Re: Fwd: 0day auctions, should they be outlawed?

[n3td3v <xploitable () gmail com>]

On Mon, Nov 3, 2008 at 6:49 PM, Marc Balmer <marc () msys ch> wrote:
> * n3td3v wrote:
> > ---------- Forwarded message ----------
> > From: n3td3v <xploitable () gmail com>
> > Date: Mon, Nov 3, 2008 at 1:15 PM
> > Subject: 0day auctions, should they be outlawed?
> > To: n3td3v <n3td3v () googlegroups com>
> >
> >
> > i'll be lobbying soon to outlaw 0day auctions, this means the banning
> > of 0day sales on the internet. i've noticed an increased level in 0day
> > sales lately on mailing lists, and web sites... i think this should be
> > against the law. let me know what your opinions are on this, so i can
> > form what im going to say when i lobby people about it. cheers.
>
> wrong approach.  there should be a law that the state has to buy
> all 0days and publish them here on undisclosure.  that would be
> good use of tax money... ;)

the latest guy put up an alias that says "anti security" and i guess
demanded money to make the 0day be known, and then there is still no
guarantee that the affected vendor or the government is going to get
wind of the exploit. that means, there is going to need to be a
government task force in place to infiltrate these sales, to make sure
the good guys are getting the info before blackhat elements. is there
already a government strike force in place to buy these "0day offers"?
or are the government sitting on their hand as per usual? im becoming
increasingly frustrated about what is going on. cheers.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/