RealTime IT News

Keeping an Eye Out For The Zero Day

Zero-day exploits are perhaps the most dangerous type. By definition they have not been patched and they could literally be out in the wild wreaking havoc.

There has long been a debate about when to publicly report zero-day exploits in a responsible manner. Exposing them could end up protecting more users by alerting them to dangers. But it could also leave more people vulnerable by informing them of potential attack vectors.

Security firm eEye Research this week launched its Zero Day Tracker as an effort to help the broader IT community track zero-day vulnerabilities.

Marc Maiffret, founder, CTO and chief hacking officer at eEye, explained to internetnews.com that the main reason for launching the Zero Day Tracker is the constant increase in zero-day vulnerabilities.

"This is the time where things just came together for a public release," Maiffret said.

As of 1:30 p.m. EST today, the tracker lists some seven active zero-day exploits. The recently reported flaw in Microsoft Word is at the top of the eEye list.

Maiffret noted that eEye first reports all vulnerabilities to vendors unless they have seen the vendor has already acknowledged the vulnerability.

To date the eEye effort has had at least one naysayer. A hacker going by the alias "chinese soup" posted to the popular '[Full-Disclosure]' mailing list that the effort had its share of FUD (Fear, Uncertainty, Doubt). Noodle argued that not all of the alleged zero-day exploits were actually exploitable.

Maiffret shrugged off the criticism.

"We have had one person post a single e-mail to a mailing list wanting to mix words," Maiffret said. "We look forward to any and all feedback from the community to help improve the zero-day site."

The increase in zero-day exploits is a phenomenon that has also been tracked this year by the SANS Institute, which has been warning of the increase in zero-day exploits for most of this year.

In a recent conference call, Rohit Dhamankar, editor of the SANS Top 20 list, argued that one of the reasons for the rise in zero-day exploits in 2006 has been the increased use of automated patching mechanisms.