[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <45AD302E.8080103@thievco.com>
Date: Tue, 16 Jan 2007 12:06:06 -0800
From: Blue Boar <BlueBoar@...evco.com>
To: Simon Smith <simon@...soft.com>
Cc: Untitled <full-disclosure@...ts.grok.org.uk>, bugtraq@...urityfocus.com
Subject: Re: iDefense Q-1 2007 Challenge
Simon Smith wrote:
> Blue Boar,
> Simply put, and with all due respect, you're wrong.
About? I see basically two assertions in my note; 1) that I would sell
to iDefense or TippingPoint. Surely you're not going to tell me what I
would do? And 2) That iDefense isn't doing the same thing that Blackhats
are. Is the latter one the one you disagree with?
> Furthermore I don't
> appreciate you directly or indirectly suggesting that these exploits are
> being sold on the black market, that will never happen on my watch, ever!
If you look carefully, you'll see I was replying to Kevin, who did make
a comparison to selling to blackhats. I hadn't even seen your note at
the point, and I wasn't replying to you, and I didn't quote anything you
wrote.
So I assume you think I was saying that your company is selling to
blackhats. I wouldn't think you were. Certainly you don't mean to claim
that, in general, the entire market never sells to blackhats, nor that
you have any control over what others do.
> More importantly, the company that I am working with is no different
> than iDefense. In fact, they both sell their exploits and harvested research
> to the same people. The only real difference is in the amount of money that
> the researcher realizes when the transactions are complete. This difference
> is a direct result of low corporate overhead.
>
> Lastly, all transactions require that the researcher engage the company
> that I work with in a tight contract. This contract ensures that both
> parties are legitimate and also protects both parties. They don't do that on
> the black market do they?
So, is the problem that I didn't realize you guys also bought vulns, and
that you pay more? No, I had no idea that you did. I guess some better
marketing is in order. The quarterly challenge thing is pretty good for
publicity, maybe you guys should do one of those.
BB
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists