Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: xp sp3 remote bof [from FD digest 76:33]

From: Ray Jertop <seclists () aussievapers com>
Date: Sat, 18 Jun 2011 00:45:19 +1000
Hi,

I would think that the behaviour is slightly odd.

His first communication started out giving the impression that his intention was to responsibly disclose the issue
to the affected vendor but that he was simply unaware as to how to do so and would simply like instruction on the 
best method. Overall the tone was that of a responsible disclosure.

After some rather helpful information we now come full circle and its all about the "value" of the exploit, and yes I
understand that exploits are valuable to many for many reasons but in that case you should already know it and 
what kind of purpose such an exploit could have for you.

How about the value in helping the vendor to secure such an exploit? How about the value received from helping 
to close one more malicious avenue that while it may not have a huge and immediate effect helps in its own way?
It seems a character change once money enters the picture is all too quick these days.

Why the need to hide the obvious intent I wonder, worried about the response?

What do I know though. Im new here.

Regards,
Jay Porter

On 17/06/2011, at 11:11 PM, SMiller () unimin com wrote:



elfius <elfius () gmail com> wrote: 

Thanks for the advice guys. I've received quite a few interesting offers from some rather shady sounding people (as 
well as public messages here), and I've begun to realise how much this is worth. So for the time >being anyway I 
think I'll keep it for a rainy day. Cheers again for the input. 

So, evidently your purpose in posting here was to find out how best to market the vuln you identified, not to 
investigate its disclosure. You could have owned up to that in the first place. Do you not feel some slight 
embarrassment in describing others as "shady sounding"?_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: