Bugtraq mailing list archives
Re: [Full-disclosure] iDefense Q-1 2007 Challenge
From: Simon Smith <simon () snosoft com>
Date: Tue, 16 Jan 2007 14:37:52 -0500
Blue Boar,
Simply put, and with all due respect, you're wrong. Furthermore I don't
appreciate you directly or indirectly suggesting that these exploits are
being sold on the black market, that will never happen on my watch, ever!
More importantly, the company that I am working with is no different
than iDefense. In fact, they both sell their exploits and harvested research
to the same people. The only real difference is in the amount of money that
the researcher realizes when the transactions are complete. This difference
is a direct result of low corporate overhead.
Lastly, all transactions require that the researcher engage the company
that I work with in a tight contract. This contract ensures that both
parties are legitimate and also protects both parties. They don't do that on
the black market do they?
If anyone is interested in learning more about this, you know where to
find me. ;]
IDefense is reselling these exploits to the same third parties as the
business that I work for, or at least I assume that they are. Both iDefense
and our buyers use the exact same list of software targets.
On 1/16/07 1:35 PM, "Blue Boar" <BlueBoar () thievco com> wrote:
K F (lists) wrote:We all know black hats are selling these sploits for <=$25k so why should the legit folks settle for anything less? As an example the guys at MOAB kicked around selling a Quicktime bug to iDefense but in the end we decided it was not worth it due to low pay... Low Pay == Not getting disclosed via iDefense....Maybe that's all they are worth to iDefense, since they aren't monetizing them in the same way blackhats are. Maybe for some people if they were going to just give them to Microsoft anyway, a few thousand bucks is worth it. Me, for example, if I were capable of of finding such vulns, I wouldn't sell them to the guys writing the drive-by spyware installers. I might sell it to iDefense or Tippingpoint, though. BB _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge, (continued)
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge Simon Smith (Jan 16)
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge K F (lists) (Jan 16)
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE Simon Smith (Jan 16)
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE Jim Manico (Jan 17)
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE Roman Medina-Heigl Hernandez (Jan 18)
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE Simon Smith (Jan 18)
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE Simon Smith (Jan 18)
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE Simon Smith (Jan 18)
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge K F (lists) (Jan 16)
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge Simon Smith (Jan 16)
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge Blue Boar (Jan 16)
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge K F (lists) (Jan 16)
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge Simon Smith (Jan 17)
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge Blue Boar (Jan 17)
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge Simon Smith (Jan 17)
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge Tim Newsham (Jan 17)
- Re: [_SUSPEKT] - Re: [Full-disclosure] iDefense Q-1 2007 Challenge - Bayesian Filter detected spam Simon Smith (Jan 18)