defining 0day

To: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
Subject: defining 0day
From: Gadi Evron <ge@xxxxxxxxxxxx>
Date: Tue, 25 Sep 2007 14:02:27 -0500 (CDT)
Cc: bugtraq@xxxxxxxxxxxxxxxxx, Chad Perrin <perrin@xxxxxxxxxxxx>, Crispin Cowan <crispin@xxxxxxxxxx>, Casper.Dik@xxxxxxx, "pdp (architect)" <pdp.gnucitizen@xxxxxxxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxxx, Lamont Granquist <lamont@xxxxxxxxxxxxxxxx>, Roland Kuhn <rkuhn@xxxxxxxxxxxxxxxxxxxxxxxxx>
In-reply-to: <F9C0B32C4FFE7147BD0FF6A40BE806E701ABEE@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <6905b1570709200621l2424978cr85de6a4c6939c283@xxxxxxxxxxxxxx> <Pine.LNX.4.62.0709201027590.8741@xxxxxxxxxxxx> <46F2FF36.100@xxxxxxxxxx> <46F5FACF.9010807@xxxxxxxxxx> <20070923235235.GH41180@xxxxxxxxxxxxx> <Pine.GSO.4.60.0709241550120.27986@xxxxxxxxxxxxxxxxxxxxxxx> <64CF0185-2BDE-40D8-9BDC-9E66153186E1@xxxxxxxxxxxxxxxxxxxxxxxxx> <F9C0B32C4FFE7147BD0FF6A40BE806E701ABEE@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>

On Tue, 25 Sep 2007, Thor (Hammer of God) wrote:

For the record, the original term "O-Day" was coined by a dyslexic
security engineer who listened to too much Harry Belafonte while working
all night on a drink of rum.  It's true.  Really.

t

Okay. I think we exhausted the different views, and maybe we are now ableto come to a conlusion on what we WANT 0day to mean.

What do you, as professional, believe 0day should mean, regardless ofprevious definitions?

Obviously, the term has become charged in the past couple of years withthe targeted office vulnerabilities attacks, WMF, ANI, etc.

We require a term to address these, just as much as we do "unpatchedvulnerability" or "fully disclosed vulnerability".

What other such descriptions should we consider before proceeding?non-disclosure?


        Gadi.

Follow-Ups:
- Re: defining 0day
  - From: Charles Miller
- RE: defining 0day
  - From: David Gillett
- Re: defining 0day
  - From: Brian Loe

References:
- 0day: PDF pwns Windows
  - From: pdp (architect)
- Re: 0day: PDF pwns Windows
  - From: Gadi Evron
- Re: 0day: PDF pwns Windows
  - From: Crispin Cowan
- Re: 0day: PDF pwns Windows
  - From: Crispin Cowan
- Re: 0day: PDF pwns Windows
  - From: Chad Perrin
- Re: 0day: PDF pwns Windows
  - From: Lamont Granquist
- Re: 0day: PDF pwns Windows
  - From: Roland Kuhn
- RE: 0day: PDF pwns Windows
  - From: Thor (Hammer of God)

Prev by Date: RE: 0day: PDF pwns Windows
Next by Date: Re: defining 0day
Previous by thread: RE: 0day: PDF pwns Windows
Next by thread: Re: defining 0day
Index(es):
- Date
- Thread