nCircle.com >> 360 Security >> The Lens

« Default Credentials | Main | scape-goat, n.; Julie Amero »

16 Days

That Solaris telnet vulnerability that was announced back on February 12, yeah, there's a worm for it. No surprise there. But what I'm really wondering is if we can still call it a 'zero-day' vulnerability. Shouldn't it be a 'sixteen-day' vulnerability now?

TrackBack

TrackBack URL for this entry:
http://blog.ncircle.com/cgi-bin/mt-tb.cgi/162

Comments (2)

LonerVamp:

Hehe, 0day became the darling term last year for journalists who wanted to show off that they, too, had learned something technical. Sadly, the word got way too over-used and is sometimes spoken synonymously with "malware" now. Hell, there's even "less-than-zero-day" terms that bastardize the whole point...

Anyway, strictly speaking, I think 0day should be confined only to a vulnerability that is not patched. After a patch is issued, it becomes "you-should-have-patched-your-system-or-implemented-a-workaround-stupid-day."

Ozymandias:

I've come to cringe every time I hear the word nowadays. I wish I had the data to prove that this has to be one of the fastest 1337-to-marketing-speak transitions in the in computing security history. Is there any product that doesn't boldly say it combats 0-days on the front page anymore?

The reason, of course, of why it's frustrating is because zero-day should refer to unknown, unpatched vulnerabilities, not to known but unpatched (or poorly patched in this case).

There's a critical difference between the Word exploit that comes out on exploit Wednesday and the uber-elite OpenBSD-remote-root-straight-to-RAM-and-then-to-PCI-based-rootkit that only intel agencies have. The former you can fix even before the patch - Snort signatures, disabling Word, user education, etc. The latter can only be mitigated by a secure network posture - no matter how elite the hack, it will leave clues throughout your network if it enters. Make your adversaries think twice before using it, since the value of a 0-day is inversely proportional to the number of individuals who know about it.


As Donny Rumsfeld once said: "There are known knowns, there are unknown knowns, and there are unknown unknowns."

The true meaning of zero-days are the latter. Don't let the marketers steal denigrate a word that so well described the risks of network computing.

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

About

This page contains a single entry from the blog posted on February 28, 2007 2:09 PM.

The previous post in this blog was Default Credentials.

The next post in this blog is scape-goat, n.; Julie Amero.

Many more can be found on the main index page or by looking through the archives.

Powered by
Movable Type 3.33