Full Disclosure mailing list archives
Re: iDefense Q-1 2007 Challenge
From: Simon Smith <simon () snosoft com>
Date: Tue, 16 Jan 2007 14:37:52 -0500
Blue Boar, Simply put, and with all due respect, you're wrong. Furthermore I don't appreciate you directly or indirectly suggesting that these exploits are being sold on the black market, that will never happen on my watch, ever! More importantly, the company that I am working with is no different than iDefense. In fact, they both sell their exploits and harvested research to the same people. The only real difference is in the amount of money that the researcher realizes when the transactions are complete. This difference is a direct result of low corporate overhead. Lastly, all transactions require that the researcher engage the company that I work with in a tight contract. This contract ensures that both parties are legitimate and also protects both parties. They don't do that on the black market do they? If anyone is interested in learning more about this, you know where to find me. ;] IDefense is reselling these exploits to the same third parties as the business that I work for, or at least I assume that they are. Both iDefense and our buyers use the exact same list of software targets. On 1/16/07 1:35 PM, "Blue Boar" <BlueBoar () thievco com> wrote:
K F (lists) wrote:We all know black hats are selling these sploits for <=$25k so why should the legit folks settle for anything less? As an example the guys at MOAB kicked around selling a Quicktime bug to iDefense but in the end we decided it was not worth it due to low pay... Low Pay == Not getting disclosed via iDefense....Maybe that's all they are worth to iDefense, since they aren't monetizing them in the same way blackhats are. Maybe for some people if they were going to just give them to Microsoft anyway, a few thousand bucks is worth it. Me, for example, if I were capable of of finding such vulns, I wouldn't sell them to the guys writing the drive-by spyware installers. I might sell it to iDefense or Tippingpoint, though. BB _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: iDefense Q-1 2007 Challenge, (continued)
- Re: iDefense Q-1 2007 Challenge K F (lists) (Jan 16)
- Re: iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE Simon Smith (Jan 16)
- Re: iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE Roman Medina-Heigl Hernandez (Jan 18)
- Re: iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE Simon Smith (Jan 18)
- Re: iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE Simon Smith (Jan 18)
- Re: iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE Simon Smith (Jan 18)
- Re: iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE Roman Medina-Heigl Hernandez (Jan 18)
- Re: iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE Simon Smith (Jan 18)
- Re: iDefense Q-1 2007 Challenge K F (lists) (Jan 16)
- Re: iDefense Q-1 2007 Challenge Blue Boar (Jan 16)
- Re: iDefense Q-1 2007 Challenge K F (lists) (Jan 16)
- Re: iDefense Q-1 2007 Challenge Simon Smith (Jan 16)
- Re: iDefense Q-1 2007 Challenge Blue Boar (Jan 16)
- Re: iDefense Q-1 2007 Challenge Simon Smith (Jan 16)
- Re: iDefense Q-1 2007 Challenge Tim Newsham (Jan 17)
- Re: [_SUSPEKT] - Re: iDefense Q-1 2007 Challenge - Bayesian Filter detected spam Simon Smith (Jan 18)
- Re: iDefense Q-1 2007 Challenge ad () heapoverflow com (Jan 16)
- Re: iDefense Q-1 2007 Challenge K F (lists) (Jan 16)
- Re: iDefense Q-1 2007 Challenge Mark Sec (Jan 16)