Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: selling ms office bug
From: n3td3v <n3td3v () gmail com>
Date: Wed, 19 Apr 2006 22:35:20 +0100

On 4/19/06, ad () heapoverflow com <ad () heapoverflow com> wrote:
forgot to mention so the format of the file is popular , in security at
least a lot ;>

ad () heapoverflow com wrote:
auction is up for whitehat industry only, proof required, you open a
file, the shellcode runs, included are some explanations and the poc
exploit.
You are welcome to message me to my email or on the forum for much
informations.

Arnaud Dovi

Robert Lemos and Joris Evers are getting moist. Maybe theres security
news in April afterall. Matthew Murphy should enjoy the media
spotlight, while it lasts. This is perfect media bait. They can write
about the auction and link to it and talk about how acceptable it is
for researchers to sell xploits. Also, how easy is it to phish someone
who has asked for "whitehats with proof". I know many infos about
Yahoo that only people within Yahoo would usually know, and its not
hard to spoof mail headers, and i'm sure theres others like me who
could easily pose as "whitehat within big dot com"? Anyway, good luck
with the sale, most whitehats would slam you for selling an xploit,
than ask to buy it, but yeah, expect all sorts of social engineering
in your inbox from blackhat hopefuls. Maybe you can list the most
convincing after the sale. "The world's most convincing phishing and
social engineering attempts 2006" or something.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]