|
|
BugTraq
0day: PDF pwns Windows Sep 20 2007 01:21PM pdp (architect) (pdp gnucitizen googlemail com) (3 replies) Re: [Full-disclosure] 0day: PDF pwns Windows Sep 21 2007 07:53PM Thierry Zoller (Thierry Zoller lu) (2 replies) Re: [Full-disclosure] 0day: PDF pwns Windows Sep 21 2007 09:21PM Aaron Collins (collinsa ehawaii gov) Re: [Full-disclosure] 0day: PDF pwns Windows Sep 21 2007 09:21PM Kevin Finisterre (lists) (kf_lists digitalmunition com) Re: 0day: PDF pwns Windows Sep 20 2007 03:29PM Gadi Evron (ge linuxbox org) (1 replies) Re: 0day: PDF pwns Windows Sep 20 2007 11:16PM Crispin Cowan (crispin novell com) (2 replies) Re: 0day: PDF pwns Windows Sep 23 2007 05:34AM Crispin Cowan (crispin novell com) (2 replies) Re: 0day: PDF pwns Windows Sep 23 2007 11:52PM Chad Perrin (perrin apotheon com) (2 replies) |
|
Privacy Statement |
On Sun, 23 Sep 2007, Chad Perrin wrote:
> In the case of that "private zero day exploit", then, nobody will ever
> know about it except the person that has it waiting in reserve -- and if
> someone else discovers and patches the vulnerability before the exploit
> is ever used, it never becomes a "public" zero day exploit. In other
> words, you can always posit that there's sort of a Heisenbergian state of
> potential private zero day exploitedness, but in real, practical terms
> there's no zero day anything unless it's public.
>
> The moment you have an opportunity to measure it, the waveforms collapse.
The exploit is not made public by its use. The exploit is not even made
public by (back-channel) sharing amongst the hacker/cracker community.
The exploit is only made public if detected or the vulnerability is
disclosed. Until detected/disclosed the hacker/cracker can use their
31337 0day spl01tz to break into whichever vulnerable machines they like.
0day exploits are valuable because the opposition is ignorant of them.
Posting exploits to BUGTRAQ, however, inherently makes them not 0day...
[ reply ]