Zero-day exploit

From HORSE - Holistic Operational Readiness Security Evaluation.
Revision as of 19:02, 14 June 2007 by Mdpeters (talk | contribs) (New page: ==Zero Day Exploitation== '''Zero day''' in technology refers to software, videos, music, or information unlawfully released or obtained on the day of public release. ==Exploits and Vulne...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Zero Day Exploitation

Zero day in technology refers to software, videos, music, or information unlawfully released or obtained on the day of public release.

Exploits and Vulnerabilities

Zero Day exploitations are released before, or on the same day the vulnerability and sometimes the vendor patch are released to the public. The term derives from the number of days between the public advisory and the release of the exploit. This definition leaves something to be desired as the name itself is an indication of the vendor patch being available, i.e. the vulnerability affected unpatched systems for zero days.

Software

Zero Day software, games, videos and music refers to the content that has been either illegally obtained or illegally copied on the day of the official release. These are usually works of a hacker or a malicious employee of the releasing company.

Worms

Zero day worms take advantage of the surprise attack while they are still unknown to computer security professionals. Recent history certainly does show us an increasing rate of worm propagation. Well designed worms can spread within minutes (some say even seconds) with devastating consequences to Internet and otherwise.

Protection

Zero Day protection is the ability to provide protection against Zero Day exploits. Since Zero Day attacks are generally unknown to the public, it is often difficult to defend against them. Zero Day attacks are often effective against "secure" networks and can remain undetected even after they are launched. Thus, users of so-called secure systems must also exercise common sense and practice safe computing habits.

It has mistakenly been suggested that a solution of this kind may be out of reach because it is algorithmically impossible in the general case to analyze any arbitrary code to determine if it is malicious, as such an analysis reduces to the halting problem over a linear bounded automaton, which is unsolvable. It is, however, unnecessary to address the general case (that is, to sort all programs into the categories of malicious or non-malicious) under most circumstances in order to eliminate a wide range of malicious behaviors. It suffices to recognize the safety of a limited set of programs (e.g., those that can access or modify only a given subset of machine resources) while rejecting both some safe and all unsafe programs. This does require the integrity of those safe programs to be maintained which may prove difficult in the face of a kernel level exploit.

The Zero Day Emergency Response Team, or ZERT Zero Day Emergency Response Team is a group of software engineers who work to release non-vendor patches for Zero Day exploits.

Ethics

Certain government laws can prohibit the public release of Zero Day exploits, requiring users to use underground networks -- search engines, IRC channels, and distribution lists -- to obtain Zero Day exploits. These networks are usually known by word-of-mouth or invitation only.

Differing ideologies exist around the collection and use of Zero Day vulnerability information. Many computer security vendors perform research on Zero Day vulnerabilities in order to better understand the nature of vulnerabilities and their exploitation by individuals, computer worms and viruses.

See Also

External References