Highest Voted 'zero-day' Questions - IT Security Stack Exchange

168

votes

4 answers

What does it mean to "burn a zero-day"?

I noticed a comment on this answer where another user said ...but it requires risking burning a 0day, which people are not always all that willing to do. I did an Internet Search for the phrase "burning a 0day" (and similar permutations like 0…

terminology zero-day

asked Jun 17 '18 at 15:48

YetAnotherRandomUser

2,290
2
14
20

96

votes

7 answers

Why would an attacker ever want to sit on a zero-day exploit?

I am trying to understand why an attacker would want to wait to use a zero-day exploit. I have read that an attacker does not want to waste the zero-day because they are typically very expensive to obtain in the first place, but it is not clear to…

zero-day

asked Dec 03 '18 at 00:33

jonem

959
1
6
7

55

votes

3 answers

Where to disclose a zero day vulnerability

We discovered a vulnerability in wide range of Ricoh printers, where with a simple PostScript file sent directly, it is possible to crash the device. To recover you need physical access to the printer and an administration account to clear the queue…

disclosure zero-day

asked Sep 11 '19 at 13:43

Matteo

682
5
14

53

votes

2 answers

How are zero days found?

I believe that it was leaked recently that the NSA has a long list of zero day exploits on various software "for a rainy day," ie: for whenever it would be useful to them. The question is, how do they find these zero days? Does someone have to…

zero-day

asked Dec 16 '13 at 18:42

Naftuli Kay

6,715
9
47
75

32

votes

1 answer

What is an n-day security attack?

There are several attacks types in computer security. For instance, zero-day attacks consist of attacks that use undisclosed exploits. In contrast, what is an n-day attack? Is it a security concern?

malware attacks disclosure zero-day

asked May 19 '15 at 13:23

Vijini

329
1
4
7

29

votes

9 answers

How can an administrator secure against a 0day before patches are available?

I'm working on a thesis about the security hacker community. When a 0day is published, how can an administrator secure his application/website between the time the 0day is published and the patch is developed ? Moreover, most of the time, this same…

zero-day black-hat white-hat

asked Dec 13 '18 at 08:30

K.Fanedoul

417
4
10

28

votes

6 answers

Heartbleed and Routers/ASAs/other

OK, so I first heard about heartbleed a few hours ago through the stack exchange questions feed, and after a moments panic, realised that the only web servers I have secured via OpenSSL are on the internal network. Patched anyway, but now I have…

openssl zero-day heartbleed

asked Apr 08 '14 at 05:20

Chris O'Kelly

442
1
4
11

27

votes

2 answers

How do big cloud providers guard against VM escape attacks?

I think it's pretty much unassailable to say that cloud computing as we know it depends on the concept of the robustness of virtual machines. Where one can depend on the security of VMs they allow workloads from multiple customers of a cloud…

virtualization cloud-computing zero-day apt

asked Jul 17 '16 at 00:04

mostlyinformed

2,715
16
38

24

votes

3 answers

Should I be disabling Java?

First it was Apple, now it's the US government... U.S. urges users to disable Java; Apple disables some remotely New malware exploiting Java 7 in Windows and Unix systems How serious is this "unspecified vulnerability"? Should all users be…

known-vulnerabilities java zero-day

asked Jan 12 '13 at 20:00

Django Reinhardt

938
2
8
20

23

votes

4 answers

How to subscribe to information about new vulnerabilities in selected products?

In order to be informed about critical vulnerabilities in selected products I'd want to subscribe to some list about them. I'd want to configure the list of products by myself. The question: Where can I get security breach alerts? gives information…

zero-day cve

asked Dec 17 '12 at 18:17

Andrei Botalov

5,267
10
45
73

22

votes

5 answers

What are the best practices for mitigating zero day attacks?

What are best practices / recommendations / strategies for mitigating zero day threats/attacks from a software development perspective?

attack-prevention zero-day

asked Nov 11 '10 at 23:04

Eric Warriner

3,251
3
24
20

20

votes

2 answers

What was behind the surge of Adobe Flash Player vulnerabilities/patches in 2015?

It's no secret that 2015 was a rough year, security-wise, for Adobe's Flash Player. Aside from Adobe itself beginning to essentially deprecate Flash development largely due to Flash Player's longstanding status a primary target for attackers, the…

appsec vulnerability zero-day flash

asked Jan 04 '16 at 09:06

mostlyinformed

2,715
16
38

19

votes

4 answers

Unknown malware, how to report it and whom to report it to?

I'm a professional Windows system administrator, but I've been caught off-guard (or maybe some malware writer has been very clever) and I caught some unknown malware on my home computer (Windows 7 x64 SP1); it must be a very recent one and/or of a…

windows web-browser malware rootkits zero-day

asked Jul 12 '11 at 21:47

Massimo

731
5
13

16

votes

3 answers

If I find or create a 0day exploit, can I be held liable for releasing out to the public?

If I found or created a 0day and decided to immediately release it into the wild (Giving a P.o.c w/ source). But not using it to actually exploit anything. Can I be held liable for it?

legal zero-day

asked Oct 22 '12 at 15:04

Digital fire

3,126
5
31
44

13

votes

1 answer

SCADA / PLC exploit code was released in metasploit. Now what?

Wired reports that there are many security issues with Programmable Logic Controllers (PLCs) and now there is an easy to use tool to scan and detect vulnerabilities. They say it's so easy, the update for Metasploit make it analogous to Firesheep…

exploit hardware zero-day exploit-kits

asked Jan 20 '12 at 02:50

makerofthings7

50,090
54
250
536

Questions tagged [zero-day]