Re: Anti-virus coverage of 12122006-djtest.doc Word PoC extremely poor

[Gadi Evron <ge () linuxbox org>]

On Thu, 14 Dec 2006 Valdis.Kletnieks () vt edu wrote:
> On Thu, 14 Dec 2006 06:34:47 CST, Gadi Evron said:
> > On Thu, 14 Dec 2006, Juha-Matti Laurio wrote:
> > > This has been confirmed as totally new, third zero-day vulnerability in Wor
> d, which is the reason of missing protection with the most recent McAfee DATs e
> tc.
> > > Related SecuriTeam entry has been updated.
> >
> > Okay, but let's try to call not call it a 0day.
>
> Forget it Gadi, we've lost that battle, just as we did many years ago for
> 'hacker vs cracker'.
>
> Remember - the number of people who have actually gotten whacked by what
> used to be called a 0-day is *very* limited.  For the vast majority of actual
> users out there, the *vastly* bigger threats are:
>
> 1) Disclosed vulnerabilities with exploits and no available patches.
> 2) Disclosed vulnerabilities with exploits and no installed patches.
>
> (and of course (3) getting whacked by clicking on something that promises
> pictures of Britney Spears dancing with naked hamsters, or some such...)

This battle is not lost. If we call it the right name and talk to the
press using the right terms, it is not lost yet. Maybe it should be, but
it is really confusing when it gets to the professional community.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.