Monthly Archives: October 2013

The origin of 0-day (zero-day) in hacking (etymology of zero-day)

This post is a result of a tweet [1] by Space Rogue.

It seems that only a few [2] have tried to capture the origin of the word 0-day in hacking and are wrong.

The term 0-day comes originally from the Warez scene [3]:

“0-day (pronounced as zero day) – This refers to any copyrighted work that has been released the same day as the original product, or sometimes even before.[6] It is considered a mark of skill among warez distro groups to crack and distribute a program on the same day of its commercial release.”

Somewhere around the late 90’s it was picked up by the hacking scene.

Wikipedia explains zero-day attacks as following [4]:

A zero-day (or zero-hour or day zero) attack or threat is an attack that exploits a previously unknown vulnerability in a computer application, meaning that the attack occurs on “day zero” of awareness of the vulnerability.[1] This means that the developers have had zero days to address and patch the vulnerability. Zero-day exploits (the software and/or strategies that use a security hole to carry out a successful attack) are used or shared by attackers before the developer of the target software knows about the vulnerability.

The earliest recorded mentioning of 0-day, related to the hacking scene, so far is an e-zine of 1998 called CRH [5], (thanks to @bill_e_ghote for finding this one).

Other references to 0-day in 1998 include a post on BugTraq by Ken Williams [6] and the Line-noise section of Phrack 53 [7].

Let me know if you have found a reference to 0-day (in hacking) before January 31st, 1998. A good place to start looking might be newsgroups, but I have been unlucky so far.

Thanks go to
Space Rogue, twitter: @spacerog website: http://www.spacerogue.net
Bill E. Ghote, Twitter: @bill_e_ghote website: http://scrapeghote.blogspot.com

References:
[1] https://twitter.com/spacerog/statuses/387677286385733632 by @spacerog on October 8, 2013.
[2] http://spiresecurity.com/?p=576 – “Zero Day” Terminology by Pete Lindstrom on July 27, 2005.
[3] http://en.wikipedia.org/wiki/Warez
[4] http://en.wikipedia.org/wiki/Zero-day_attack
[5] http://web.textfiles.com/ezines/CRH/crh007.txt – 7th edition of CRH E-zine published on January 31st, 1998
[6] http://www.shmoo.com/mail/bugtraq/oct98/msg00027.html – Bugtraq October 5th, 1998
[7] http://www.textfiles.com/magazines/PHRACK/PHRACK53 – Phrack 53 July 8th, 1998