Re: defining 0day

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: defining 0day
From: Chad Perrin <perrin@xxxxxxxxxxxx>
Date: Wed, 26 Sep 2007 17:10:32 -0600
In-reply-to: <200709262325.l8QNPUli007709@xxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <Pine.LNX.4.62.0709201027590.8741@xxxxxxxxxxxx> <46F2FF36.100@xxxxxxxxxx> <46F5FACF.9010807@xxxxxxxxxx> <20070923235235.GH41180@xxxxxxxxxxxxx> <Pine.GSO.4.60.0709241550120.27986@xxxxxxxxxxxxxxxxxxxxxxx> <64CF0185-2BDE-40D8-9BDC-9E66153186E1@xxxxxxxxxxxxxxxxxxxxxxxxx> <F9C0B32C4FFE7147BD0FF6A40BE806E701ABEE@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <Pine.LNX.4.62.0709251359490.25733@xxxxxxxxxxxx> <500BE702-BB9B-47E8-A96F-AD6B67C0B408@xxxxxxxxxxxx> <200709262325.l8QNPUli007709@xxxxxxxxxxxxxxx>
User-agent: Mutt/1.4.2.3i

On Wed, Sep 26, 2007 at 04:25:30PM -0700, Zow Terry Brugger wrote:
> > As a professional, I would be happy to see terms like '0day' banished  
> > from the lexicon entirely. It's an essentially meaningless -- all  
> > third-party exploits are zero-day to _somebody_ -- term of boast co- 
> > opted from the warez scene, and we can do perfectly well without it.
> 
> I'd accept that. Can we agree on a term that means: "Right now you're 
> learning about a vulnerability for which there is a working exploit, and no 
> way to protect yourself short of impacting the availability of your systems 
> by unplugging them or disabling the affected service."?
> 
> I'd propose "unpatched vulnerability with known working exploit", but it's 
> kind of verbose, and I don't think some of the kids joining our ranks can 
> string that many complete words together anymore (too much texting).

UV:WE

  Unpatched Vulnerability: Working Exploit

. . . or maybe "zero day exploit".

-- 
CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ]
Brian K. Reid: "In computer science, we stand on each other's feet."

Follow-Ups:
- RE: defining 0day
  - From: Marvin Simkin

References:
- Re: 0day: PDF pwns Windows
  - From: Gadi Evron
- Re: 0day: PDF pwns Windows
  - From: Crispin Cowan
- Re: 0day: PDF pwns Windows
  - From: Crispin Cowan
- Re: 0day: PDF pwns Windows
  - From: Chad Perrin
- Re: 0day: PDF pwns Windows
  - From: Lamont Granquist
- Re: 0day: PDF pwns Windows
  - From: Roland Kuhn
- RE: 0day: PDF pwns Windows
  - From: Thor (Hammer of God)
- defining 0day
  - From: Gadi Evron
- Re: defining 0day
  - From: Charles Miller
- Re: defining 0day
  - From: Zow

Prev by Date: [ GLSA 200709-16 ] Lighttpd: Buffer overflow
Next by Date: [ MDKSA-2007:189 ] - Updated t1lib packages fix vulnerability
Previous by thread: Re: defining 0day
Next by thread: RE: defining 0day
Index(es):
- Date
- Thread