lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <3af3d47c1002110830h50e5dd97x78cfa0c400c75c7b@mail.gmail.com>
Date: Thu, 11 Feb 2010 17:30:32 +0100
From: Christian Sciberras <uuf6429@...il.com>
To: Rosa Maria Gonzalez Pereira <analuis13@...mail.com>
Cc: pen-test@...urityfocus.com, craig.wright@...ormation-defense.com,
	full-disclosure@...ts.grok.org.uk, security-basics@...urityfocus.com
Subject: Re: SMS Banking

Yahoo Babelfish: Good because they do not pay to me in one go,
acceptance 50,000.00
Google Translate: Well because I pay my once, I agree 50,000.00
Average translation: Rosa Maria Gonzalez Pereira, will donate 50,000
eur to everyone in this list.

Where's my money? :D

On Thu, Feb 11, 2010 at 5:19 PM, Rosa Maria Gonzalez Pereira
<analuis13@...mail.com> wrote:
>
>
>
> Bueno porque no me pagan a mi de una vez, acepto 50,000.00
>
>
>
> ________________________________
> From: Thor@...merofgod.com
> To: craig.wright@...ormation-Defense.com; Valdis.Kletnieks@...edu
> Date: Wed, 10 Feb 2010 19:56:40 +0000
> CC: full-disclosure@...ts.grok.org.uk; pen-test@...urityfocus.com;
> security-basics@...urityfocus.com
> Subject: Re: [Full-disclosure] SMS Banking
>
> *ME* stop trying to weasel?  Wow.  At least you’ll have a shot at comedy
> when this is over.
>
>
>
> Answer my questions, “Dr.”  as posted.  Include the system YOU said YOU
> would set up.  Include that if it gets breached ANY WAY I WANT within 6
> months that you will pay me $100,000.
>
>
>
> Is that simple enough for you?  Is there any part of that that one can deem
> as “weaseling?”   Product the freaking contract already and stop wasting our
> time.
>
>
>
> t
>
>
>
> From: Craig S. Wright [mailto:craig.wright@...ormation-Defense.com]
> Sent: Wednesday, February 10, 2010 11:51 AM
> To: Thor (Hammer of God); Valdis.Kletnieks@...edu
> Cc: pen-test@...urityfocus.com; 'full-disclosure';
> security-basics@...urityfocus.com
> Subject: RE: [Full-disclosure] SMS Banking
>
>
>
> Tim,
>
> You stated “You are officially “on.” “ to my challenge.
>
>
>
> I am arranging a contract. An attorney has been arranged for both the
> contract and the escrow.  This will take a number of days.
>
>
>
> The amount has upped and there are a couple other aspects, but the initial
> framework holds. Stop trying to weasel.
>
>
>
> Regards,
>
> ...
>
> Dr. Craig S Wright GSE-Malware, GSE-Compliance, LLM, & ...
>
> Information Defense Pty Ltd
>
>
>
>
>
> From: Thor (Hammer of God) [mailto:Thor@...merofgod.com]
> Sent: Wednesday, 10 February 2010 3:59 PM
> To: craig.wright@...ormation-Defense.com; Valdis.Kletnieks@...edu
> Cc: pen-test@...urityfocus.com; 'full-disclosure';
> security-basics@...urityfocus.com
> Subject: RE: [Full-disclosure] SMS Banking
>
>
>
> Now you’re talking.  But first let’s work up an actual contract.  Neither of
> your components define anything.  When you say that you are going to predict
> “risk” with your  magic formula, do you mean if the software has
> vulnerabilities?   That it can be hacked, or will be hacked?
>
>
>
> Be sure to define this properly and definitively – if you end up saying that
> a system has a 1% change of being hacked, and I (or my auditors) hack it,
> would you claim you were “right”?  I question if you can even define the
> parameters of this bet, much less apply your formulas, but we’ll see.
>
>
>
> I also want to know what “scale” you plan to use.  So far, even though I’ve
> asked, you’ve not provided what the “answer” to your formula is, or how it
> will be applied.   I’m assuming, unless you are going to change your tune
> which I wouldn’t doubt, that you won’t look at the software code or threat
> models, but rather apply your formulas.  I further assume that the “loser”
> will be financially responsible for the “audits” done my way.
>
>
>
> I’m more than happy to take your money, and I look forward to doing so.
>   Since one of your masters degrees is in law, I’m assuming you can clearly
> define the terms of the contract.    I will, of course, insist upon a
> contract, and I hope you won’t mind that I have my own attorney look it
> over.    I’m not immediately trusting of the competence of one with a
> doctorate degree and multiple masters degrees who can’t spell “technology”
> or “experience” correctly on his on-line CV.
>
>
>
> You are officially “on.”  And I’m looking forward to it.
>
>
>
> t
>
>
>
>
>
>
>
> From: Craig S. Wright [mailto:craig.wright@...ormation-Defense.com]
> Sent: Tuesday, February 09, 2010 7:41 PM
> To: Valdis.Kletnieks@...edu; Thor (Hammer of God)
> Cc: pen-test@...urityfocus.com; 'full-disclosure';
> security-basics@...urityfocus.com
> Subject: RE: [Full-disclosure] SMS Banking
>
>
>
> I have a simple answer to this. Forget the debate, rhetoric is not a
> scientific method of determining truth.
> “Thor” wants a challenge, let’s have one – a real one and not one based on
> verbalisations, abuse and unfounded assertions.
> I suggest two components;
> 1       A selection of software products are tested using both processes,
> that is I use a model for the risk of these products, and “Thor” can make up
> whatever guesses he wishes. We model (or “Thor” guesses, pulls from a
> hat...) the vulnerabilities over a time period. The number of bugs in
> software as well as the risk are to be presented as a monthly estimate.
> 2       We model a few systems (say 50). We can use Honeypots (real systems
> set to log all activity without interference) run by an independent party to
> each of us. I use probabilistic models to calculate the risk. “Thor” does
> whatever he wants.
> Each of the predictions is published by all parties. The one who is most
> accurate wins. Fairly simple?
> I will even give a handicap to “Thor”, I will offer to predict within a 95%
> confidence interval and that for me to win, at least 90 of the 100 software
> products and 45 of the 50 systems have to lie within my predicted range that
> I calculate and release. “Thor” has to simply guess better than I do no
> matter how far out he is.
> I will put up $10,000 Au for my side. Let’s see if “Thor” has something real
> to offer.
> Regards,
> ...
> Dr. Craig S Wright GSE-Malware, GSE-Compliance, LLM, & ...
> Information Defense Pty Ltd
>
>
> ________________________________
> Discover the new Windows Vista Learn more!
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ