 |
 |
You aren't a troll! A 0day is when an exploit comes out, with zero notice to the creator of the software that a problem exists. This has gotten muddled for sure. Yes, your definition also works, but the vandals have (or used to) used 0day to mean that. I've also seen Flash and MS exploits called that, when the companies involved have done nothing for nn months, then the exploit code was released. Not quite the same thing. But the term "0day" is easier to type. ;-) --STeve Andre' On 05/22/14 17:24, David McFarlane wrote: > Steve, > > It also occurs to me that I might be considered a troll in this > thread, in which case you might not want to feed me :). Thanks for > continuing the discussion. > > Cheers, > -- dkm > > > At 5/22/2014 05:20 PM Thursday, you wrote: >> So if a "0day" exploit occurs, why not just say something like, "an >> attack now underway has been discovered against a previously unknown >> [unreported?] vulnerability"? >> >> This is unambiguous, requires no mental unpacking for either experts >> or non-experts, and puts urgent emphasis squarely on the attack >> underway rather than on the vulnerability. >> >> -- dkm >> >> >> At 5/22/2014 04:28 PM Thursday, STeve Andre' wrote: >>> No, "0day" exploits are real and should be noted. What needs >>> improvement >>> is knowing when to use the term. The media seems to need a course >>> on the >>> proper usage of technical terms. >>> >>> We also need a new term for what are limited release exploits, aimed >>> at a >>> specific target. One can only wonder what the vandals will call that. >>> >>> --STeve Andre' >>> >>> On 05/22/14 11:08, David McFarlane wrote: >>>> Well, last time I rushed to judgment without properly reading the >>>> articles, and I stuck my foot in my mouth big-time. Now we have a >>>> new "Zero-day" flaw announced, and this time I'm not the only one >>>> complaining about misuse of the term, as you may see in the >>>> discussion at Slashdot: >>>> >>>> http://it.slashdot.org/story/14/05/21/220225/new-ie-8-zero-day-discovered >>>> >>>> >>>> So it seems that people do use the term just because it "sounds >>>> cool", and it has ceased to mean anything useful. I suggest we get >>>> rid of "zero-day". >>>> >>>> -- dkm >>>> >>>> >>>> At 4/29/2014 03:10 PM Tuesday, David McFarlane wrote: >>>>> About my screed on "0-day": Looks like I need a lesson on reading >>>>> comprehension. As has been kindly pointed out to me, the first >>>>> sentence of the original Microsoft Security Advisory at >>>>> https://technet.microsoft.com/en-us/library/security/2963983.aspx >>>>> says, "Microsoft is aware of limited, targeted attacks ..." I >>>>> would have had to click through an extra link to get to that >>>>> statement, but even the press account that started this thread, in >>>>> the first sentence of the second paragraph, reads, "Attacks taking >>>>> advantage of the vulnerability are largely targeting ..." So this >>>>> does honor the traditional use of "0-day", and I have no excuse. >>>>> >>>>> Mea culpa, >>>>> -- dkm >>>>> >>>>> >>>>> At 4/29/2014 11:42 AM Tuesday, David McFarlane wrote: >>>>>> <editorial> >>>>>> And going off on a tangent here... Have we changed the meaning >>>>>> of "Zero Day Vulnerability"? According to my understanding, and >>>>>> as corroborated by Wikipedia, a "Zero-day attack" refers to a >>>>>> situation where "There are zero days between the time the >>>>>> vulnerability is discovered (and made public), and the first >>>>>> attack." But in this case we have not yet seen any attack, so it >>>>>> would be more proper to refer to this as an n-day vulnerability, >>>>>> where n indicates the number of days since the vulnerability was >>>>>> discovered. Or has "0-day" suffered journalistic inflation, like >>>>>> so much of our terminology? If every discovered vulnerability is >>>>>> now considered "0-day", then what function does the modifier >>>>>> "0-day" serve? What then makes a "0-day" vulnerability different >>>>>> from a non 0-day vulnerability? >>>>>> >>>>>> This is much like the misused term DDoS, where in many cases the >>>>>> first "D" is irrelevant and simply DoS would serve. Sigh. >>>>>> </editorial> >>>>>> >>>>>> -- dkm >>>>>> >>>>>> >>>>>> At 4/29/2014 11:29 AM Tuesday, David Graff wrote: >>>>>>> I agree that this is sensationalist. We have arbitrary code >>>>>>> execution >>>>>>> vulnerabilities against Flash, Acrobat, and Java all the time >>>>>>> and those have >>>>>>> active user bases on par with IE these days. What's one more way to >>>>>>> infiltrate an XP system? >>>>>>> >>>>>>> But, if you're looking for mitigation against unpatched buffer >>>>>>> overrun >>>>>>> attacks Windows, its worth installing the EMET package from >>>>>>> Microsoft and >>>>>>> accepting the default config which will run DEP and SEHOP in >>>>>>> opt-out mode. >>>>>>> >>>>>>> http://www.microsoft.com/en-us/download/details.aspx?id=41138 >>>>>>> >>>>>>> Hopefully the IE sandboxing that UAC creates is also containing >>>>>>> this attack >>>>>>> for anything running Vista and newer. >>>>>>> >>>>>>> On Mon, 28 Apr 2014 14:41:39 -0400, David McFarlane >>>>>>> <[log in to unmask]> wrote: >>>>>>> >>>>>>> >Yet another (less alarmist) perspective on >>>>>>> >this: >>>>>>> >http://steve.grc.com/2014/04/28/a-quick-mitigation-for-interne >>>>>>> t -e x p lorers-new-0-day-vulnerability >>>>>>> > >>>>>>> >-- dkm "What, me worry?" >>>>>>> > >>>>>>> > >>>>>>> >At 4/28/2014 08:57 AM Monday, Murray, Troy wrote: >>>>>>> >>Zero-day exploit in every version of Internet Explorer discovered >>>>>>> >>late yesterday, and XP won't be patched when a fix is released. >>>>>>> >> >>>>>>> >><http://gizmodo.com/new-vulnerability-found-in-every-single-v >>>>>>> e rs i o >>>>>>> n-of-inte-1568383903/+whitsongordon?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+lifehacker%2Ffull+%28Lifehacker%29>http://gizmodo.com/new-vulnerability-found-in-every-single-version-of-inte-1568383903/ > >