Full Disclosure mailing list archives
Re: IE7 Zero Day
From: n3td3v <n3td3v () gmail com>
Date: Sun, 7 May 2006 17:43:35 +0100
On 5/5/06, 0x80 () hush ai <0x80 () hush ai> wrote:
Yes, this is a beta product but I have reason to believe that this issue will not be discovered of fixed by M$ before it goes to gold. Why do I believe this? Because the issue is found in IE 6 but doesnt seem to exploit. Not saying it is not exploitable I am saying that I cant make it exploit. I work as a pizza delivery driver at night and work part time landscaping in my days. So I feel it is only fair that I be compensated for this vulnerability. Highest bidder that can convince me that you will actually pay wins.
Have you e-mailed secure () microsoft com and asked them if they want to make an offer? I know they've done private deals with security researchers in the past, and trust me, they were offered a lot more money than any of the folks on FD will ever offer you. Plus, don't assume Microsoft are reading FD all the time to hear about your illegal auction. I think its in your best interest to e-mail secure () microsoft com. Unless: 1) You don't want to make as much money as you could by offering Microsoft to buy your vulnerability in private. 2) You want to be held responsible for selling an exploit which leads to a major incident, worm, virus outrage. 3) Microsoft just contact the FBI and get your actual home address from your e-mail server logs because you didn't initially offer Microsoft to buy the exploit, and you end up getting arrested. I didn't say give Microsoft the vulnerability for free, I'm just saying personally e-mail them and ask them to by your vulnerability, you might be suprised how friendly they are and the offer they make you. Its for the best, you know it makes sense. Regards, n3td3v Respond by calling me a faggot if you want, I was just thinking of your best interests financially, and I don't want to see folks get locked up for researching bugs they want people to buy. The best and most legal people to ask to buy your vulnerability is Microsoft. If they say no, then fair play, come back to FD and rant your B*S to the list, but give it a try. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- IE7 Zero Day 0x80 (May 04)
- Re: IE7 Zero Day FRLinux (May 04)
- Re: IE7 Zero Day Valdis . Kletnieks (May 04)
- Re: IE7 Zero Day Peter Besenbruch (May 04)
- Re: IE7 Zero Day Exibar (May 05)
- Re: IE7 Zero Day Valdis . Kletnieks (May 05)
- Re: IE7 Zero Day Eliah Kagan (May 05)
- Re: IE7 Zero Day Exibar (May 05)
- Re: IE7 Zero Day Valdis . Kletnieks (May 05)
- Re: IE7 Zero Day Ducki3 (May 05)
- Re: IE7 Zero Day n3td3v (May 07)
- Re: IE7 Zero Day xyberpix (May 07)
- Re: IE7 Zero Day c0redump (May 07)
- <Possible follow-ups>
- Re: IE7 Zero Day 0x80 (May 04)
- Re: IE7 Zero Day sk (May 05)
- Re: IE7 Zero Day FRLinux (May 05)
- Re: IE7 Zero Day 0x80 (May 04)
- Re: IE7 Zero Day 0x80 (May 04)
- Re: IE7 Zero Day Randal T. Rioux (May 04)
- Re: IE7 Zero Day 0x80 (May 04)
- Re: IE7 Zero Day ad () heapoverflow com (May 05)
(Thread continues...)