• fej@feddit.de
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Of course there are unreleased 0-days, but you can’t do anything about it. Most of them are even kept secret by companies that sell spy software. However, public 0-days are way more dangerous because they are being exploited actively.

    Using a different browser until a particular issue is fixed when you are e.g. a journalist still helps with getting hacked.

    • joneskind@beehaw.org
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      1 year ago

      Of course there are unreleased 0-days, but you can’t do anything about it.

      And that’s exactly my point.

      Using a different browser until a particular issue is fixed when you are e.g. a journalist still helps with getting hacked.

      Actually no. Because you never know what currently unfixed 0-day is actively exploited in any browser. Using Gecko or Chromium today because Webkit had a security flaw yesterday doesn’t make anything safer. It might comfort you, but that’s it.

      The only important metric is the number of 0-day discovered per year per engine. It’s a matter of probability.

      Changing engine would be like changing dice because you had a bad number, without knowing how many side you’ll get with the new ones.

      • fej@feddit.de
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Ah, now I got what you meant. I was just suggesting switching temporarily while the published 0-day would be public and unpatched, because this is the time in which the issue would be exploited the most.