|
Does Verizon's Voyager stack up to the iPhone? |
|
|
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
|
|
I detest the "Zero Day" moniker
I have continually pressed my superiors and colleagues to understand the point that "Zero-Day" does not mean "newly discovered", a sadly all-too-common misinterpretation of the popular term. In fact "Zero-Day" vulnerabilities are actually rediscovered, just like when Europeans "discovered" the "New World" in the 9th or 10th century... the land had already been discovered and populated by peoples from Asia well over 10,000 years earlier!
The term itself contributes to this highly dangerous and widespread misunderstanding. But it is a term that has "presence", so the media will likely continue to use it. It seems to make many misinformed IT people think they have some nebulous amount of time before these "newly discovered" vulnerabilities are exploited and "preventive" measures can be taken casually during their next maintenance window, perhaps a couple of weeks later. In actuality, the vulnerabilities have probably been successfully exploited for many months or years before having the spotlight thrown upon them in the media, and their "preventive" activities will actually be ones of closing the barn doors long after the horses have run away and even died.
Another thing important to note is that there are very likely vulnerabilities "out there" that are held very close to the chest by their discoverers that have existed from day one in every shipping OS and application. It only makes sense that the truly talented and covert hackers don't disclose their best exploits, using them seldom and with extreme discretion so that their activities and methods aren't discovered, so that they have a very long window of usability for their hacks.
I believe that the 1080 day estimate for the longest-lived 'bugs' is significantly short -- how old are Windows, Linux, the Mac OSes and others? Some date back to roots in the 1980's. With all the millions of lines of code in those OSes, there's bound to be things lurking in those that have survived like the venerable cockroach through every vulnerability audit to date. Only few months ago a vulnerability was "discovered" that had existed in every Windows OS since Windows 95. That's far longer than 1080 days. It's rather naive to believe that "bug" went unnoticed all that time.
Remember, when the lights come on, you'll see the scurrying critters, but not the really smart, cautious, secretive ones.