Talk:Zero day

From Wikipedia, the free encyclopedia

Contents 1 0day warez and exploits 2 Wikipedia's search not working?? 3 Remove External Link 4 Vulnerabilities versus Exploits 5 Please Write Me Better 6 the scene 7 Illegal on 0Day? 8 0day public or not? 9 Examples of 0day or -day? 10 This is WRONG on so many levels 11 Improvements 12 Huh? 13 I think that zero day means before the patch, not on the same day. 14 Merge 15 Yes, Merge them 16 Merge them, and correct the errors

[edit] 0day warez and exploits

should these be in separate articles

can we remove stub status from this?

Go for it!. If someone disagrees then the issue can be discussed here. Ellsworth 23:37, 6 May 2005 (UTC)

[edit] Wikipedia's search not working??

I tried doing a search for Zero day but couldn't find a link to this article in the search results... can someone else please try it and confirm this?? Hulleye 09:59, 10 November 2005 (UTC)

Interesting ... i went through all the results for "Zero day" both with and without quotations and this page did not come up as a result.  ALKIVAR™ 10:04, 10 November 2005 (UTC)

Any idea who the appropriate person/link to complain to about this might be?? Hulleye 10:05, 10 November 2005 (UTC)

Seems whatever the problem was, it's been fixed. Typing in Zero day into the search bar now brings me directly to this page. Though perhaps there should be a disambiguation link to distinguish it from the Zero Day page. Hulleye 12:14, 10 November 2005 (UTC)

Perhaps we should move it back to 0-day?  ALKIVAR™ 19:19, 10 November 2005 (UTC)

[edit] Remove External Link

It looks like the external link is pointing to a site wanting to people to sign up for their courses. I've gone ahead and removed it. If anyone has a publicly available site that "teaches" things about this then post that one.

[edit] Vulnerabilities versus Exploits

This article confuses the terms vulnerability and exploit. It treats them as the same thing which they are not (see RFC 2828). -- AlastairR 22:29, 25 April 2006 (UTC)

Ok, the rfc is great, but it does not give a clear distiction between an vuln and an exploit. Also in some cases the article does appear to treat a vuln and an exploit as though they are different. You are right, this needs to be much clearer in the article.

[edit] Please Write Me Better

If I were a fan of a game, say, I would wait outside the store all night. Then on release day, I would buy the game -- right then and there on Zero Day! I would put it in my machine and, barring glitches, it would work! Right then and there on Zero Day! And it would be absolutely legal!

• Zero day or 0day refers to software, videos, music, or information unlawfully released or obtained on the day of public release. -- so according to the article, if it's not unlawfully obtained, it's not 0day

[edit] the scene

Please describe how the game software is obtained illegally, copied and modified (internationalized) and distributed illegally, and advertised illegally. Give historical examples. I can't tell what is going on in this article. --129.10.14.223 00:07, 28 June 2006 (UTC)

• see The Scene

[edit] Illegal on 0Day?

The head in a way says that Zero-day products can only be obtained illegally, but how is that possible when you can get the stuff on the day of the public release. If I'm not utterly mistaking a public release means that everybody can buy a product, legally of course.

• Zero day or 0day refers to software, videos, music, or information unlawfully released or obtained on the day of public release. -- so according to the article, if it's not unlawfully obtained, it's not 0day

[edit] 0day public or not?

As I see it, this article contradicts itself.

1. "The term derives from the number of days between the public advisory and the release of the exploit"
2. "zero-day attacks are generally unknown to the public"

The first does implies that 0days vulnerabilities AND the exploits are publicly known, and that there may even be a patch, while the second strongly implies that there is no patch for the vulnerability (if we assume that we know what a released patch does)

The second point agrees with what I think 0day is (wrt security): sploits (or maybe even vulnerabilities that don't yet have sploits created for them) that someone has found/created. Once the vulnerability and/or sploit is public, new stuff is no longer 0day. Time zero is when the vulnerability becomes publicly known, and any vuln or sploit created before that time is 0day.

This (my) interpretation is used when people say "I'm only running OpenSSH on that box, and I don't think it has any 0days" (this from someone absolutely would know if the 0day was public). Note that a 0day doesn't have to be released to be a 0day, ever, even when the vulnerabilty becomes known. This for example is still to my knowledge still not released publicly, and was coded (and used) before any vuln was known. (on KTH for example).

[edit] Examples of 0day or -day?

Would it be possible to provide examples of 0day or -day software? Such as the FCKGW version of Windows, or even an album obtained illegally as -day or 0day?

[edit] This is WRONG on so many levels

Zero day is/was the release date of cracked software from the cracking groups, i.e. PARADOX. Because most posters in Usenet used "X-no archive" in their headers, there isn't much of a trail left. Exploits were *never* a part of the scene and those who wrote them were "script-kiddies".

[edit] Improvements

1) This article mashes together two different topics. It would be confusing to treat these subjects as unrelated since a reader might not find both explanations if they are in separate articles. Leading with an introductory paragraph that highlights the meanings of Zero-Day so that the disucssion can branch out in a logical way will help
2) The first topic makes a brief & hazy explanation, then abruptly runs into the second topic
3) Both topics lack examples to help the reader to better understand the topic
4) Lack of references as to the origins of the term Zero-Day for either topic tells the reader that the author(s) lack the expertise to be writing about this subject
5) Writing mechanics are suffering here. Either run a draft through a spelling & grammar check or have these submissions read by several people who have a background in English grammar
6) Definitely merge the first topic with the other page. This gives the reader the breadth of the term's meanings

Cheers!

--Sandman619 08:02, 6 December 2006 (UTC)

[edit] Huh?

Neither article explains "zero-day" attack to me. If it only means "a software exploit released the same day as the exploited software, indicating nonpublic access to the software" why all the verbiage? And if it does mean that, why does it make any difference in the response time (which is a function of exploit discovery, not software or exploit release)? —The preceding unsigned comment was added by 75.32.23.77 (talk) 04:53, 8 December 2006 (UTC).

[edit] I think that zero day means before the patch, not on the same day.

This entry seems to make one thing clear to me - zero day is a bit of jargon that means different things to different people. I accept that many, possibly even most, definitions attempted on the web say that zero day means an exploit available on the same day as a patch is published.

But when people are using the term, rather than defining it, they are talking about the time before a patch is published. On the patching timelines, day zero goes from when the vulnerability is discovered to day 1, which is when the patch appears.

For example, http://research.eeye.com/html/alerts/zeroday/index.html http://www.securityfocus.com/columnists/377

Day one exploits are a problem but aren't half as big a headache for security managers as those for which there is no fix and no prospect of a fix. That is why they are such a big deal.

Yakheart 12:12, 11 December 2006 (UTC)

[edit] Merge

I support a disambig page, not a merge. -Slash- 06:19, 22 December 2006 (UTC)

[edit] Yes, Merge them

I think the two articles should be merged as the term zero-day inevitably refers to the attacks that it can produce. The vulnerability and the exploit are indisputably intertwined.

--Njkmohan 16:54, 28 December 2006 (UTC)

[edit] Merge them, and correct the errors

The term "zero-day exploit" has been so abused by the media as to be meaningless. It is now just a buzz-word used for any unpatched vulnerability, whereas originally it meant an exploit that takes advantage of a vulnerability that has yet to be discovered by the vendor (and hence is unpatched).

It is based on the time between when the vulnerability is known and when an exploit based on it is released. If the exploit is released before the vulnerability is known about, it's a zero-day exploit.

SecuritySearch.com netsecurity.about.com

It has two significant features:

• it is an actual exploit, not just a vulnerability, and
• generally it shows the vulnerability is easy to exploit, since someone has been able to discover and exploit it before the vendor or anyone else found it.

Finally, this discussion has been going on for nearly a year, is anyone going to actually merge the pages? —The preceding unsigned comment was added by 203.206.51.155 (talk) 00:23, 28 January 2007 (UTC).