RE: Internet Explorer 0day exploit
On Sat, 21 Jul 2007, Ken Kousky wrote:
> Zero day is a serious misnomer from vendors that suggest that the counting
> of time an exposure is known BY THE GOOD GUYS is some kind of trigger date
> when in reality, many serious exploits are know BY THE BAD GUYS so the day
> zero is really months or maybe years prior to the disclosure or notification
> date. Look at the WMF vulnerability that caused a mad rush to patch it once
> the good guys were put on notice. In this case, the vulnerability had been
> present in Windows products since the early 90s and according to Kapersky
> Labs there was even malware being sold that took advantage of it long before
> there was even day zero notification.
I reserve the word 0day to issues that have been found through exploits.
So a 0day exploit is an exploit out in the field were the vulnerability
is/was not publicly known before the exploit was found.
As such it would be a very rough indication of the score of good guys
(writing advisories) and the bad guys (writing exploits).
Hugo.
--
hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/
This message is using 100% recycled electrons.
Some men see computers as they are and say "Windows"
I use computers with Linux and say "Why Windows?"
(Thanks JFK, for the insight.)
討論串 (同標題文章)