Comments on: IBM sees influx in zero-day exploits

By: srilyk

srilyk — Fri, 05 Sep 2008 12:59:58 +0000

Kris Lamb is apparently an idiot. Why would any sane person suggest

that exploits *not* be published? Sure there may not be a central

authority (that would be a good thing), but not publishing exploits

would be akin to saying “You know what? Exploit all you want, nobody

will realize what you’re doing until it’s too late.”

In addition, publishing exploits forces consumers and publishers alike

to either wake up or get screwed. And if you’re too stupid to secure

your browser, do we *really* want you to have any more money/power than

you already do?

By: Heliosphan

Heliosphan — Wed, 27 Aug 2008 22:58:51 +0000

Agreed with previous comments –
Zero Day was referred to by a certain Mark Russinovich of SysInternals, now Microsoft (who revealed the Sony Rootkit fiasco) that actually means any vulnerabilities not even discovered/reported by official legitimate security firms.
If a single immoral hacker finds a vulnerability in a system and develops an exploit, making money from it or not, and the world knows nothing of it, its a Zero Day exploit.
Wheres this 24 hour from disclosure crap come from!?

By: Eric

Eric — Wed, 27 Aug 2008 06:08:30 +0000

Bit of a “duh” in the Windows world, if I’m reading this correctly. The whole problem with Microsoft going on a set schedule for patches (Patch Tuesday, as it is so called) is that malicious individuals realize the best time to release is just AFTER patch Tuesday, eliminating the possibility of even a last-minute patch. And Microsoft’s stand is that they will not release patches outside of that day unless it is very severe. *shrug*

By: miked

miked — Wed, 27 Aug 2008 05:59:20 +0000

>Anyone know of a blog that is
>like what hack a day used to be?
>Hardware hacks without this
>bullshit wanna be slashdot drivel?

I know one ;)

By: rivetgeek

rivetgeek — Wed, 27 Aug 2008 04:30:51 +0000

Jesus christ. 0-day is not what you think it is. Anyone know of a blog that is like what hack a day used to be? Hardware hacks without this bullshit wanna be slashdot drivel?

By: holycrap

holycrap — Wed, 27 Aug 2008 04:16:11 +0000

You link a Wikipedia article that you didn’t even read? That’s not what 0day is, even Wikipedia knows that: “A zero-day (or zero-hour) attack or threat is a computer threat that tries to exploit unknown, undisclosed or unpatched computer application vulnerabilities.”

UNKNOWN. UNDISCLOSED. UNPATCHED.

Keep making up definitions!

By: G

Wed, 27 Aug 2008 01:47:21 +0000

I thought it’d be common practice for the employees of security companies to be members of exploit rls sites? As they say, you can be whoever you want on the internet.