Re: Trend Micro's Vista "0day exploit auction" claim

["Sels, Roger" <roger.sels () gov-fbi net>]

On Tue, December 19, 2006 7:59 pm, Ryan Meyer wrote:
> A number of popular tech news sources are reporting Trend Micro's CTO,
> Raimund Genes, publicly claiming that there are "auctions" for zero-day
> Windows Vista exploits. Further, he claims these auctions are fetching
> approx $50,000.
>
> Could anyone verify Trend Micro's claim?
>
> It seems dubious, at best, to me and possibly nothing more than pure FUD.
>
> Sorry to get off topic.
>
> Ryan Meyer

Hello Ryan

Anything is possible. Whether or not it's FUD is totally irrelevant IMHO.
Considering Vista officially launched on November 30*, what's the number
of deployed servers at the moment?
How many of these will be business/mission critical (thus "interesting")?

Sure, the "bad guy" paying 50k for the exploit can sit around waiting for
vulnerable vista's to pop up but if they're willing to pay that price they
should get a developer/security researcher, lock him up in a basement with
a server running vista and get (possibly) more (then 1) 0-day exploit(s).

Kr

Roger

*: according to this link (chosen at random):
http://www.cnn.com/2006/TECH/ptech/11/30/windows.vista.ap/index.html?eref=rss_tech
According to the article, it will get in consumer's hands "as of January 30"

-- 
Life is 10 percent what you make it and 90 percent how you take it. -
Irving Berlin