Comments on: What is a Zero-day Vulnerability?

By: IT-Security-Links – Week 46 « SWITCH Security-Blog

IT-Security-Links – Week 46 « SWITCH Security-Blog — Fri, 16 Nov 2012 11:27:42 +0000

[...] Tim Sammut from Cisco explains the term “Zero-day Vulnerability” [...]

0 likes

By: Tim Sammut

Tim Sammut — Wed, 07 Nov 2012 20:11:36 +0000

Hi, Jim.

Yep. Zero-days can be discovered by folks with malicious or non-malicious intentions.

thanks for the comment
tim

0 likes

By: Jim

Jim — Wed, 07 Nov 2012 20:03:26 +0000

If I understand it there just has to be a working exploit. In the latest Microsoft IE exploit that happened in September I do not believe the discover was malicious. From what I understand the exploit was found by a researcher who went to Metasploit to develop a “working exploit”. Metsploit developed the exploit and reported the vulnerability as a 0day exploit/vulnerability.

0 likes

By: Tim Sammut

Tim Sammut — Wed, 07 Nov 2012 17:29:38 +0000

Thanks, Richard.

I believe the developer’s intentions and knowledge of the issue are not relevant; and rather that the security exposure present to users is the driving factor in determining what is a vulnerability.

The three traits of a zero-day seem to hold true here since the majority of backdoors could be rightly labeled vulnerabilities.

1 like

By: Richard Afolabi (Esq.)

Richard Afolabi (Esq.) — Wed, 07 Nov 2012 16:59:17 +0000

Tim,
I like your quick response, quite fascinating also. But I’d disagree a bit. lol

Let’s look at the “intentions” of both “holes” Although, I’m not an expert on zero day attack, but I think zero day attack exploits the fact developers do not know about the vulnerabilities. So yes, an attacker can exploit it and probably for a long time before developers even figure out how to block it.

Now, “backdoor” was “designed” by developers to allow them bypass some authentication process when there’s a need for it. Developers must know how to quickly block/fix the backdoor if there’s a need for it. Have you seen the movie Knight Rider 2008?

So, my point is backdoors are deliberate with possible immediate remedy but zero day vulnerability is not deliberate, possibly unknown to developer and the fix is actually unknown.

Backdoors becomes vulnerability when known externally. Zero day holes are 100% vulnerabilities because they are not known even internally but externally. But there’s a thin line between them.

Well, again Tim, I’m not an expert, my researcher mind is just active. lol

0 likes

By: Tim Sammut

Tim Sammut — Wed, 07 Nov 2012 16:41:32 +0000

Hi, Richard, thanks for the note.

I think that if these backdoors are themselves vulnerabilities because they would allow an attacker to do something beyond what should be allowed, than yes, they are zero-day vulnerabilities if they meet the tests above.

Would you agree?

thanks again
tim

1 like

By: Richard Afolabi

Richard Afolabi — Wed, 07 Nov 2012 16:24:11 +0000

Tim, I understand that zero-day attacks occur when malicious users exploit unfixed security holes (Unfixed vulnerability) by developing tools (Working exploit) that take advantage of the vulnerabilities and then share the code or hack among other hackers (external knowledge)

Now, when developers build new tools, I understand they sometimes build “backdoor” into the algorithms. Would you say when this backdoor becomes known and utilized publicly, it becomes a zero day attack?

Note that the developers deliberately built the backdoor into the software.

0 likes