Full Disclosure mailing list archives

Re: Internet Explorer 0day exploit

From: Gadi Evron <ge () linuxbox org>
Date: Sat, 14 Jul 2007 21:41:38 -0500 (CDT)

On Sat, 14 Jul 2007, Dragos Ruiu wrote:

On Tuesday 10 July 2007 08:53, Gadi Evron wrote:

To paraphrase Guninski, this is still not a 0day. It is a vulnerability
being disclosed.


You're being pedantic Gadi. :-)

We have to accept the term "0day" has passed into
the realm of meaningless nebulousness along with
"hacker" and other misused terms.

If we are to be pedantic, the original meaning of
0day is new warez release :-).


I think there is still hope for us buddy, at least when professionals make 
releases.
For example, instead of saying I'm being pedantic on this (which I am), 
you could (also, in addition) reply and say "yep" or "nope", thus 
contributing to some discussion. Meaning, we would either make a stand for 
our profession or at the very least get educated as we go along.

Some people believe the way to reach a "mature industry" is time, others 
believe it's training or in a more specific fashion, certifications. I 
don't know what the answer is, and I am sure it isn't terminology (or 
certifications, hehe).

I do know though, what a 0day is, and don't intend to compromise it for 
the sake of what the press makes of it. It's a strong term and concept 
which shouldn't be abused. That or we can decide on a new term for what 
0day used to mean. How about "blubla"?

From professionals, we can expect good language and for their work to

speak for them. We shouldn't compromise on silly things like what 0day 
means.

Maybe I will give this up next year, but for now, advisories named "0day" 
have disapeared lately. Maybe peer pressure does have some effect.

The above is over-thinking and some could consider it very silly, but for 
now, I believe in it. It's just like I resent those among consultants who 
conduct themselves in a fashion that makes me ashamed of my profession, as 
a far-off analogy.

cheers,
--dr

-- 
World Security Pros. Cutting Edge Training, Tools, and Techniques
Tokyo, Japan   November 29/30 - 2007    http://pacsec.jp
pgpkey http://dragos.com/ kyxpgp


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Internet Explorer 0day exploit Thor Larholm (Jul 09)
- Re: Internet Explorer 0day exploit Gadi Evron (Jul 10)
  - Re: Internet Explorer 0day exploit Dragos Ruiu (Jul 14)
    - Re: Internet Explorer 0day exploit Dude VanWinkle (Jul 14)
    - Re: Internet Explorer 0day exploit Gadi Evron (Jul 15)
    - Re: Internet Explorer 0day exploit Anupam Mishra (Jul 24)
    - Re: Internet Explorer 0day exploit T Biehn (Jul 24)
- <Possible follow-ups>
- Re: Internet Explorer 0day exploit Paul Szabo (Jul 10)
  - Re: Internet Explorer 0day exploit LIUDIEYU dot COM (Jul 10)