| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed Apr 19 22:35:29 2006 From: n3td3v at gmail.com (n3td3v) Subject: selling ms office bug On 4/19/06, ad@...poverflow.com <ad@...poverflow.com> wrote: > forgot to mention so the format of the file is popular , in security at > least a lot ;> > > ad@...poverflow.com wrote: > > auction is up for whitehat industry only, proof required, you open a > > file, the shellcode runs, included are some explanations and the poc > > exploit. > > You are welcome to message me to my email or on the forum for much > > informations. > > > > Arnaud Dovi Robert Lemos and Joris Evers are getting moist. Maybe theres security news in April afterall. Matthew Murphy should enjoy the media spotlight, while it lasts. This is perfect media bait. They can write about the auction and link to it and talk about how acceptable it is for researchers to sell xploits. Also, how easy is it to phish someone who has asked for "whitehats with proof". I know many infos about Yahoo that only people within Yahoo would usually know, and its not hard to spoof mail headers, and i'm sure theres others like me who could easily pose as "whitehat within big dot com"? Anyway, good luck with the sale, most whitehats would slam you for selling an xploit, than ask to buy it, but yeah, expect all sorts of social engineering in your inbox from blackhat hopefuls. Maybe you can list the most convincing after the sale. "The world's most convincing phishing and social engineering attempts 2006" or something.
Powered by blists - more mailing lists