Re: IE7 Zero Day

[<0x80 () hush ai>]

> Have you e-mailed secure () microsoft com and asked them if they want 

> to
> make an offer? I know they've done private deals with security
> researchers in the past, and trust me, they were offered a lot 
> more

No I have not emailed Microsoft.  They are not entitled to any 
exlusivity.

> illegal auction. I think its in your best interest to e-mail
> secure () microsoft com.

Illegal?  Tell me what law in what country I have broken.

> 1) You don't want to make as much money as you could by offering
> Microsoft to buy your vulnerability in private.

Like I said.  MS can offer just like anyone else but they do not 
get any special treatment.

> 2) You want to be held responsible for selling an exploit which 
> leads
> to a major incident, worm, virus outrage.

The vulnerabilities I have for sale could be used in such a way but 
I am in no way responsible for what the purhcaser uses it for.  Are 
bullet manufacturers responsible when someone shoots someone else?


> 3) Microsoft just contact the FBI and get your actual home address
> from your e-mail server logs because you didn't initially offer
> Microsoft to buy the exploit, and you end up getting arrested.

Again.  What law have I broken here?





Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/