Tuesday, August 3, 2010

Debunking Seven Myths About Zero Day Vulnerabilities

Via ZDNet -

Another month, another zero day flaw has been reported, with malicious attackers logically taking advantage of the window of opportunity, by launching malware serving attacks using it. With vendor X putting millions of users in a “stay tuned mode” for weeks, sometimes even longer, the myths and speculations surrounding the actual applicability of zero day flaws within the cybercrime ecosystem, continue increasing.

Are zero day flaws what the bad guys are always looking for? Just how prevalent are zero day flaws within their business model? Are zero day flaws crucial for the success of targeted attacks attacks?

Let’s debunk seven myths about zero day flaws, using publicly obtainable data, an inside view of the cybercrime ecosystem, and, of course, common sense like the one malicious attackers seem to possess these days.


Pretty good write-up.

Malware is more likely to be installed using an old (aka patches exist, not just installed) Java, Adobe, Quicktime, Realpayer or Microsoft vulnerability then any zero-day.

No comments:

Post a Comment