Thursday, January 17, 2013

0day, 0dear

Here are a couple of small but interesting wordy things in a post by Brian Krebs about the recent Java (programming language) security vulnerability:
On Sunday, Oracle rushed out a fix for a critical bug in Java that had been folded into exploit kits, crimeware made to automate the exploitation of computers via Web browser vulnerabilities.
The term malware is well established, of course. But crimeware is a different beast; it's not what the bad guys put on your computer to perform their dirty deeds, but the software that they use to build their exploits in the first place. As the mighty Wikipedia puts it, crimeware is "a class of malware designed specifically to automate cybercrime." Later in the article, Krebs refers to "weaponized versions of the exploit," which gets across the idea also. There's a book:


In the same paragraph, Krebs uses another interesting term that's not that unusual, but that is misrepresented by the font of the article. Let me show you a picture:


A body who's not attuned to the font (and who's reading it at normal size) might read this as oday. But it's 0day (zero-day), with the digit thwarted by the font (Georgia, it looks like). Oday is just leet-y shorthand for zero-day, an adjective meaning "pertaining to a program that exploits a computer security vulnerability before security experts can address it." Indeed, searching for "0day" (mit de zero) directs you to Zero-day attack high in your results. (Searching for oday gets you nothing interesting, in case you were wondering.)

And that's about as much fun as I can extract from this one article today.