So if a "0day" exploit occurs, why not just say something like, "an
attack now underway has been discovered against a previously unknown
[unreported?] vulnerability"?
This is unambiguous, requires no mental unpacking for either experts
or non-experts, and puts urgent emphasis squarely on the attack
underway rather than on the vulnerability.
-- dkm
At 5/22/2014 04:28 PM Thursday, STeve Andre' wrote:
>No, "0day" exploits are real and should be noted. What needs improvement
>is knowing when to use the term. The media seems to need a course on the
>proper usage of technical terms.
>
>We also need a new term for what are limited release exploits, aimed at a
>specific target. One can only wonder what the vandals will call that.
>
>--STeve Andre'
>
>On 05/22/14 11:08, David McFarlane wrote:
>>Well, last time I rushed to judgment without properly reading the
>>articles, and I stuck my foot in my mouth big-time. Now we have a
>>new "Zero-day" flaw announced, and this time I'm not the only one
>>complaining about misuse of the term, as you may see in the
>>discussion at Slashdot:
>>
>>http://it.slashdot.org/story/14/05/21/220225/new-ie-8-zero-day-discovered
>>
>>So it seems that people do use the term just because it "sounds
>>cool", and it has ceased to mean anything useful. I suggest we get
>>rid of "zero-day".
>>
>>-- dkm
>>
>>
>>At 4/29/2014 03:10 PM Tuesday, David McFarlane wrote:
>>>About my screed on "0-day": Looks like I need a lesson on reading
>>>comprehension. As has been kindly pointed out to me, the first
>>>sentence of the original Microsoft Security Advisory at
>>>https://technet.microsoft.com/en-us/library/security/2963983.aspx
>>>says, "Microsoft is aware of limited, targeted attacks ..." I
>>>would have had to click through an extra link to get to that
>>>statement, but even the press account that started this thread, in
>>>the first sentence of the second paragraph, reads, "Attacks taking
>>>advantage of the vulnerability are largely targeting ..." So this
>>>does honor the traditional use of "0-day", and I have no excuse.
>>>
>>>Mea culpa,
>>>-- dkm
>>>
>>>
>>>At 4/29/2014 11:42 AM Tuesday, David McFarlane wrote:
>>>><editorial>
>>>>And going off on a tangent here... Have we changed the meaning
>>>>of "Zero Day Vulnerability"? According to my understanding, and
>>>>as corroborated by Wikipedia, a "Zero-day attack" refers to a
>>>>situation where "There are zero days between the time the
>>>>vulnerability is discovered (and made public), and the first
>>>>attack." But in this case we have not yet seen any attack, so it
>>>>would be more proper to refer to this as an n-day vulnerability,
>>>>where n indicates the number of days since the vulnerability was
>>>>discovered. Or has "0-day" suffered journalistic inflation, like
>>>>so much of our terminology? If every discovered vulnerability is
>>>>now considered "0-day", then what function does the modifier
>>>>"0-day" serve? What then makes a "0-day" vulnerability different
>>>>from a non 0-day vulnerability?
>>>>
>>>>This is much like the misused term DDoS, where in many cases the
>>>>first "D" is irrelevant and simply DoS would serve. Sigh.
>>>></editorial>
>>>>
>>>>-- dkm
>>>>
>>>>
>>>>At 4/29/2014 11:29 AM Tuesday, David Graff wrote:
>>>>>I agree that this is sensationalist. We have arbitrary code execution
>>>>>vulnerabilities against Flash, Acrobat, and Java all the time
>>>>>and those have
>>>>>active user bases on par with IE these days. What's one more way to
>>>>>infiltrate an XP system?
>>>>>
>>>>>But, if you're looking for mitigation against unpatched buffer overrun
>>>>>attacks Windows, its worth installing the EMET package from Microsoft and
>>>>>accepting the default config which will run DEP and SEHOP in opt-out mode.
>>>>>
>>>>>http://www.microsoft.com/en-us/download/details.aspx?id=41138
>>>>>
>>>>>Hopefully the IE sandboxing that UAC creates is also containing
>>>>>this attack
>>>>>for anything running Vista and newer.
>>>>>
>>>>>On Mon, 28 Apr 2014 14:41:39 -0400, David McFarlane
>>>>><[log in to unmask]> wrote:
>>>>>
>>>>> >Yet another (less alarmist) perspective on
>>>>> >this:
>>>>> >http://steve.grc.com/2014/04/28/a-quick-mitigation-for-internet
>>>>> -e x p lorers-new-0-day-vulnerability
>>>>> >
>>>>> >-- dkm "What, me worry?"
>>>>> >
>>>>> >
>>>>> >At 4/28/2014 08:57 AM Monday, Murray, Troy wrote:
>>>>> >>Zero-day exploit in every version of Internet Explorer discovered
>>>>> >>late yesterday, and XP won't be patched when a fix is released.
>>>>> >>
>>>>> >><http://gizmodo.com/new-vulnerability-found-in-every-single-ve
>>>>> rs i o
>>>>> n-of-inte-1568383903/+whitsongordon?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+lifehacker%2Ffull+%28Lifehacker%29>http://gizmodo.com/new-vulnerability-found-in-every-single-version-of-inte-1568383903/
|