|Sometimes the bugs come out of the box.|
Today's painful realization is that the very term "0day" has put this weird box around the policy brain, and minimized the dangers of regulation on all research in the security space, especially, for some reason, the European policy brain (including our British friends!). So I want to demonstrate some Zen Koans to help unbox you, so when Microsoft says they're looking "widely" with their "bounty" program you know what they mean.
Some things which are 0day, but outside the box:
- Techniques for undetectable persistence on Windows 10
- Ways to manipulate a heap on iOS that guarantee a certain heap layout
- A function pointer that is always at a static location in Google Chrome and is called periodically
- A way to send a lot of data using DNS through Microsoft Exchange servers
- A shellcode that does something useful on Cisco's OS
- Ways to clean up a process so that it continues nicely after exploitation.
If you think "Oh, they have promised not to regulate knowledge in general, just dangerous exploits!" then think again. There are many clauses in the Wassenaar agreements and every other proposed regulation (looking in Ari Schwartz's direction here) that seek to control exactly these things. Hopefully this post helps clarify why every security researcher had a big freakout with the Wassenaar proposals.