Full Disclosure mailing list archives
Re: IE7 Information Disclosure - For sale
From: "Eliah Kagan" <degeneracypressure () gmail com>
Date: Sat, 6 May 2006 19:09:30 +0000
You dumb fucking cunt.
It's interesting how you reply with the greatest degree of visceral hate toward those who, rather than criticizing you personally (until now) or attacking you, think critically, disagree with what you have to say, and make intelligent arguments. Has it ever occurred to you that whether or not I am a dumb fucking cunt is totally irrelevant to whether or not what I am saying is true?
>Did you expect that subscribers to the FULL DISCLOSURE mailing >list would support your plan to make money off of withholding >disclosure? Yes I do. Considering the fact that half these faggots including the so called owner of this list make money by not disclosing shit until it suits them.
(1) And the other half...? Don't assume that just because some people on this list do things which you perceive to be like what you're doing that the whole list will bow down to you and consider your behavior any less critically than we consider the behavior or any other individual or organization. (2) There is a difference between not disclosing a vulnerability for some amount of time to give the vendor of the vulnerable product a chance to fix the vulnerability, and not disclosing a vulnerability so that you can sell it to spyware authors or spammers, in order simultaneously to (1) make money, and (2) to get back at responsible people who think that it is the duty of those with knowledge to help the weak (i.e. all the nontechnical computer users and grandmothers who would be harmed by the spyware that, by discovering a vulnerability and selling it to spyware authors, you are materially helping to develop). Whether or not there are any good reasons not to disclose a vulnerability in short order after discovering it is a matter of substantial debate, although the majority opinion is that there are good reasons, when waiting protects users and the vendor will actually issue a fix. However, if you believed that the people on this list would support nondisclosure for the purpose of benefiting criminals, you were sadly mistaken.
Nope. all of my high bidders are those that use this shit for spyware and adware. I was worried about selling to them until I came to this list.
You were worried about hurting end users until you realized that other people were, so you stopped worrying?
>How do you intend to enforce the terms of your discount deal? Are >you >going to require the buyer to sign a nondisclosure agreement to >get >the discount? I don't. Its called being pissed.
Glad we got that cleared up.
The vulnerabilities are real. Those that have bid have the proof of such.
Actually, the only reason why I indicated that I didn't know if the vulnerabilities were real was to make clear that I was *not* accusing you of a crime.
Oh really? So lets hear the precidence... lets hear the case and court this was proved in. What criminal behaviour is this?
I said it would be interesting to see. Not being a lawyer, I'm not sure if it is illegal to sell information to someone for the express purpose of enabling them to engage in criminal activity. Perhaps some of the lawyers on the list could clear this up.
Why would I do anything different? You so called professionals would rather make jokes and call bullshit when the reality is that there are people far smarter with way more skills than 99.99% of the CISSPs out there. What you and the rest of your so called community need to realize is that you are the scum.. the bottom of the fuckin barrel.
Again, but larger scale this time: Whether or not "we" are scum is also irrelevant to whether or not our arguments and criticisms are true. I think the cause of strife here is that the issue from the perspective of most of the people who have posted, disagreeing with what you are doing, is one of ethics and social responsibility; whereas the issue from your perspective is that, God forbid, you are being criticized publicly for an act that you are engaging in publicly. You might want to consider that what you are doing is something that most people think is wrong, and when you open up the issue for argument by posting on FD, people are going to say that they think it's wrong. In response to criticism, you act self-righteously, attacking an entire established industry on the grounds that people in it disagree with you, and you wonder why the general opinion of you and your actions on this list doesn't improve.
That is the point. They don't oppose. They make fun and be stupid because they are not smart enough to find shit on their own.
In that case, you should be happy to hear what I have to say, because I oppose what you are doing, and I've been explaining why in an intelligent, reasoning manner, even if I am a dumb fucking cunt. -Eliah _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- IE7 Information Disclosure - For sale 0x80 (May 04)
- Re: IE7 Information Disclosure - For sale Travis Good (May 05)
- <Possible follow-ups>
- Re: IE7 Information Disclosure - For sale 0x80 (May 05)
- Re: IE7 Information Disclosure - For sale Eliah Kagan (May 05)
- WRONG MARKET BUDDY Re: IE7 Information Disclosure - For sale donnydark (May 05)
- Re: WRONG MARKET BUDDY Re: IE7 Information Disclosure - For sale ad () heapoverflow com (May 06)
- Re: IE7 Information Disclosure - For sale Eliah Kagan (May 05)
- Re: IE7 Information Disclosure - For sale 0x80 (May 06)
- Re: IE7 Information Disclosure - For sale Eliah Kagan (May 06)