Can we close this thread now? http://en.wikipedia.org/wiki/Zero_day "A zero-day (or zero-hour) attack is a computer threat that exposes undisclosed or unpatched computer application vulnerabilities. Zero-day attacks take advantage of computer security holes for which no solution is currently available." > Steven Adair wrote: > > Not in my book. I guess the people on this list are working off too many > > different definitions of 0day. 0day to me is something for which there is > > no patch/update at the time of the exploit being coded/used. So if I code > > an exploit for IE right now and they don't patch it until April September > > 2008, it's a 0day exploit for a year. It's not necessarily new and it > > doesn't have to be used maliciously. > > > > If I code an exploit (for which there is no patch) and use it on my own > > servers, does that mean it's not 0day? I don't think so. If my WordPress > > blog gets owned by pwnpress, that's not 0day.. there's patches/updates for > > everything on there. It just makes me an idiot for not upgrading. Now if > > I get hit with some WP exploit that's not patched, then that's another > > [0-day] story. > > > > Steven > > securityzone.org > > > > If you're going to steal a term from the biological community at least > use in in the same context. The biological metaphor is getting > stretched so much that people forget that these terms have meaning > outside the IT realm. > > -- > Wayne D. Hoxsie Jr. > - Robert http://www.cgisecurity.com/
