Full Disclosure mailing list archives
Re: iDefense Q-1 2007 Challenge
From: "ad () heapoverflow com" <mr.dovi () gmail com>
Date: Tue, 16 Jan 2007 23:30:35 +0100
I agree with you KF , that's why I do not recommand iDEFENSE in my forum's footer since some times now. They are just playing on the fact they are alone , or they were alone for a long time on this market, and they do not wish to do any effort, making loads of dollars with us , to say clean , they sucks. AD K F (lists) wrote:
No offense to iDefense as I have used their services in the past... but MY Q1 2007 Challenge to YOU is to start offering your researchers more money in general! I've sold remotely exploitable bugs in random 3rd party products for more $$ than you are offering for these Vista items (see the h0n0 #3). I really think you guys are devaluing the exploit market with your low offers... I've had folks mail me like WOW iDefense offered me $800 for this remote exploit. Pfffttt not quite. We all know black hats are selling these sploits for <=$25k so why should the legit folks settle for anything less? As an example the guys at MOAB kicked around selling a Quicktime bug to iDefense but in the end we decided it was not worth it due to low pay... Low Pay == Not getting disclosed via iDefense.... -KFI know someone who will pay significantly more per vulnerability against the same targets. On 1/10/07 12:27 PM, "contributor" <Contributor () idefense com> wrote:-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1 Also available at:http://labs.idefense.com/vcp/challenge.php#more_q1+2007%3A+vulnerability+chall enge*Challenge Focus: Remote Arbitrary Code Execution VulnerabilitiesinVista & IE 7.0* Both Microsoft Internet Explorer and Microsoft Windowsdominate theirrespective markets, and it is not surprising that the decisiontoupdate to the current release of Internet Explorer 7.0 and/or Windows Vistais fraught with uncertainty. Primary in the minds of ITsecurityprofessionals is the question of vulnerabilities that may bepresent in thesetwo groundbreaking products.To help assuage this uncertainty, iDefense Labsis pleased to announcethe Q1, 2007 quarterly challenge. Remote ArbitraryCode Execution Vulnerabilities in Vista and IE 7.0VulnerabilityChallenge:iDefense will pay $8,000 for each submitted vulnerability thatallowsan attacker to remotely exploit and execute arbitrary code on either ofthese two products. Only the first submission for a givenvulnerability willqualify for the award, and iDefense will award nomore than six payments of$8000. If more than six submissionsqualify, the earliest six submissions(based on submission date andtime) will receive the award. The iDefense Teamat VeriSign will beresponsible for making the final determination of whetheror not asubmission qualifies for the award. The criteria for this phaseofthe challenge are: I) Technologies Covered: - - Microsoft InternetExplorer 7.0- - Microsoft Windows Vista II) Vulnerability ChallengeGround Rules:- - The vulnerability must be remotely exploitable and mustallowarbitrary code execution in a default installation of one ofthetechnologies listed above - - The vulnerability must exist in thelatest version of theaffected technology with all available patches/upgradesapplied- - 'RC' (Release candidate), 'Beta', 'Technology Preview'andsimilar versions of the listed technologies are not included inthischallenge - - The vulnerability must be original and not previouslydisclosedeither publicly or to the vendor by another party - - Thevulnerability cannot be caused by or require any additionalthird partysoftware installed on the target system- - The vulnerability must notrequire additional social engineeringbeyond browsing a malicioussiteWorking Exploit Challenge: In addition to the $8000 award for thesubmitted vulnerability,iDefense will pay from $2000 to $4000 for workingexploit code thatexploits the submitted vulnerability. The arbitrary codeexecutionmust be of an uploaded non-malicious payload. Submission ofamalicious payload is grounds for disqualification from this phase of thechallenge.I) Technologies Covered: - - Microsoft Internet Explorer 7.0 -- Microsoft Windows VistaII) Working Exploit Challenge GroundRules:Working exploit code must be for the submitted vulnerability onlyiDefense will not consider exploit code for existing vulnerabilities or newvulnerabilities submitted by others. iDefense will considerone and only oneworking exploit for each original vulnerabilitysubmitted. The minimum awardfor a working exploit is $2000. In addition to thebase award, additionalamounts up to $4000 may be awarded based upon:- - Reliability of theexploit- - Quality of the exploit code - - Readability of the exploitcode- - Documentation of the exploit code -----BEGIN PGPSIGNATURE-----Version: GnuPG v1.4.3 (MingW32) Comment: Using GnuPG withMozilla - http://enigmail.mozdev.orgiD8DBQFFpSHsYcX4JiqFDSgRAl+ZAJwMJaZoJ6zwd4m8qZfviOZnNNUVrACgpaTU QkO9IXq+PsC6bMKg7j6Dwfw==N0am -----END PGPSIGNATURE-----_______________________________________________ Full-Disclosure - We believe in it.Charter:http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored bySecunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE, (continued)
- Re: iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE Simon Smith (Jan 18)
- Re: iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE Roman Medina-Heigl Hernandez (Jan 18)
- Re: iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE Simon Smith (Jan 18)
- Re: iDefense Q-1 2007 Challenge Blue Boar (Jan 16)
- Re: iDefense Q-1 2007 Challenge K F (lists) (Jan 16)
- Re: iDefense Q-1 2007 Challenge Simon Smith (Jan 16)
- Re: iDefense Q-1 2007 Challenge Blue Boar (Jan 16)
- Re: iDefense Q-1 2007 Challenge Simon Smith (Jan 16)
- Re: iDefense Q-1 2007 Challenge Tim Newsham (Jan 17)
- Re: [_SUSPEKT] - Re: iDefense Q-1 2007 Challenge - Bayesian Filter detected spam Simon Smith (Jan 18)
- Re: iDefense Q-1 2007 Challenge ad () heapoverflow com (Jan 16)
- Re: iDefense Q-1 2007 Challenge K F (lists) (Jan 16)
- Re: iDefense Q-1 2007 Challenge Mark Sec (Jan 16)