0-day (zero-day)

0-day (zero-day): The term 0-day exploit describes an exploit that is not publicly known. It describe tools by elite hackers who have discovered a new bug and shared it only with close friends. It also describes some new exploit for compromising popular services (the usual suspects: BIND, FTP services, Linux distros, Microsoft IIS, Solaris servers). Many 0-day exploits are discovered by the victims when hackers use them, or by honeypots.

The term "0-day" describes the fact that the value of exploits quickly goes down as soon as they are announced. The next day they are half as valuable. The 2nd day they are a 1/4 as valuable. Ten days later they are 1/1000 as valuable as on day 0. This is because script-kiddies quickly use the exploits on computers throughout the Internet, compromising systems before anybody else can get to them. Contrast: The term 0-day exploit describe the hard-to-use exploits by the discoverer himself (or close friends), in contrast to the easy-to-use scripts employed by script kiddies. For example, a buffer-overflow script will go through many phases as people try to find the right offsets for the target platforms, but will eventually end up as a broad-spectrum aim-and-shoot script that anybody could use. Key point: One of the dangers of 0-day exploits is BUGTRAQ camping. A hacker discovers all the services running on the target victim and waits for day-0 when the exploit is announced.

At that time, the hacker attacks the systems with the new exploit. Key point: The term "0-day" describes any bit of information in the community, whether it is serial numbers, lists of proxies, or passwords to porn sites. As soon as such information becomes well-known and exploited by large numbers of people, it is then fixed by the victim.

Information has a "half-life": the older it is, the less value it has. From Hacking-Lexicon

* Linux/Unix/Computing Glossary Index

More From Us