Define Zero Day

Posted by Stephen Northcutt on November 14, 2009 – 12:04 am
Filed under Information Security Community

We received a comment from a faithful NewsBites reader gently chiding about the use of the word “Zero Day.”

He said, “A few years ago, as the rogue hackers began to automate vulnerability identification and exploit writing, they began to brag about how quickly they were able to exploit a vulnerability after it was identified.  They bragged that their tools were getting so good that they would soon be able to exploit a vulnerability within the same day that it was identified.   It was from this boast that the idea of the “zero-day exploit” was born.

In my own history as an IDS analyst, the circle I traveled in defined Zero Day as an exploit for an unpublished vulnerability. Twelve years ago, IDS was primarily signature based, if the vulnerability was not published you would not have a signature for the attack. Our research showed that hackers that hacked for money would find unpublished vulnerabilities, create exploits for them and use them to break into systems and steal credit card numbers etc. Then after 3 – 6 months, they would start making these exploits available to other hackers and quit using them. This way, they could cover their tracks. Wikipedia has a page titled Zero Day Attack, that lines up with this definition. The website zerodaythreat.com defines zero day as, “(n) a hazard so new that no viable protection against it exists,” and they offer a book by the same title. eEye sees things differently and offers a zero day tracker, which with the definition above would be impossible.

In the search for truth, I plugged zero day into Google to get additional thoughts on the definition of zero day.  Here are a few of the more interesting things that I found:

Zero Day is a movie.  From what I read on Wikipedia, it is unlikely to be a movie I would want to see, “Zero Day (2003) is a movie directed by Ben Coccio, about a school shooting much along the lines of the Columbine High School massacre.” It is available on Google Films. The trailer is here.

Zero Day is a ZDNet blog, that focuses on attacks and vulnerabilities. It is the name of a Harvard Law Blog as well. The Zero Day Initiative is a TippingPoint project to purchase zero day exploits. Some security professionals disapprove of this practice.

Permalink|Comments RSS Feed - Post a comment|Trackback URL.

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word