No, "0day" exploits are real and should be noted. What needs improvement
is knowing when to use the term. The media seems to need a course on the
proper usage of technical terms.
We also need a new term for what are limited release exploits, aimed at a
specific target. One can only wonder what the vandals will call that.
--STeve Andre'
On 05/22/14 11:08, David McFarlane wrote:
> Well, last time I rushed to judgment without properly reading the
> articles, and I stuck my foot in my mouth big-time. Now we have a new
> "Zero-day" flaw announced, and this time I'm not the only one
> complaining about misuse of the term, as you may see in the discussion
> at Slashdot:
>
> http://it.slashdot.org/story/14/05/21/220225/new-ie-8-zero-day-discovered
>
> So it seems that people do use the term just because it "sounds cool",
> and it has ceased to mean anything useful. I suggest we get rid of
> "zero-day".
>
> -- dkm
>
>
> At 4/29/2014 03:10 PM Tuesday, David McFarlane wrote:
>> About my screed on "0-day": Looks like I need a lesson on reading
>> comprehension. As has been kindly pointed out to me, the first
>> sentence of the original Microsoft Security Advisory at
>> https://technet.microsoft.com/en-us/library/security/2963983.aspx
>> says, "Microsoft is aware of limited, targeted attacks ..." I would
>> have had to click through an extra link to get to that statement, but
>> even the press account that started this thread, in the first
>> sentence of the second paragraph, reads, "Attacks taking advantage of
>> the vulnerability are largely targeting ..." So this does honor the
>> traditional use of "0-day", and I have no excuse.
>>
>> Mea culpa,
>> -- dkm
>>
>>
>> At 4/29/2014 11:42 AM Tuesday, David McFarlane wrote:
>>> <editorial>
>>> And going off on a tangent here... Have we changed the meaning of
>>> "Zero Day Vulnerability"? According to my understanding, and as
>>> corroborated by Wikipedia, a "Zero-day attack" refers to a situation
>>> where "There are zero days between the time the vulnerability is
>>> discovered (and made public), and the first attack." But in this
>>> case we have not yet seen any attack, so it would be more proper to
>>> refer to this as an n-day vulnerability, where n indicates the
>>> number of days since the vulnerability was discovered. Or has
>>> "0-day" suffered journalistic inflation, like so much of our
>>> terminology? If every discovered vulnerability is now considered
>>> "0-day", then what function does the modifier "0-day" serve? What
>>> then makes a "0-day" vulnerability different from a non 0-day
>>> vulnerability?
>>>
>>> This is much like the misused term DDoS, where in many cases the
>>> first "D" is irrelevant and simply DoS would serve. Sigh.
>>> </editorial>
>>>
>>> -- dkm
>>>
>>>
>>> At 4/29/2014 11:29 AM Tuesday, David Graff wrote:
>>>> I agree that this is sensationalist. We have arbitrary code execution
>>>> vulnerabilities against Flash, Acrobat, and Java all the time and
>>>> those have
>>>> active user bases on par with IE these days. What's one more way to
>>>> infiltrate an XP system?
>>>>
>>>> But, if you're looking for mitigation against unpatched buffer overrun
>>>> attacks Windows, its worth installing the EMET package from
>>>> Microsoft and
>>>> accepting the default config which will run DEP and SEHOP in
>>>> opt-out mode.
>>>>
>>>> http://www.microsoft.com/en-us/download/details.aspx?id=41138
>>>>
>>>> Hopefully the IE sandboxing that UAC creates is also containing
>>>> this attack
>>>> for anything running Vista and newer.
>>>>
>>>> On Mon, 28 Apr 2014 14:41:39 -0400, David McFarlane
>>>> <[log in to unmask]> wrote:
>>>>
>>>> >Yet another (less alarmist) perspective on
>>>> >this:
>>>> >http://steve.grc.com/2014/04/28/a-quick-mitigation-for-internet-e
>>>> x p lorers-new-0-day-vulnerability
>>>> >
>>>> >-- dkm "What, me worry?"
>>>> >
>>>> >
>>>> >At 4/28/2014 08:57 AM Monday, Murray, Troy wrote:
>>>> >>Zero-day exploit in every version of Internet Explorer discovered
>>>> >>late yesterday, and XP won't be patched when a fix is released.
>>>> >>
>>>> >><http://gizmodo.com/new-vulnerability-found-in-every-single-vers
>>>> i o
>>>> n-of-inte-1568383903/+whitsongordon?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+lifehacker%2Ffull+%28Lifehacker%29>http://gizmodo.com/new-vulnerability-found-in-every-single-version-of-inte-1568383903/
>
|