I was under the impression that "0day" came from the hacking/cracking
community and was synonymous with the concept of "private 0day" that has
been used in this thread.
So, a hacker/cracker would have a variety of tools at their disposal
including many exploits that were known to security professionals,
vendors, and the public for various lengths of time, but also the "0day"
exploits for which no vulnerable machines should be patched against. As
soon as the vulnerability is published, it no longer becomes a "0day"
since even in the absence of vendor patches, admins could take actions to
audit and protect their systems.
Under this definition, "0day" exploits should be not publically disclosed
and to be pedantic should be actively being used to break into systems.
Exploits generated by the grey-hat community, not used for malicious
reasons, and published before vendor patches exist would not have gone
through the "0day" stage. Neither would exploits generated for publically
known vulnerabilities before the vendor patches were released would be
considered "0day" since the vulnerability was publically known and again
there could be workarounds encountered by the hacker/cracker that would
prevent gaining access.
It seems that the definition of the term has morphed in the past 10+ years
though...
On Sat, 22 Sep 2007 johanfunsale@xxxxxxxxx wrote:
I think we're missing the point. To my very limited knowledge, a zero
day vulnerability is a vulnerability that is released into the wild
before the vendor has notified its customers thereof, i.e. the person
who discovered the vulnerability decides to release it to parties other
than the vendor in question.
This will most likely lead to a zero day exploit, which is an exploit
that "exploits" the vulnerability before the vendor releases a patch for
that vulnerability.
This is just my view, but if it makes sense, use it as your own.
Regards,
Johan
