[Full-disclosure] Amazon, MSN vulns and.. Yes, we know! Mostsites have vulnerabilities
ltr at isc.upenn.edu
Sat Jun 24 19:32:39 BST 2006
I surely didn't intend for this thread to end up going in the direction it
did. I was basically just trying to say I am concerned with the numerous
advisory/exploit release on the same day. No matter what the reason. And
perhaps there still isn't a definition of 0-day that everyone agrees on. I
basically understand it the way wikipedia has it listed.
Zero-day exploits are released on the same day the vulnerability and,
sometimes, the vendor patch are released to the public. The term derives
from the number of days between the public advisory and the release of the
exploit. The term 'zero-day exploits' is sometimes (mis)used to indicate
publicly known exploits for which no patches yet exist.
If I see Secunia release an initial advisory which has a link to the exploit
on the Milw0rm site I consider that a 0-day exploit. Maybe I am not
looking at it correctly?
In any case, I think MW may have taken my post as an attack on Milw0rm but
that isn't how I meant it to be.
On 6/24/06 2:13 PM, "Valdis.Kletnieks at vt.edu" <Valdis.Kletnieks at vt.edu>
> On Sat, 24 Jun 2006 13:45:47 EDT, Jason said:
>> You have a lot of nerve! It was not too long ago that I recall you being
>> the clueless one on the FD list.
> Aye.. that he was, as we all were at one time (myself included, even if that
> phase *did* predate the creation of FD by more than 2 decades). However,
> Morning has had enough sense to pay attention and acquire at least some
> Having said that, I'll posit that Morning is right - Milw0rm is a site well
> known enough that *by definition* an exploit showing up there moves it from
> '0-day' to 'just another damned unpatched vuln'. After all, 0-day means "an
> unknown exploit you can't defend against because you've never seen it". Which
> is hardly the case for any Milw0rm exploit.
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
David Taylor //Sr. Information Security Specialist
University of Pennsylvania Information Security
Philadelphia PA USA
Penn Information Security RSS feed
Add link to your favorite RSS reader
Full-Disclosure is hosted and sponsored by Secunia.