[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3a166c090604191435v8831408i3cb2b9825acd1d29@mail.gmail.com>
Date: Wed Apr 19 22:35:29 2006
From: n3td3v at gmail.com (n3td3v)
Subject: selling ms office bug
On 4/19/06, ad@...poverflow.com <ad@...poverflow.com> wrote:
> forgot to mention so the format of the file is popular , in security at
> least a lot ;>
>
> ad@...poverflow.com wrote:
> > auction is up for whitehat industry only, proof required, you open a
> > file, the shellcode runs, included are some explanations and the poc
> > exploit.
> > You are welcome to message me to my email or on the forum for much
> > informations.
> >
> > Arnaud Dovi
Robert Lemos and Joris Evers are getting moist. Maybe theres security
news in April afterall. Matthew Murphy should enjoy the media
spotlight, while it lasts. This is perfect media bait. They can write
about the auction and link to it and talk about how acceptable it is
for researchers to sell xploits. Also, how easy is it to phish someone
who has asked for "whitehats with proof". I know many infos about
Yahoo that only people within Yahoo would usually know, and its not
hard to spoof mail headers, and i'm sure theres others like me who
could easily pose as "whitehat within big dot com"? Anyway, good luck
with the sale, most whitehats would slam you for selling an xploit,
than ask to buy it, but yeah, expect all sorts of social engineering
in your inbox from blackhat hopefuls. Maybe you can list the most
convincing after the sale. "The world's most convincing phishing and
social engineering attempts 2006" or something.
Powered by blists - more mailing lists