lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 18 Jan 2007 16:57:48 -0500
From: Simon Smith <simon@...soft.com>
To: Tim Newsham <newsham@...a.net>
Cc: Untitled <full-disclosure@...ts.grok.org.uk>, bugtraq@...urityfocus.com,
	Blue Boar <BlueBoar@...evco.com>
Subject: Re: [_SUSPEKT] - Re: iDefense Q-1 2007 Challenge
 - Bayesian Filter detected spam

Tim, 
   The name of the business that will be maintaining the Exploit Acquisition
Program is Netragard, L.L.C. You can see their web site at
http://www.netragard.com. We were not sure if this idea was going to gain
any traction at first so we kept the name quiet while we tested the waters.
Having said that, anyone could figure out what company it was by doing a bit
of research. ;)  


On 1/17/07 1:33 PM, "Tim Newsham" <newsham@...a.net> wrote:

>>    More importantly, the company that I am working with is no different
>> than iDefense. In fact, they both sell their exploits and harvested research
>> to the same people. The only real difference is in the amount of money that
>> the researcher realizes when the transactions are complete. This difference
>> is a direct result of low corporate overhead.
> [...]
>> IDefense is reselling these exploits to the same third parties as the
>> business that I work for, or at least I assume that they are. Both
> iDefense
>> and our buyers use the exact same list of software targets.
> 
> Is there a reason you are withholding the name of the company you work
> with?  Inquiring minds want to know.  We all know about iDefense.
> (The added secrecy makes one suspicious...)
> 
>>    Lastly, all transactions require that the researcher engage the company
>> that I work with in a tight contract. This contract ensures that both
>> parties are legitimate and also protects both parties. They don't do that on
>> the black market do they?
> 
> Surely someone who was going to break one law would have no qualms
> about breaking another (ie. contract law)...
> 
> Tim Newsham
> http://www.thenewsh.com/~newsham/
> 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ