Bugtraq mailing list archives
Re: 0day: PDF pwns Windows
From: Lamont Granquist <lamont () scriptkiddie org>
Date: Mon, 24 Sep 2007 15:57:41 -0700 (PDT)
On Sun, 23 Sep 2007, Chad Perrin wrote:
In the case of that "private zero day exploit", then, nobody will ever know about it except the person that has it waiting in reserve -- and if someone else discovers and patches the vulnerability before the exploit is ever used, it never becomes a "public" zero day exploit. In other words, you can always posit that there's sort of a Heisenbergian state of potential private zero day exploitedness, but in real, practical terms there's no zero day anything unless it's public. The moment you have an opportunity to measure it, the waveforms collapse.
The exploit is not made public by its use. The exploit is not even made public by (back-channel) sharing amongst the hacker/cracker community. The exploit is only made public if detected or the vulnerability is disclosed. Until detected/disclosed the hacker/cracker can use their 31337 0day spl01tz to break into whichever vulnerable machines they like. 0day exploits are valuable because the opposition is ignorant of them.
Posting exploits to BUGTRAQ, however, inherently makes them not 0day...
Current thread:
- Re: [Full-disclosure] 0day: PDF pwns Windows, (continued)
- Re: [Full-disclosure] 0day: PDF pwns Windows Chad Perrin (Sep 21)
- Re: [Full-disclosure] 0day: PDF pwns Windows Wayne D. Hoxsie Jr. (Sep 21)
- Re: [Full-disclosure] 0day: PDF pwns Windows bugtraq (Sep 21)
- Re: [Full-disclosure] 0day: PDF pwns Windows coderman (Sep 21)
- Re: 0day: PDF pwns Windows Casper . Dik (Sep 21)
- Re: 0day: PDF pwns Windows J. Oquendo (Sep 21)
- Re: 0day: PDF pwns Windows Crispin Cowan (Sep 24)
- Re: 0day: PDF pwns Windows Chad Perrin (Sep 24)
- Re: 0day: PDF pwns Windows Crispin Cowan (Sep 24)
- Re: [Full-disclosure] 0day: PDF pwns Windows J. Oquendo (Sep 25)
- Re: 0day: PDF pwns Windows Lamont Granquist (Sep 25)
- Re: 0day: PDF pwns Windows Roland Kuhn (Sep 25)
- RE: 0day: PDF pwns Windows Thor (Hammer of God) (Sep 25)
- defining 0day Gadi Evron (Sep 25)
- Re: defining 0day Brian Loe (Sep 25)
- Re: defining 0day Gadi Evron (Sep 25)
- Re: defining 0day Brian Loe (Sep 25)
- Re: defining 0day Adrian Griffis (Sep 25)
- Re: defining 0day Brian Loe (Sep 25)
- Re: defining 0day Andrew Weaver (Sep 25)
- RE: defining 0day David Gillett (Sep 25)