Monthly Archives: October 2013

The origin of 0-day (zero-day) in hacking (etymology of zero-day)

2021-02-27 UPDATE: A new find sets back the date four more years. Finding a reference to zero-day exploits in a e-zine of May 1994.

This post is a result of a tweet [1] by Space Rogue.

It seems that only a few [2] have tried to capture the origin of the word 0-day in hacking and are wrong.

The term 0-day comes originally from the Warez scene [3]:

“0-day (pronounced as zero day) – This refers to any copyrighted work that has been released the same day as the original product, or sometimes even before.[6] It is considered a mark of skill among warez distro groups to crack and distribute a program on the same day of its commercial release.”

Somewhere around the late 90’s it was picked up by the hacking scene.

Wikipedia explains zero-day attacks as following [4]:

A zero-day (or zero-hour or day zero) attack or threat is an attack that exploits a previously unknown vulnerability in a computer application, meaning that the attack occurs on “day zero” of awareness of the vulnerability.[1] This means that the developers have had zero days to address and patch the vulnerability. Zero-day exploits (the software and/or strategies that use a security hole to carry out a successful attack) are used or shared by attackers before the developer of the target software knows about the vulnerability.

On the 27th of February of 2021 Robert Graham, using his Twitter account @ErrataRob, posted a new, earlier references to the use of the terminology zero day within hacking [8].

Published in the fifth edition of BRoTHeRHooD oF WaReZ e-zine, May 1994 [9]:

we do not wish to impede the progress of zero day rdist exploits, sendmail DEBUG exploits, or other eleet aych pee warez.

As stated by Robert: “One theory is that “zero-day” appeared in the hacking scene independently of the warez scene. This reference refutes that, clearly showing the warez scene using zero-day to also refer to an exploit. One caveat to this is that it’s a zero-day EXPLOIT, and only later does it become zero-day VULN.”

The full thread by Robert [10] on the subject can be found as part of this initial tweet:

This particular reference sets back our initial findings to zero-day references four more years: from 1998 to May 1994!

Other early references we found in the past included a reference found in an e-zine of 1998 called CRH [5], (thanks to @bill_e_ghote for finding this one):

Our member chameleon set us up with a domain in Argentina, the D-Lab.. It has some mad shit on it, but you have to know where to look, because www.d-lab.com.ar will take you nowhere, it has 0-day exploits on it, as well as other useful stuff and source code, check it out..

Another references to 0-day in 1998 include a post on BugTraq by Ken Williams [6] and the Line-noise section of Phrack 53 [7].

From Phrack 53 [7]:

They seem unwilling to read the code given to them to establish exactly what happens when the newest 0-day exploit runs.

Let me know if you have found a reference to 0-day (in hacking) before May 1994!

Thanks go to
Space Rogue, twitter: @spacerog website: http://www.spacerogue.net
Bill E. Ghote, Twitter: @bill_e_ghote website: http://scrapeghote.blogspot.com
Robert Graham, twitter @ErrateRob website: https://blog.erratasec.com/

References:
[1] https://twitter.com/spacerog/statuses/387677286385733632 by @spacerog on October 8, 2013.
[2] http://spiresecurity.com/?p=576 – “Zero Day” Terminology by Pete Lindstrom on July 27, 2005.
[3] http://en.wikipedia.org/wiki/Warez
[4] http://en.wikipedia.org/wiki/Zero-day_attack
[5] http://web.textfiles.com/ezines/CRH/crh007.txt – 7th edition of CRH E-zine published on January 31st, 1998
[6] http://www.shmoo.com/mail/bugtraq/oct98/msg00027.html – Bugtraq October 5th, 1998
[7] http://www.textfiles.com/magazines/PHRACK/PHRACK53 – Phrack 53 July 8th, 1998
[8] https://twitter.com/ErrataRob/status/1365444754004185089 by @ErrateRob
[9] http://www.textfiles.com/magazines/BOW/bow5.txt – BRoTHeRHooD oF WaReZ #5 May 1994.
[10] https://twitter.com/ErrataRob/status/1365444749767933955 – Research by Robert Graham on zero-day references in hacking and warez scene, captured in a twitter feed.