lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 27 May 2014 14:37:54 -0500
From: Brandon Perry <bperry.volatile@...il.com>
To: noloader@...il.com
Cc: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org>
Subject: Re: [FD] What do you think of Trollc?

Not only that, but let's extrapolate from some recentish events.

Healthcare.gov was touted as being full of security issues. However,
everyone knows that in order to prove this, you needed to break the law to
begin with. Politicians knew this, which was why the hearings were so
entertaining.

If weev did this, he could yell all day about supposed vulnerabilities, but
as soon as he provided proof that something was exploitable, the company
would turn around and sue him under CFAA.


On Tue, May 27, 2014 at 2:32 PM, Jeffrey Walton <noloader@...il.com> wrote:

> On Tue, May 27, 2014 at 3:04 PM, Brandon Perry
> <bperry.volatile@...il.com> wrote:
> > Not even sure when the last vulnerability that caused any fluctuation in
> > the stock markets was.
> +!. I'm not sure it ever hurt Sony, and they've had over 40 documented
> problems [0, 1, 2, et al]. Some of them were very serious from a data
> security perspective.
>
> Jeff
>
> [0] http://attrition.org/security/rant/sony_aka_sownage.html
> [1]
> http://www.reuters.com/article/2011/04/26/us-sony-stoldendata-idUSTRE73P6WB20110426
> [2] http://beta.slashdot.org/story/176757
>
> > On Tue, May 27, 2014 at 1:49 PM, Philip Cheong <isctsf@...il.com> wrote:
> >
> >> From https://www.startjoin.com/trollc
> >>
> >> *Right now if you're a software exploit developer and you want to
> monetize
> >> your craft to pay your rent, there's only one consistent way to do so:
> sell
> >> your software exploits. The major customer for these are oppressive
> >> governments, chiefly that of the United States. We know what the United
> >> States does with software exploits: it uses them to illegally spy on its
> >> own citizens, and attack peaceful nations around the world.*
> >>
> >> *I need your help to create a company that will ethically disclose
> software
> >> vulnerabilities to the public. For this I need help getting the filing
> fees
> >> necessary to incorporate a hedge fund. I want to continue bringing
> issues
> >> in companies that put you at risk to light, and short the stocks of
> those
> >> companies when I do so. I will only get paid when large corporations
> being
> >> negligent get punished. This will create a structure by which security
> >> researchers including myself will still make a living, only now by
> >> disclosing problems instead of selling them in secret to criminal
> >> governments.*
>



-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ