lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 9 Jul 2007 22:05:48 +0200
From: "Stian Øvrevåge" <sovrevage@...il.com>
To: joey.mengele@...hmail.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: An Auction Site for Vulnerabilities

>>From their FAQ (http://www.wslabi.com/wabisabilabi/faq.do?):
"Q: Can everybody purchase vulnerabilities from the market place?
A: No, all purchasers will be carefully evaluated before granting them
access to the market platform to minimize the risk of selling the
right stuff to the wrong people."

I am very curious as to how they are going to enforce this

We have just recently seen what was possibly the start of an era of
cyber-war between nations (yes, the Estonia case, but we might never
know for sure).
How will WSLabi decide who is right and who is wrong? It is without a
doubt that many nations are building up considerable CNO-resources,
and unpublished vulns. might certainly prove a lethal arsenal.
I have no doubt that the players on the international arena will
sabotage their enemies and/or opponents in their pursuit of security,
freedom, power or whatever. And it might have dire consequences for
innocent civilians...

What I'm saying is: Don't try to be so fancy about the whole ethical
and moral thing when we all know it won't work (this time either).

-- 
Stian Øvrevåge

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists