Re: 0day: PDF pwns Windows

Chad Perrin wrote:
On Sat, Sep 22, 2007 at 10:34:07PM -0700, Crispin Cowan wrote:

A "private 0day exploit" (the case I was concerned with) would be where
someone develops an exploit, but does not deploy or publish it, holding
it in reserve to attack others at the time of their choosing. Presumably
if such a person wanted to keep it for very long, they would have to
base it on a vulnerability that they themselves discovered, and did not
publish.

In the case of that "private zero day exploit", then, nobody will ever
know about it except the person that has it waiting in reserve -- and if
someone else discovers and patches the vulnerability before the exploit
is ever used, it never becomes a "public" zero day exploit. In other
words, you can always posit that there's sort of a Heisenbergian state of
potential private zero day exploitedness, but in real, practical terms
there's no zero day anything unless it's public.

The moment you have an opportunity to measure it, the waveforms collapse.

Its a little less abstract than that. Consider that the United States
government might want to worry about whether some foreign nation is
banking a large pool of private 0day exploits in preparation for war.
Such a nation might farm these private 0day exploits by employing a pool
of vulnerability researchers and exploit developers, and just not
published the results.

This is a perfectly viable way to produce what amounts to Internet
munitions. The recent incident of Estonia Under *Russian Cyber Attack*?
<http://www.internetnews.com/security/article.php/3678606> is an example
of such a network brush war in which possession of such an arsenal would
be very useful.

Crispin

--
Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/
Director of Software Engineering http://novell.com
AppArmor Chat: irc.oftc.net/#apparmor

Relevant Pages

  • Re: [Full-disclosure] 0day: PDF pwns Windows
    ... it in reserve to attack others at the time of their choosing. ... it never becomes a "public" zero day exploit. ... banking a large pool of private 0day exploits in preparation for war. ... The recent incident of Estonia Under *Russian Cyber Attack*? ...
    (Full-Disclosure)
  • Re: Fw: Royalty for Commoners OT
    ... What public knowledge about me sharing a posters private e-mail? ... I do not need to encourage Peter Stewart to attack/disagree with you, you do give that encouragement yourself abundantly and continually. ... matter of public knowledge that you've shared another poster's PRIVATE ... Did I encourage Peter Stewart to attack people? ...
    (soc.genealogy.medieval)
  • RE: Definition of Zero Day Protection
    ... ability to precisely recognize it. ... have to know WHICH one it is, but rather recognize it as an attack based ... but that's not part of the 'zero day' concept. ... Definition of Zero Day Protection ...
    (Focus-IDS)
  • Re: OT - ObamaRama
    ... earners --- with zero hope of making it into the top bracket. ... they attack, attack and attack reform ... on a country that was zero threat to the US. ...
    (alt.vacation.las-vegas)
  • Re: OT: FOAK Windmill Boat/Cart
    ... rational reference for angle of attack. ... lift is some positive angle of a few degrees. ... It is good for any wing which is set to produce zero lift, ...
    (uk.rec.motorcycles)
Quantcast