[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] 0-day "vulnerability"
- To: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] 0-day "vulnerability"
- From: Curt Purdy <infosysec@xxxxxxxxx>
- Date: Thu, 28 Oct 2010 12:50:34 -0400
Right as usual t-man, but while we are doing F&Ws job for them,
"Remote code execution" is: any program you can run on a machine you
can't touch (for further explanation, "man touch").
Curt
On Thu, Oct 28, 2010 at 12:35 PM, Thor (Hammer of God)
<thor@xxxxxxxxxxxxxxx> wrote:
> None of this really matters. People will call it whatever they want to.
> Generally, all software has some sort of vulnerability. If they want to
> call the process of that vulnerability being communicated for the first time
> "0 day vulnerability" then so what.
>
> The industry can't (and won't) even come up with what "Remote Code Execution"
> really means, so trying to standardize disclosure nomenclature is a waste of
> time IMO.
> t
>
>>-----Original Message-----
>>From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx [mailto:full-disclosure-
>>bounces@xxxxxxxxxxxxxxxxx] On Behalf Of w0lfd33m@xxxxxxxxx
>>Sent: Thursday, October 28, 2010 9:25 AM
>>To: Curt Purdy; full-disclosure-bounces@xxxxxxxxxxxxxxxxx; full-
>>disclosure@xxxxxxxxxxxxxxxxx
>>Subject: Re: [Full-disclosure] 0-day "vulnerability"
>>
>>Yep. Totally agree. Vulnerability exists in the system since it has been
>>developed. It is just the matter when it has been disclosed or being
>>exploited.
>>
>>I would suggest " 0 day disclosure" instead of "0 day vulnerability" :)
>>
>>
>>------Original Message------
>>From: Curt Purdy
>>Sender: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
>>To: full-disclosure@xxxxxxxxxxxxxxxxx
>>Subject: [Full-disclosure] 0-day "vulnerability"
>>Sent: Oct 28, 2010 8:48 PM
>>
>>Sorry to rant, but I have seen this term used once too many times to sit idly
>>by. And used today by what I once thought was a respectable infosec
>>publication (that will remain nameless) while referring to the current Firefox
>>vulnerability (that did, by the way, once have a 0-day
>>sploit) Also, by definition, a 0-day no longer exists the moment it is
>>announced ;)
>>
>>For once and for all: There is no such thing as a "zero-day vulnerability"
>>(quoted), only a 0-day exploit...
>>
>>Curt Purdy CISSP, GSNA, GSEC, MCSE+I, CCNA
>>
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>>Sent from BlackBerry(r) on Airtel
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/