lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun May  7 17:43:44 2006
From: n3td3v at gmail.com (n3td3v)
Subject: IE7 Zero Day

On 5/5/06, 0x80@...h.ai <0x80@...h.ai> wrote:
> Yes, this is a beta product but I have reason to believe that this
> issue will not be discovered of fixed by M$ before it goes to gold.
> Why do I believe this?  Because the issue is found in IE 6 but
> doesnt seem to exploit.  Not saying it is not exploitable I am
> saying that I cant make it exploit.
>
> I work as a pizza delivery driver at night and work part time
> landscaping in my days.  So I feel it is only fair that I be
> compensated for this vulnerability.
>
> Highest bidder that can convince me that you will actually pay
> wins.

Have you e-mailed secure@...rosoft.com and asked them if they want to
make an offer? I know they've done private deals with security
researchers in the past, and trust me, they were offered a lot more
money than any of the folks on FD will ever offer you. Plus, don't
assume Microsoft are reading FD all the time to hear about your
illegal auction. I think its in your best interest to e-mail
secure@...rosoft.com.

Unless:

1) You don't want to make as much money as you could by offering
Microsoft to buy your vulnerability in private.

2) You want to be held responsible for selling an exploit which leads
to a major incident, worm, virus outrage.

3) Microsoft just contact the FBI and get your actual home address
from your e-mail server logs because you didn't initially offer
Microsoft to buy the exploit, and you end up getting arrested.

I didn't say give Microsoft the vulnerability for free, I'm just
saying personally e-mail them and ask them to by your vulnerability,
you might be suprised how friendly they are and the offer they make
you.

Its for the best, you know it makes sense.

Regards,

n3td3v

Respond by calling me a faggot if you want, I was just thinking of
your best interests financially, and I don't want to see folks get
locked up for researching bugs they want people to buy. The best and
most legal people to ask to buy your vulnerability is Microsoft. If
they say no, then fair play, come back to FD and rant your B*S to the
list, but give it a try.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ