| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAOJKFBC2tyV3FWcosEUMDVr8UmFkdN=iS8Q=hvL6Dnzc6s=gRA@mail.gmail.com> Date: Tue, 27 May 2014 14:37:54 -0500 From: Brandon Perry <bperry.volatile@...il.com> To: noloader@...il.com Cc: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org> Subject: Re: [FD] What do you think of Trollc? Not only that, but let's extrapolate from some recentish events. Healthcare.gov was touted as being full of security issues. However, everyone knows that in order to prove this, you needed to break the law to begin with. Politicians knew this, which was why the hearings were so entertaining. If weev did this, he could yell all day about supposed vulnerabilities, but as soon as he provided proof that something was exploitable, the company would turn around and sue him under CFAA. On Tue, May 27, 2014 at 2:32 PM, Jeffrey Walton <noloader@...il.com> wrote: > On Tue, May 27, 2014 at 3:04 PM, Brandon Perry > <bperry.volatile@...il.com> wrote: > > Not even sure when the last vulnerability that caused any fluctuation in > > the stock markets was. > +!. I'm not sure it ever hurt Sony, and they've had over 40 documented > problems [0, 1, 2, et al]. Some of them were very serious from a data > security perspective. > > Jeff > > [0] http://attrition.org/security/rant/sony_aka_sownage.html > [1] > http://www.reuters.com/article/2011/04/26/us-sony-stoldendata-idUSTRE73P6WB20110426 > [2] http://beta.slashdot.org/story/176757 > > > On Tue, May 27, 2014 at 1:49 PM, Philip Cheong <isctsf@...il.com> wrote: > > > >> From https://www.startjoin.com/trollc > >> > >> *Right now if you're a software exploit developer and you want to > monetize > >> your craft to pay your rent, there's only one consistent way to do so: > sell > >> your software exploits. The major customer for these are oppressive > >> governments, chiefly that of the United States. We know what the United > >> States does with software exploits: it uses them to illegally spy on its > >> own citizens, and attack peaceful nations around the world.* > >> > >> *I need your help to create a company that will ethically disclose > software > >> vulnerabilities to the public. For this I need help getting the filing > fees > >> necessary to incorporate a hedge fund. I want to continue bringing > issues > >> in companies that put you at risk to light, and short the stocks of > those > >> companies when I do so. I will only get paid when large corporations > being > >> negligent get punished. This will create a structure by which security > >> researchers including myself will still make a living, only now by > >> disclosing problems instead of selling them in secret to criminal > >> governments.* > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists