| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Dec 2006 21:55:44 -0500 From: "Roger A. Grimes" <roger@...neretcs.com> To: "Ryan Meyer" <lists@...thinkitweprintit.com>, <bugtraq@...urityfocus.com>, <pen-test@...urityfocus.com> Subject: RE: Trend Micro's Vista "0day exploit auction" claim I can't verify it. But $50K for an exploit against an OS that will not be widely deployed for many months seems to be excessive. Who in their right mind would want to pay $50K to exploit 10 machines before the exploit is captured, sent to MS, and patched, all before the general population really starts running it. It doesn't pass the commonsense test to me. A zero day on XP Pro would be oh, so much more valuable. -----Original Message----- From: Ryan Meyer [mailto:lists@...thinkitweprintit.com] Sent: Tuesday, December 19, 2006 1:59 PM To: bugtraq@...urityfocus.com; pen-test@...urityfocus.com Subject: Trend Micro's Vista "0day exploit auction" claim A number of popular tech news sources are reporting Trend Micro's CTO, Raimund Genes, publicly claiming that there are "auctions" for zero-day Windows Vista exploits. Further, he claims these auctions are fetching approx $50,000. Could anyone verify Trend Micro's claim? It seems dubious, at best, to me and possibly nothing more than pure FUD. Sorry to get off topic. Ryan Meyer
Powered by blists - more mailing lists