I have a few questions based on previous comments from Steve and general industry conduct.
I read the Accenture "network access sellers" report Steve mention in Episode 789. Accenture says "zero-day exploits are exploits developed targeting unpatched vulnerabilities)." It's not clear if that means unpatched by the vendor or the client.
https://www.accenture.com/us-en/blo...-network-access-sellers-and-ransomware-groups
Ohio State University has a questionable explanation of this as well.
What is a Zero-Day Exploit?
OK, that seems reasonable, though not specific enough. But here is where it goes off the rails. They later talk about the Shadow Brokers leak of EternalBlue, and the subsequent WannaCry attack.
I know that I'm nitpicking but I think this is sloppy use of jargon, often to sensationalize stories.
- Is it safe to say that a zero-day vulnerability is a vulnerability that is unknown by the vendor?
- If a vulnerability is known by the vendor but not the public (and maybe even has a hidden CVE), is it a zero-day? Does it matter if the vulnerability is patched or not?
- What if the vulnerability is known by the vendor, but they choose to not patch, as-described in Episode 780 (0-Day Folly). That was the vulnerability that Microsoft knew about and chose not to patch for two years.
I read the Accenture "network access sellers" report Steve mention in Episode 789. Accenture says "zero-day exploits are exploits developed targeting unpatched vulnerabilities)." It's not clear if that means unpatched by the vendor or the client.
https://www.accenture.com/us-en/blo...-network-access-sellers-and-ransomware-groups
Ohio State University has a questionable explanation of this as well.
What is a Zero-Day Exploit?
"A “zero-day” or “0Day” in the cybersecurity biz is a vulnerability in an internet-connected device, network component or piece of software that was essentially just discovered or exposed. The whole idea is that this vulnerability has zero-days of history."
OK, that seems reasonable, though not specific enough. But here is where it goes off the rails. They later talk about the Shadow Brokers leak of EternalBlue, and the subsequent WannaCry attack.
The WannaCry ransomware attack took advantage of these vulnerabilities and was considered one of the biggest outbreaks of ransomware at the time. This illustrates another point, which is that zero-day vulnerabilities are particularly dangerous because they can lead to sudden, explosive outbreaks of malware that end up having a huge impact in cyberspace.
Their assertion that WannaCry was a zero-day is wrong in my opinion. It was patched for around 60 days at that point. Is it correct to say that WannaCry was not a zero-day?I know that I'm nitpicking but I think this is sloppy use of jargon, often to sensationalize stories.