With 2006 being the named ???the year of zero-day attacks??? it wasn??™t surprising that
security experts were quick to start using the phrase ???zero-day Wednesdays.??? This term
Gray Hat Hacking: The Ethical Hacker??™s Handbook
44
Chapter 3: Proper and Ethical Disclosure
45
PART I
came about because hackers quickly found a way to exploit the cycles in which
Microsoft issued its software patches. The software giant issues its patches on the second
Tuesday of every month, and hackers would use the identified vulnerabilities in the
patches to produce exploitable code in an amazingly quick turnaround time. Since most
corporations and home users do not patch their systems every week, or every month,
this provides a windowof time for attackers to use the vulnerabilities against the targets.
In January, 2006 when a dangerous Windows Meta File flaw was identified, many
companies implemented Ilfak Guilfanov??™s non-Microsoft official patch instead of waiting
for the vendor. Guilfanov is a Russian software developer and had developed the fix
for himself and his friends.He placed the fix on hiswebsite, and after SANS and F-Secure
advised people to use this patch, hiswebsitewas quickly overwhelmed by downloading.
Pages:
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149