<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body text="#000000" bgcolor="#FFFFFF">
So in general my feeling on 0days is that they come from new attack
surfaces. Finding those new attack surfaces takes a lot of initial
time - months in many cases. Usually it requires a lot of painful
strip mining. For example, you may end up having to implement an
entire USB stack from scratch in Python, or learn how X.25 works, or
become the world's expert in an old IBM mainframe technology. <br>
<br>
And generally it involves at least two people. This is why hackers
really like Lev's "<a
href="http://www.amazon.com/The-Magicians-Novel-Lev-Grossman/dp/0452296293">The
Magicians</a>" book series because he does manage to capture a bit
of this process/feeling.<br>
<br>
From the outside, of course, it's anaconda-like. At some point the
team crosses a threshold and then the cracks start forming and
you've implemented all of X.500 but you're basically drowning in
0day at that point, and it's just a matter of picking up the pieces
you want to use to construct your exploit.<br>
<br>
Anyways, it's good to see. Best show on earth, as they say.<br>
<br>
From a strategy point what it means is this: Once a team is pretty
far ahead, they can generally stay ahead by continually dropping the
low level 0day to keep anyone else's investment in the subject
matter from having any return. <br>
<br>
-dave<br>
<br>
</body>
</html>