To what does “zero day” refer?
https://stackoverflow.com/questions/409807
-
03-07-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Does "zero-day" or "0-day" (in context of software vulnerabilities and exploits) refer to the software release, or a particular type of exploit?
[I did not find an answer to this on SO. Though it is answered elsewhere on the Internet, my understanding of SO is that it's okay to ask/answer basic questions]
Solution
Simply put it means that it [the exploit] was released before the company was notified, and had the opportunity to fix it, because the company had 0-days of notification.
OTHER TIPS
Wikipedia has two entries which are relevant:
A zero-day vulnerability or attack means that an exploit has been found active in the "wild" without being announced or the developers notified.
A zero-day exploit or vulnerability is an exploit for a bug that is not known to the general public (i.e. no patch was released for it).
Three major uses of "Zero Day"
- http://en.wikipedia.org/wiki/Zero_day_virus
- http://en.wikipedia.org/wiki/Zero_day_attack
- And also "zero day" warez (pirated) software: software cracked and/or released to the public by some pirate on (or before!) the day said software was available for sale.
I personally was aware of the third sense before the other two.
Zero-day should be defined as exploits written to activate on machines simultaneously at a particular date/time or based on a certain condition or external signal, such as Stuxnet.
Web pages seem to be defining zero-day as vulnerabilities merely not known to the public, or company, nor fixed yet. That doesn't make sense because it describes 100% of them for at least a part of the life cycle of the flaw. Hackers don't announce their attacks before putting them in place, that would be pretty stupid, the term is meaningless under many of the definitions out there because it would apply to just about any security bug.
As the author of an encryption program, I'd say it is of course sexier to say zero-day than security bug. However it should not be popularly used in relation to the flaw (that's the big mistake), instead, as particular types of attacks. A security bug can be exploited immediately or used to cause something to happen later, on "zero-day".
Kaspersky about zero-day: "Exploit occurs when a system weakness is discovered and attacked within a day". In other words, they are saying the hacker accomplished their task within 24 hours after finding the flaw. How do they know? Are they sitting at the desk of the hacker with a stopwatch? In this case, the flaw is in the definition.
Ground zero is where something terrible happens.
Day zero is when something terrible happens.
See paragraph one.
When the majority are in error, do not succumb to peer pressure.
Interesting quote by an early Microsoft guy, heard today: [A falsehood] is half-way around the world before the truth has put on its pants. I will add, because people lay out the welcome mat for it.
In the book Zero Day by Mark Russinovich, whom I respect (mainly because of his sensible software, now via Microsoft) it sounds like he portrays coordinated software attacks as a sort of 'doomsday'.
While many zero day threats are small, this flavor/meaning of the term zero-day is the one that makes sense to me, like a ticking time bomb counting down, to zero day, when it triggers, to do its damage, versus just spreading/establishing itself prior to zero day.
