PC Review


Reply
Thread Tools Rate Thread

Do we really need to keep using "zero-day" term?

 
 
VIrus Guy
Guest
Posts: n/a
 
      16th Feb 2012
I understand the term "zero-day" to mean that what-ever it is, it is in
effect right now (not X days from now).

Does anyone know the history of the usage of that term? When did it
start to be used?

What are examples of a "non zero-day" thing? (by thing, I could mean a
vulnerability or an exploit).

When was the last "non-zero-day" vulnerability or exploit?

This was the story that sparked my question:

=====================
Adobe confirms new zero-day Flash bug

http://www.computerworld.com/s/artic..._day_Flash_bug
=====================

So here's a side question:

How can a bug be called "zero-day?

Is there an example of a bug or vulnerability that is, say , 5-day? Or
10-day? Or 30-day?

How can a piece of code (like flash) be anything other than "zero-day"?
Isin't it like saying:

"well, we know that flash has a bug or vulnerability, but
because of the peculiarities of its coding it won't actually
become exploitable until X days from now"

Is such a phenomena possible?

If not, then why refer to a bug as "X day" in the first place?
 
Reply With Quote
 
 
 
 
FromTheRafters
Guest
Posts: n/a
 
      16th Feb 2012
VIrus Guy wrote:
> I understand the term "zero-day" to mean that what-ever it is, it is in
> effect right now (not X days from now).
>
> Does anyone know the history of the usage of that term? When did it
> start to be used?
>
> What are examples of a "non zero-day" thing? (by thing, I could mean a
> vulnerability or an exploit).
>
> When was the last "non-zero-day" vulnerability or exploit?
>
> This was the story that sparked my question:
>
> =====================
> Adobe confirms new zero-day Flash bug
>
> http://www.computerworld.com/s/artic..._day_Flash_bug
> =====================
>
> So here's a side question:
>
> How can a bug be called "zero-day?
>
> Is there an example of a bug or vulnerability that is, say , 5-day? Or
> 10-day? Or 30-day?
>
> How can a piece of code (like flash) be anything other than "zero-day"?
> Isin't it like saying:
>
> "well, we know that flash has a bug or vulnerability, but
> because of the peculiarities of its coding it won't actually
> become exploitable until X days from now"
>
> Is such a phenomena possible?
>
> If not, then why refer to a bug as "X day" in the first place?


Usually, zero-day just means it hasn't been addressed with a patch yet -
IOW it is *still* an exploitable vulnerability as of the time of writing.

Could be 'zero-year' or zero-decade' with some vulnerabilities having
been exploited for years before being addressed.
 
Reply With Quote
 
 
 
 
kurt wismer
Guest
Posts: n/a
 
      16th Feb 2012
On Feb 16, 9:42*am, VIrus Guy <(E-Mail Removed)> wrote:
> I understand the term "zero-day" to mean that what-ever it is, it is in
> effect right now (not X days from now).


umm, nope. as i understand it, the X-day term bled into the security
lexicon from the warez scene, where for example you might find a BBS
(yeah, this is back in the really old days) that would only accept
uploads of 3-day warez or less (ie. it was officially released at most
3 days ago). the X-day terminology may originally come from something
even before the warez scene but that would be before my time.

in security, a 0-day bug is one that's released before a patch for the
bug is available. a bug that is released *after* the patch is made
available never gets called a 0-day (although they technically all
start out as 0-days). in fact, after patches are released i'm pretty
sure we no longer say they are 0-days, we say they were 0-days.

the adoption of the term hasn't been perfect, i've never heard of a 1-
day, 2-day, 3-day, etc. vulnerability, but the general meaning of 0-
day as something that is 'as new as it gets' is carried through to the
adoptive field.
 
Reply With Quote
 
Dustin
Guest
Posts: n/a
 
      16th Feb 2012
VIrus Guy <(E-Mail Removed)> wrote in news:(E-Mail Removed):

> I understand the term "zero-day" to mean that what-ever it is, it is
> in effect right now (not X days from now).


Sort of.

> Does anyone know the history of the usage of that term? When did it
> start to be used?


The warez scene, back when BBSes were the rage. It meant new software upto
3 days old. You had to have status to get in that early.

If not, then why refer to a bug as "X day" in the first place?



--
Character is doing the right thing when nobody's looking. There are too
many people who think that the only thing that's right is to get by, and
the only thing that's wrong is to get caught. - J.C. Watts
 
Reply With Quote
 
David H. Lipman
Guest
Posts: n/a
 
      16th Feb 2012
From: "Dustin" <(E-Mail Removed)>

> VIrus Guy <(E-Mail Removed)> wrote in news:(E-Mail Removed):
>
>> I understand the term "zero-day" to mean that what-ever it is, it is
>> in effect right now (not X days from now).

>
> Sort of.
>
>> Does anyone know the history of the usage of that term? When did it
>> start to be used?

>
> The warez scene, back when BBSes were the rage. It meant new software upto
> 3 days old. You had to have status to get in that early.
>


news:alt.binaries.warez.0-day


> If not, then why refer to a bug as "X day" in the first place?
>
>



--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp


 
Reply With Quote
 
Bear
Guest
Posts: n/a
 
      17th Feb 2012
On 2/16/2012 8:42 AM, VIrus Guy wrote:
> I understand the term "zero-day" to mean that what-ever it is, it is in
> effect right now (not X days from now).
>
> Does anyone know the history of the usage of that term? When did it
> start to be used?
>
> What are examples of a "non zero-day" thing? (by thing, I could mean a
> vulnerability or an exploit).
>
> When was the last "non-zero-day" vulnerability or exploit?
>
> This was the story that sparked my question:
>
> =====================
> Adobe confirms new zero-day Flash bug
>
> http://www.computerworld.com/s/artic..._day_Flash_bug
> =====================
>
> So here's a side question:
>
> How can a bug be called "zero-day?
>
> Is there an example of a bug or vulnerability that is, say , 5-day? Or
> 10-day? Or 30-day?
>
> How can a piece of code (like flash) be anything other than "zero-day"?
> Isin't it like saying:
>
> "well, we know that flash has a bug or vulnerability, but
> because of the peculiarities of its coding it won't actually
> become exploitable until X days from now"
>
> Is such a phenomena possible?
>
> If not, then why refer to a bug as "X day" in the first place?


this is a very weird question IMO.

--
Bear
http://bearware.info
The real Bear's header path is:
news.sunsite.dk!dotsrc.org!filter.dotsrc.org!news.dotsrc.org!not-for-mail
 
Reply With Quote
 
FromTheRafters
Guest
Posts: n/a
 
      17th Feb 2012
Bear wrote:
> On 2/16/2012 8:42 AM, VIrus Guy wrote:
>> I understand the term "zero-day" to mean that what-ever it is, it is in
>> effect right now (not X days from now).
>>
>> Does anyone know the history of the usage of that term? When did it
>> start to be used?
>>
>> What are examples of a "non zero-day" thing? (by thing, I could mean a
>> vulnerability or an exploit).
>>
>> When was the last "non-zero-day" vulnerability or exploit?
>>
>> This was the story that sparked my question:
>>
>> =====================
>> Adobe confirms new zero-day Flash bug
>>
>> http://www.computerworld.com/s/artic..._day_Flash_bug
>>
>> =====================
>>
>> So here's a side question:
>>
>> How can a bug be called "zero-day?
>>
>> Is there an example of a bug or vulnerability that is, say , 5-day? Or
>> 10-day? Or 30-day?
>>
>> How can a piece of code (like flash) be anything other than "zero-day"?
>> Isin't it like saying:
>>
>> "well, we know that flash has a bug or vulnerability, but
>> because of the peculiarities of its coding it won't actually
>> become exploitable until X days from now"
>>
>> Is such a phenomena possible?
>>
>> If not, then why refer to a bug as "X day" in the first place?

>
> this is a very weird question IMO.
>

I agree, especially since "bug" is not well defined within this thread.

Zero-day as it applies to software exploits is different from zero-day
as it applies to non-software exploit based malware. If by "bug" he
means 'software flaw' then such a 'bug' can exist for a long time
without any vulnerability or exploit ever existing because of it. So
'zero-day' becomes closer to 'forever-day' in such a case.
 
Reply With Quote
 
kurt wismer
Guest
Posts: n/a
 
      17th Feb 2012
On Feb 16, 6:57*pm, FromTheRafters <(E-Mail Removed)> wrote:
[snip]
> I agree, especially since "bug" is not well defined within this thread.
>
> Zero-day as it applies to software exploits is different from zero-day
> as it applies to non-software exploit based malware. If by "bug" he
> means 'software flaw' then such a 'bug' can exist for a long time
> without any vulnerability or exploit ever existing because of it. So
> 'zero-day' becomes closer to 'forever-day' in such a case.


umm, the software flaw IS the vulnerability. they are synonyms.
 
Reply With Quote
 
FromTheRafters
Guest
Posts: n/a
 
      17th Feb 2012
kurt wismer wrote:
> On Feb 16, 6:57 pm, FromTheRafters<(E-Mail Removed)> wrote:
> [snip]
>> I agree, especially since "bug" is not well defined within this thread.
>>
>> Zero-day as it applies to software exploits is different from zero-day
>> as it applies to non-software exploit based malware. If by "bug" he
>> means 'software flaw' then such a 'bug' can exist for a long time
>> without any vulnerability or exploit ever existing because of it. So
>> 'zero-day' becomes closer to 'forever-day' in such a case.

>
> umm, the software flaw IS the vulnerability. they are synonyms.


I disagree, not all types of flaws in software lead to that software
being vulnerable to attack. If the flaw is of a type that might allow
some sort of an attack, it is a vulnerability.

I remember OE used to have something like that - where when the subject
line exceeded 255 characters, any further characters would push the
previous ones into the space where the attachment name is supposed to
go. If this was an overflowing buffer situation, then I would call it a
flaw but not a vulnerability.


 
Reply With Quote
 
Virus Guy
Guest
Posts: n/a
 
      17th Feb 2012
FromTheRafters wrote:

> > umm, the software flaw IS the vulnerability. they are synonyms.

>
> I disagree, not all types of flaws in software lead to that software
> being vulnerable to attack.


What do you think we're talking about here?

I even gave an example - a new so-called "zero-day" bug in Flash player.

So again:

What concept or idea is being conveyed when you call a vulnerability a
"zero-day" vulnerability?

And what concept or idea is being expressed when you call an exploit a
"zero-day" exploit?
 
Reply With Quote
 
 
 
Reply

Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Really really really budget build! Waynos_Face General 7 26th Jun 2008 04:33 PM
I really, really really need help =?Utf-8?B?V29ybGRv?= Windows XP Help 3 29th May 2005 02:53 PM
Really Really Confused!! Need help. Joe Schmo Windows XP General 4 13th May 2004 01:05 AM
really slow computer really getting really annoying...really roro Windows XP General 5 30th Nov 2003 07:28 PM
really slow computer really getting really annoying...really roro Windows XP Hardware 7 30th Nov 2003 07:28 PM


Features
 

Advertising
 

Newsgroups
 


All times are GMT +1. The time now is 12:40 AM.