lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <43a365c5$17e8ef99$d9ff1b0$@com>
Date: Mon, 3 Nov 2008 12:29:47 -0700
From: "william@...kovics.net" <william@...kovics.net>
To: <full-disclosure@...ts.grok.org.uk>
Subject: Re: Fwd: 0day auctions, should they be outlawed?

There should be a FD listing fee for the 0day so the list can garner a 
commission from the sale.

Absolutely no increase in government should be directed toward 0day sale 
prevention or enforcement.
The answer to these things rarely should incude the words 'government', 
'task' and 'force'.

----------------------------------------

From: "n3td3v" <xploitable@...il.com>
Sent: Monday, November 03, 2008 11:00 AM
To: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] Fwd: 0day auctions, should they be outlawed? 


On Mon, Nov 3, 2008 at 6:49 PM, Marc Balmer wrote:
> * n3td3v wrote:
>> ---------- Forwarded message ----------
>> From: n3td3v 
>> Date: Mon, Nov 3, 2008 at 1:15 PM
>> Subject: 0day auctions, should they be outlawed?
>> To: n3td3v 
>>
>>
>> i'll be lobbying soon to outlaw 0day auctions, this means the banning
>> of 0day sales on the internet. i've noticed an increased level in 0day
>> sales lately on mailing lists, and web sites... i think this should be
>> against the law. let me know what your opinions are on this, so i can
>> form what im going to say when i lobby people about it. cheers.
>
> wrong approach. there should be a law that the state has to buy
> all 0days and publish them here on undisclosure. that would be
> good use of tax money... ;)
>

the latest guy put up an alias that says "anti security" and i guess
demanded money to make the 0day be known, and then there is still no
guarantee that the affected vendor or the government is going to get
wind of the exploit. that means, there is going to need to be a
government task force in place to infiltrate these sales, to make sure
the good guys are getting the info before blackhat elements. is there
already a government strike force in place to buy these "0day offers"?
or are the government sitting on their hand as per usual? im becoming
increasingly frustrated about what is going on. cheers.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

 

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ