working off too many
> > different definitions of 0day. 0day to me is something for which there is
> > no patch/update at the time of the exploit being coded/used. So if I code
> > an exploit for IE right now and they don't patch it until April September
> > 2008, it's a 0day exploit for a year. It's not necessarily new and it
> > doesn't have to be used maliciously.
> >
> > If I code an exploit (for which there is no patch) and use it on my own
> > servers, does that mean it's not 0day? I don't think so. If my WordPress
> > blog gets owned by pwnpress, that's not 0day.. there's patches/updates for
> > everything on there. It just makes me an idiot for not upgrading. Now if
> > I get hit with some WP exploit that's not patched, then that's another
> > [0-day] story.
> >
> > Steven
> > securityzone.org
> >
>
> If you're going to steal a term from the biological community at least
> use in in the same context. The biological metaphor is getting
> stretched so much that people forget that these terms have meaning
> outside the IT realm.
>
> --
> Wayne D. Hoxsie Jr.
>
- Robert
http://www.cgisecurity.com/