mailing list archives
RE: Trend Micro's Vista "0day exploit auction" claim
From: "Roger A. Grimes" <roger () banneretcs com>
Date: Tue, 19 Dec 2006 21:55:44 -0500
I can't verify it. But $50K for an exploit against an OS that will not
be widely deployed for many months seems to be excessive. Who in their
right mind would want to pay $50K to exploit 10 machines before the
exploit is captured, sent to MS, and patched, all before the general
population really starts running it.
It doesn't pass the commonsense test to me. A zero day on XP Pro would
be oh, so much more valuable.
From: Ryan Meyer [mailto:lists () youthinkitweprintit com]
Sent: Tuesday, December 19, 2006 1:59 PM
To: bugtraq () securityfocus com; pen-test () securityfocus com
Subject: Trend Micro's Vista "0day exploit auction" claim
A number of popular tech news sources are reporting Trend Micro's CTO,
Raimund Genes, publicly claiming that there are "auctions" for zero-day
Windows Vista exploits. Further, he claims these auctions are fetching
Could anyone verify Trend Micro's claim?
It seems dubious, at best, to me and possibly nothing more than pure
Sorry to get off topic.