Re: 0day: PDF pwns Windows

To: Chad Perrin <perrin@xxxxxxxxxxxx>
Subject: Re: 0day: PDF pwns Windows
From: Crispin Cowan <crispin@xxxxxxxxxx>
Date: Mon, 24 Sep 2007 14:59:21 -0700
Cc: Casper.Dik@xxxxxxx, Gadi Evron <ge@xxxxxxxxxxxx>, "pdp (architect)" <pdp.gnucitizen@xxxxxxxxxxxxxx>, bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
In-reply-to: <20070923235235.GH41180@xxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <6905b1570709200621l2424978cr85de6a4c6939c283@xxxxxxxxxxxxxx> <Pine.LNX.4.62.0709201027590.8741@xxxxxxxxxxxx> <46F2FF36.100@xxxxxxxxxx> <46F5FACF.9010807@xxxxxxxxxx> <20070923235235.GH41180@xxxxxxxxxxxxx>
User-agent: Thunderbird 2.0.0.6 (X11/20070801)

Chad Perrin wrote:
> On Sat, Sep 22, 2007 at 10:34:07PM -0700, Crispin Cowan wrote:
>   
>> A "private 0day exploit" (the case I was concerned with) would be where
>> someone develops an exploit, but does not deploy or publish it, holding
>> it in reserve to attack others at the time of their choosing. Presumably
>> if such a person wanted to keep it for very long, they would have to
>> base it on a vulnerability that they themselves discovered, and did not
>> publish.
>>     
> In the case of that "private zero day exploit", then, nobody will ever
> know about it except the person that has it waiting in reserve -- and if
> someone else discovers and patches the vulnerability before the exploit
> is ever used, it never becomes a "public" zero day exploit.  In other
> words, you can always posit that there's sort of a Heisenbergian state of
> potential private zero day exploitedness, but in real, practical terms
> there's no zero day anything unless it's public.
>
> The moment you have an opportunity to measure it, the waveforms collapse.
>   
Its a little less abstract than that. Consider that the United States
government might want to worry about whether some foreign nation is
banking a large pool of private 0day exploits in preparation for war.
Such a nation might farm these private 0day exploits by employing a pool
of vulnerability researchers and exploit developers, and just not
published the results.

This is a perfectly viable way to produce what amounts to Internet
munitions. The recent incident of Estonia Under *Russian Cyber Attack*?
<http://www.internetnews.com/security/article.php/3678606> is an example
of such a network brush war in which possession of such an arsenal would
be very useful.

Crispin

-- 
Crispin Cowan, Ph.D.               http://crispincowan.com/~crispin/
Director of Software Engineering   http://novell.com
        AppArmor Chat: irc.oftc.net/#apparmor

Follow-Ups:
- Re: [Full-disclosure] 0day: PDF pwns Windows
  - From: J. Oquendo

References:
- 0day: PDF pwns Windows
  - From: pdp (architect)
- Re: 0day: PDF pwns Windows
  - From: Gadi Evron
- Re: 0day: PDF pwns Windows
  - From: Crispin Cowan
- Re: 0day: PDF pwns Windows
  - From: Crispin Cowan
- Re: 0day: PDF pwns Windows
  - From: Chad Perrin

Prev by Date: Re: 0day: PDF pwns Windows
Next by Date: sk.log v0.5.3 Remote File Inclusion
Previous by thread: Re: 0day: PDF pwns Windows
Next by thread: Re: [Full-disclosure] 0day: PDF pwns Windows
Index(es):
- Date
- Thread