Zero-day attack

In this blog post the reader is able to go through an overview of a Zero-day attack. The zero day attack is the detection and the taking of advantage on software’s vulnerabilities, before its creator knows about them. I have chosen this topic because I find attacks interesting and I think that people must know about attack in order to detect and prevent from them. I think that this topic is highly relevant to the IT security, because it is violation against it.

A zero-day attack, sometimes called zero-hour or day zero attack, is used to take advantage of computer vulnerabilities that either doesn’t have solution or either are currently not known by the creator (for example the creator of a new software). Usually when a company releases new software, it always has some vulnerabilities due to lack of security considerations. After the software is released, the bugs start to occur and the company starts creating and offering patches (other pieces for fixing the detected vulnerability). The zero day attack can be occurred in action by taking advantage of the problem, before the patch has been created. This attack was named Zero-day, because it occurs before the first day the vulnerability is known. Zero-day exploits (actual software that uses a security hole to perform an attack) are used or spread from one to another attacker, before the company that released the software (targeted software) knows about its vulnerability.

Usually the zero day attack will provide a malicious programmer with the advantage over a bug that neither the software’s creator nor the users of this software are aware of. By finding the software’s vulnerabilities before its creators, a programmer is capable of creating virus or worm that exploits that vulnerabilities and may result in harming computer systems in a variety of ways.

References:

http://en.wikipedia.org/wiki/Zero-day_attack

http://www.wisegeek.com/what-is-a-zero-day-attack.htm

http://www.pcmag.com/article2/0,2817,1879939,00.asp

Advertisements
This entry was posted in IT Security, Week 20. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s