 
Dailydave mailing list archives
RE: RE: funny comments from Hack IIS6 contest admin
From: "Roger A. Grimes" <roger () banneretcs com>
Date: Sat, 14 May 2005 21:31:21 -0400
I've heard of both of you. Dave, I've used your software many times before. Sorry if I wasn't in awe enough for your egos. An invitation to hack a box located at www.hackiis6.com with web pages full of "hack me" text certainly doesn't need a signed authorization...it's explicit already. So as you both are making sport of me, tell me how my statement is false? First, there haven't been many 0-day exploits against W2K3 and IIS 6 (if any), and not that many against Windows products at all since 2000 was released. Dave, how many hackers and exploit writers do you know that are motivated to write exploits by large sums of money? They want money for sure...but most discover and release the exploits for free. Another large category of exploits are released to give free publicity to security companies (like yours). Yeah, there are professional black hats that do work for large sums of money, but they are not likely to be running their mouth on a mail list about the cheap prize given on a hack contest page hosted for fun. Even when companies do offer money for finding bugs, as some have done over the last year, it doesn't result in a ton of exploits found and released. Money isn't a prime motivator in any hack. Hell, the real money is made in run old exploits (like spambots and adware crap). Roger -----Original Message----- From: Dave Aitel [mailto:dave () immunitysec com] Sent: Saturday, May 14, 2005 8:09 PM To: Roger A. Grimes Cc: Anthony Zboralski; dailydave Subject: Re: [Dailydave] RE: funny comments from Hack IIS6 contest admin Interesting how Roger assumes that any professional penetration tester would hack a random machine on the Internet without a signed Hold Harmless. I also think it's funny how he insults Anthony here, implying that he's never heard of him, which says a lot more about Roger than it does about Anthony. :> I assume anyone who wanted to break into the box would be hacking from 68.106.158.136? Just for the record, I'll give people 2 XBoxes if they send me working IIS6 0day. :> I talk about IIS6 a little in this recent interview-thing. http://www.security-forums.com/forum/viewtopic.php?t=29695&highlight= Lots of SPIKE features got implemented during my review of IIS6. Almost all of those are in the public release. -dave Roger A. Grimes wrote:
I assure you that the hackers that are capable of hacking this box are motivated for far less money, if any. Take Dave at Immunity. He makes
more money than the average hacker, but I assure you that he makes far less than $250K on each hack he discovers. (Tell me if I'm wrong, Dave). Professional hackers may make more than $250K, but what motivated them initially was far less money, if any. The best hackers in the world that released the most devastating exploits, did it for free...not money. It was either to improve the product or for the "glory" in the community. Consistent hackers...the best...want more money...but what motivated them initially was far less. Would more money motivate more people? Yes, of course. But Anthony, people like you wouldn't be able to hack it regardless of the award. In fact, Anthony, I'll personally give you, and you alone, $2000 reward
of my own money, if you hack it (by yourself without any external help)
by midnight tonight. Go! If fact, tell me the IP address you're hacking from (so I can track you) and send one original hack that might possibly be successful...I doubt you can even do that. It won't get you any award, but at least I
won't see you as the poser you so obviously are. Or are you already calling your more knowledgable friends for help or deciding on what witty response to send why you don't hack my box? Roger A. Grimes admin () hackiis6 com
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- funny comments from Hack IIS6 contest admin Anthony Zboralski (May 13)
- Re: funny comments from Hack IIS6 contest admin Steve Lord (May 13)
- Re: funny comments from Hack IIS6 contest admin Allan Liska (May 14)
 - <Possible follow-ups>
- RE: funny comments from Hack IIS6 contest admin Roger A. Grimes (May 14)
- RE: funny comments from Hack IIS6 contest admin Roger A. Grimes (May 14)
- Re: funny comments from Hack IIS6 contest admin Anthony Zboralski (May 14)
- Re: RE: funny comments from Hack IIS6 contest admin Dave Aitel (May 14)
 
- RE: RE: funny comments from Hack IIS6 contest admin Roger A. Grimes (May 14)
- Re: RE: funny comments from Hack IIS6 contest admin Bas Alberts (May 14)
- Re: RE: funny comments from Hack IIS6 contest admin Steve Lord (May 15)
- RE: RE: funny comments from Hack IIS6 contest admin I)ruid (May 17)
 
- RE: funny comments from Hack IIS6 contest admin Roger A. Grimes (May 14)
- RE: RE: funny comments from Hack IIS6 contest admin Roger A. Grimes (May 15)
- Re: RE: funny comments from Hack IIS6 contest admin Holden Williamson (May 15)
 
- RE: RE: funny comments from Hack IIS6 contest admin Roger A. Grimes (May 17)
- Re: RE: funny comments from Hack IIS6 contest admin H D Moore (May 17)
- Re: funny comments from Hack IIS6 contest admin Holden Williamson (May 18)
- Re: Re: funny comments from Hack IIS6 contest admin H D Moore (May 18)
 
 
- Re: RE: funny comments from Hack IIS6 contest admin H D Moore (May 17)
 


