Hacker News new | ask | show | jobs
by FLUX-YOU 2846 days ago
>Malware developers have started to use the zero-day exploit for Task Scheduler component in Windows, two days after proof-of-concept code for the vulnerability appeared online.

That's not a zero-day.

It literally stops being a zero-day after the initial day.
1 comments
_wmd 2846 days ago
I don't know what communities you hang around, but there has never been some strict definition of 0day in infosec. 0day colloquially applies to anything circulating that didn't follow reasonable vendor disclosure, as was the case here
link
FLUX-YOU 2846 days ago
The problem with that definition is that sometimes there is mitigation you can do before the vendor can get a patch out and that effectively counters the problem.

It also isn't reasonable when the vendor simply won't or can't patch it (because they've gone out of business). To have it be labeled a zero day forever because the vendor doesn't exist is silly.

I have followed "public knowledge" as the key factor because IT systems in production are complex and some companies actually do defense-in-depth and sometimes vendors are shit.

Using zero day excessively leads to alert fatigue IMO.

link
TeMPOraL 2846 days ago
What? First time I hear of it. Not infosec, and yet I was under impression for years now that in colloquial usage, "0day" means "exploited before the problem was known publicly". It stops being a 0day after any info about it hits the press/social media.
link
_wmd 2846 days ago
A cursory search ( https://www.google.co.uk/search?q=%22patched+zero-day%22 ) reveals many industry sources misusing it following that definition. How can a 0day ever possibly be considered "patched" if the vendor had no knowledge of what the patch is for? etc.
link
Covzire 2846 days ago
Once a zero-day, always a zero-day IMO.
link
op00to 2846 days ago
What is it called the day after you are aware of it. Zero day still? That makes no sense.
link
Doxin 2845 days ago
It makes sense if you think of the identifier "zero day" as a sort of birth-identity.

As far as I'm aware 0day refers to having zero days of notice to fix the bug. That doesn't change the day after it comes out, it's still zero days of notice.

link