lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Fri May  5 17:01:18 2006
From: 0x80 at hush.ai (0x80@...h.ai)
Subject: IE7 Zero Day

I do not support nor do I wish to participate in anything iDefense 
does.  They are the original parasites of your industry.


On Fri, 05 May 2006 02:14:49 -0700 Thor Larholm 
<thor.larholm@...urematch.dk> wrote:
>Sell it to iDefense through their VCP program. A reproduceable 
>code 
>execution vulnerability will fetch you anywhere between $1.000 to 
>$10.000. With the uncertainty of whether this makes it into IE7 
>final 
>I'm guessing you'll get 2-3K.
>
>http://labs.idefense.com/vcp.php
>
>Say hi to Ken Dunham or Michael Sutton from me :)
>
>Cheers
>Thor Larholm
>
>0x80@...h.ai wrote:
>
>>Yes, this is a beta product but I have reason to believe that 
>this 
>>issue will not be discovered of fixed by M$ before it goes to 
>gold. 
>>Why do I believe this?  Because the issue is found in IE 6 but 
>>doesnt seem to exploit.  Not saying it is not exploitable I am 
>>saying that I cant make it exploit.
>>
>>I work as a pizza delivery driver at night and work part time 
>>landscaping in my days.  So I feel it is only fair that I be 
>>compensated for this vulnerability.
>>
>>Highest bidder that can convince me that you will actually pay 
>>wins.
>>
>>
>>
>>Concerned about your privacy? Instantly send FREE secure email, 
>no account required
>>http://www.hushmail.com/send?l=480
>>
>>Get the best prices on SSL certificates from Hushmail
>>https://www.hushssl.com?l=485
>>
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>Hosted and sponsored by Secunia - http://secunia.com/
>>  
>>
>
>
>-- 
>Med venlig hilsen
>
>Thor Larholm
>CFO, Futurematch ApS
>+45 3123 5504



Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

Powered by blists - more mailing lists