lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3a166c090604191435v8831408i3cb2b9825acd1d29@mail.gmail.com>
Date: Wed Apr 19 22:35:29 2006
From: n3td3v at gmail.com (n3td3v)
Subject: selling ms office bug

On 4/19/06, ad@...poverflow.com <ad@...poverflow.com> wrote:
> forgot to mention so the format of the file is popular , in security at
> least a lot ;>
>
> ad@...poverflow.com wrote:
> > auction is up for whitehat industry only, proof required, you open a
> > file, the shellcode runs, included are some explanations and the poc
> > exploit.
> > You are welcome to message me to my email or on the forum for much
> > informations.
> >
> > Arnaud Dovi

Robert Lemos and Joris Evers are getting moist. Maybe theres security
news in April afterall. Matthew Murphy should enjoy the media
spotlight, while it lasts. This is perfect media bait. They can write
about the auction and link to it and talk about how acceptable it is
for researchers to sell xploits. Also, how easy is it to phish someone
who has asked for "whitehats with proof". I know many infos about
Yahoo that only people within Yahoo would usually know, and its not
hard to spoof mail headers, and i'm sure theres others like me who
could easily pose as "whitehat within big dot com"? Anyway, good luck
with the sale, most whitehats would slam you for selling an xploit,
than ask to buy it, but yeah, expect all sorts of social engineering
in your inbox from blackhat hopefuls. Maybe you can list the most
convincing after the sale. "The world's most convincing phishing and
social engineering attempts 2006" or something.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ