lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu, 29 May 2014 17:00:30 -0400
From: Scott Arciszewski <scott@...iszewski.me>
To: "Brian M. Waters" <brian@...anmwaters.net>, fulldisclosure@...lists.org
Subject: Re: [FD] What do you think of Trollc?

"Ethical" is always a matter of perspective. "Legal" and "effective" are
the relevant points of contention.


On Wed, May 28, 2014 at 10:29 PM, Brian M. Waters <brian@...anmwaters.net>
wrote:

> So far the thread of discussion here has focused on whether or not
> Weev's plan would /actually work/. But lets take a step back.
>
> If I understand it, the plan is to facilitate "ethical vulnerability
> disclosure" by
> 1) Finding security vulnerabilities in live sites
> 2) Disclosing them to the public before notifying the site operators
> 3) Thereby causing the stock price to drop
>  and
> 4) Making money by short-selling on knowledge only the developer has
>
> I could distill that to layman's terms:
> "Hurting someone else and making money at their expense."
>
> So, how is that ethical, again? Did I miss something?
>
> BW
>
>
> On Tue, 27 May 2014 20:49:45 +0200
> Philip Cheong <isctsf@...il.com> wrote:
> > From https://www.startjoin.com/trollc
> >
> > *Right now if you're a software exploit developer and you want to
> > monetize your craft to pay your rent, there's only one consistent way
> > to do so: sell your software exploits. The major customer for these
> > are oppressive governments, chiefly that of the United States. We
> > know what the United States does with software exploits: it uses them
> > to illegally spy on its own citizens, and attack peaceful nations
> > around the world.*
> >
> > *I need your help to create a company that will ethically disclose
> > software vulnerabilities to the public. For this I need help getting
> > the filing fees necessary to incorporate a hedge fund. I want to
> > continue bringing issues in companies that put you at risk to light,
> > and short the stocks of those companies when I do so. I will only get
> > paid when large corporations being negligent get punished. This will
> > create a structure by which security researchers including myself
> > will still make a living, only now by disclosing problems instead of
> > selling them in secret to criminal governments.*
> >
> > What say you? Is this brilliant? Or stupid? Awesome? But never going
> > to work?
> >
> > _______________________________________________
> > Sent through the Full Disclosure mailing list
> > http://nmap.org/mailman/listinfo/fulldisclosure
> > Web Archives & RSS: http://seclists.org/fulldisclosure/
>
>
> --
> Brian M. Waters
> Burlington, Vermont, USA
> +1 (908) 380-8214
> brian@...anmwaters.net
> https://brianmwaters.net/
>
>
> _______________________________________________
> Sent through the Full Disclosure mailing list
> http://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/
>

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ