| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 3 Nov 2008 22:45:54 +0000 From: "Email Cash" <and.email.cash@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Fwd: 0day auctions, should they be outlawed? I think that ZDI/TippingPoint and the other legit private outfits have been doing a pretty decent job so far. Why bring the law into it? On Mon, Nov 3, 2008 at 7:29 PM, william@...kovics.net <william@...kovics.net> wrote: > There should be a FD listing fee for the 0day so the list can garner a > commission from the sale. > > Absolutely no increase in government should be directed toward 0day sale > prevention or enforcement. > The answer to these things rarely should incude the words 'government', > 'task' and 'force'. > > > ________________________________ > From: "n3td3v" <xploitable@...il.com> > Sent: Monday, November 03, 2008 11:00 AM > To: full-disclosure@...ts.grok.org.uk > Subject: Re: [Full-disclosure] Fwd: 0day auctions, should they be outlawed? > > On Mon, Nov 3, 2008 at 6:49 PM, Marc Balmer wrote: >> * n3td3v wrote: >>> ---------- Forwarded message ---------- >>> From: n3td3v >>> Date: Mon, Nov 3, 2008 at 1:15 PM >>> Subject: 0day auctions, should they be outlawed? >>> To: n3td3v >>> >>> >>> i'll be lobbying soon to outlaw 0day auctions, this means the banning >>> of 0day sales on the internet. i've noticed an increased level in 0day >>> sales lately on mailing lists, and web sites... i think this should be >>> against the law. let me know what your opinions are on this, so i can >>> form what im going to say when i lobby people about it. cheers. >> >> wrong approach. there should be a law that the state has to buy >> all 0days and publish them here on undisclosure. that would be >> good use of tax money... ;) >> > > the latest guy put up an alias that says "anti security" and i guess > demanded money to make the 0day be known, and then there is still no > guarantee that the affected vendor or the government is going to get > wind of the exploit. that means, there is going to need to be a > government task force in place to infiltrate these sales, to make sure > the good guys are getting the info before blackhat elements. is there > already a government strike force in place to buy these "0day offers"? > or are the government sitting on their hand as per usual? im becoming > increasingly frustrated about what is going on. cheers. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists