| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060507180858.05431DA82A@mailserver8.hushmail.com> Date: Sun May 7 19:09:29 2006 From: 0x80 at hush.ai (0x80@...h.ai) Subject: IE7 Zero Day >Have you e-mailed secure@...rosoft.com and asked them if they want >to >make an offer? I know they've done private deals with security >researchers in the past, and trust me, they were offered a lot >more No I have not emailed Microsoft. They are not entitled to any exlusivity. >illegal auction. I think its in your best interest to e-mail >secure@...rosoft.com. Illegal? Tell me what law in what country I have broken. > >1) You don't want to make as much money as you could by offering >Microsoft to buy your vulnerability in private. Like I said. MS can offer just like anyone else but they do not get any special treatment. >2) You want to be held responsible for selling an exploit which >leads >to a major incident, worm, virus outrage. The vulnerabilities I have for sale could be used in such a way but I am in no way responsible for what the purhcaser uses it for. Are bullet manufacturers responsible when someone shoots someone else? >3) Microsoft just contact the FBI and get your actual home address >from your e-mail server logs because you didn't initially offer >Microsoft to buy the exploit, and you end up getting arrested. Again. What law have I broken here? Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485
Powered by blists - more mailing lists