A new 0-day exploit is in the wild for Internet Explorer 7 since yesterday. Of course, this is a big issue and countermeasures must be deployed as soon as possible.
A lot of security solutions companies try to use the 0-day effect as a marketing element “Ã la Barack Obama”:
“Yes, we can… detect the 0-day vulnerabilities!”
That’s a good point but what about the “zero-knowledge” risks?
By “zero-knowledge”, we mean security issues such a password never changed or not enough secure, an appliance left configured with its factory settings, connection of rogue devices on the corporate network and much more! That’s why to detect security events, everything must be logged, analyzed and correlated.
Martin Roesch, the author of Snort, gave an interview about zero-knowledge and the future of IDS: Oubliez les zero-day, c’est le zero-knowledge dont vous devriez avoir peur ! (Translation in English here).