In another episode of why writers shouldn’t be writing articles when the don’t know what they are talking about, the Fairfax press have come up with this one this morning about a new vulnerability in Microsoft’s Internet Explorer:
|Internet Explorer's Huge Security Hole|
“Zero-day exploits involve software that takes advantage of a security hole within a site to carry out an attack.”
Umm, what? That’s not a “zero day” exploit. This is a "zero day" exploit:
“A zero-day (or zero-hour or day zero) attack or threat is an attack that exploits a previously unknown vulnerability in a computer application, meaning that the attack occurs on “day zero” of awareness of the vulnerability. This means that the developers have had zero days to address and patch the vulnerability. Zero-day exploits (actual software that uses a security hole to carry out an attack) are used or shared by attackers before the developer of the target software knows about the vulnerability.”
The entire crux of a “zero-day” exploit is that they are exploited before the developers were aware of them. Such exploits also are not contained to “sites”, and can be carried out against any software – not just internet-based services.
Googling “zero day exploit” presents the above Wikipedia article as the first result. It took me 10 seconds to get the exact definition that the writer should have used.
Bravo for highlighting that there’s a problem, but a little fact-checking and basic research would be nice too.