Re: 0-day exploit..do i hear $1000?

[rain forest puppy <rfp () wiretrip net>]

> Then someday, Hacker L33t and L4t3 decides that they are not in it for
> fame, but for money. So, they open a security firm (many examples e.g.
> L0pht, Max Vision, RFP, many more).

Um, excuse me?  Open a security firm?  Since when have I opened a security
firm?

I work for a company that was in business before I ever published anything
as RFP.  I've been there for years now.

And in it for the money?  What money?  The money from writing a chapter in
Hack Proofing your Internetwork?  That was donated to OpenBSD and Nessus.
The money for speaking at conferences?  I haven't accepted one to date.
The money I've made from whisker?  Well, whisker is free, so there's none
to be had.

I sit around an absorb myself in various security related challenges.  In
the end, I have tools, research and information which I choose to share,
to promote further research.

If I was truly a sell-out, why the hell would I release my tools and
research to the world?  It would be worth more to me as exclusive
proprietary intellectual property used as a service to paying customers.

Unfortunately, the world doesn't always work how everyone expects it to.

And in the end, why should people sacrifice their lives and free time just
to continuously pump 0day research into an industry where, if they don't
profit from it, everyone else will?  Hell, sensepost.com is a security
services company...are you saying that *every* tool you use is 100%
developed by an employee of sensepost?

So I've sold out because I share my research with others, but
sensepost.com can take tools like nmap et al and use them to make a profit
as a security service, and that's ok?

Funny how that works.

- rfp