Full Disclosure mailing list archives
Re: Amazon, MSN vulns and.. Yes, we know! Mostsites have vulnerabilities
From: David Taylor <ltr () isc upenn edu>
Date: Sat, 24 Jun 2006 14:32:39 -0400
I surely didn't intend for this thread to end up going in the direction it did. I was basically just trying to say I am concerned with the numerous advisory/exploit release on the same day. No matter what the reason. And perhaps there still isn't a definition of 0-day that everyone agrees on. I basically understand it the way wikipedia has it listed. http://en.wikipedia.org/wiki/0-day Zero-day exploits are released on the same day the vulnerability and, sometimes, the vendor patch are released to the public. The term derives from the number of days between the public advisory and the release of the exploit. The term 'zero-day exploits' is sometimes (mis)used to indicate publicly known exploits for which no patches yet exist. If I see Secunia release an initial advisory which has a link to the exploit on the Milw0rm site I consider that a 0-day exploit. Maybe I am not looking at it correctly? In any case, I think MW may have taken my post as an attack on Milw0rm but that isn't how I meant it to be. On 6/24/06 2:13 PM, "Valdis.Kletnieks () vt edu" <Valdis.Kletnieks () vt edu> wrote:
On Sat, 24 Jun 2006 13:45:47 EDT, Jason said:You have a lot of nerve! It was not too long ago that I recall you being the clueless one on the FD list.Aye.. that he was, as we all were at one time (myself included, even if that phase *did* predate the creation of FD by more than 2 decades). However, Morning has had enough sense to pay attention and acquire at least some clue... Having said that, I'll posit that Morning is right - Milw0rm is a site well known enough that *by definition* an exploit showing up there moves it from '0-day' to 'just another damned unpatched vuln'. After all, 0-day means "an unknown exploit you can't defend against because you've never seen it". Which is hardly the case for any Milw0rm exploit. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
================================================== David Taylor //Sr. Information Security Specialist University of Pennsylvania Information Security Philadelphia PA USA (215) 898-1236 http://www.upenn.edu/computing/security/ ================================================== Penn Information Security RSS feed http://www.upenn.edu/computing/security/rss/rssfeed.xml Add link to your favorite RSS reader _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Amazon, MSN vulns and.. Yes, we know! Most sites have vulnerabilities Gadi Evron (Jun 23)
- Re: Amazon, MSN vulns and.. Yes, we know! Most sites have vulnerabilities David Taylor (Jun 23)
- Re: Amazon, MSN vulns and.. Yes, we know! Most sites have vulnerabilities Gadi Evron (Jun 24)
- Re: Amazon, MSN vulns and.. Yes, we know! Most sites have vulnerabilities David Taylor (Jun 24)
- Re: Amazon, MSN vulns and.. Yes, we know! Most sites have vulnerabilities Gadi Evron (Jun 24)
- Re: Amazon, MSN vulns and.. Yes, we know! Most sites have vulnerabilities David Taylor (Jun 24)
- Re: Amazon, MSN vulns and.. Yes, we know! Most sites have vulnerabilities Gadi Evron (Jun 24)
- Re: Amazon, MSN vulns and.. Yes, we know! Mostsites have vulnerabilities Morning Wood (Jun 24)
- Re: Amazon, MSN vulns and.. Yes, we know! Mostsites have vulnerabilities Jason (Jun 24)
- Re: Amazon, MSN vulns and.. Yes, we know! Mostsites have vulnerabilities Valdis . Kletnieks (Jun 24)
- Re: Amazon, MSN vulns and.. Yes, we know! Mostsites have vulnerabilities David Taylor (Jun 24)
- Re: Amazon, MSN vulns and.. Yes, we know! Mostsites have vulnerabilities Jason (Jun 24)
- Re: Amazon, MSN vulns and.. Yes, we know! Most sites have vulnerabilities Gadi Evron (Jun 24)
- Re: Amazon, MSN vulns and.. Yes, we know! Mostsites have vulnerabilities Jason (Jun 24)
- Re: Amazon, MSN vulns and.. Yes, we know! Mostsites have vulnerabilities Morning Wood (Jun 24)
- Re: Amazon, MSN vulns and.. Yes, we know! Most sites have vulnerabilities David Taylor (Jun 23)