Announcement

Collapse
No announcement yet.

Putting new vulnerabilities up for acution?

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Putting new vulnerabilities up for acution?

    Story: Auction site for new vulnerabilities:
    Thoughts on the concept?
    Tags: None
  • #2
    Re: Putting new vulnerabilities up for acution?

    This is a old idea.. I remember having a talk with someone about 4 years ago who was ready to roll out 'ZeroBay.com' and then thought better of it.

    Now it is a different environment.. It might be hard to verify the exploits, but with enough people and equipment you could do just that and act as a trusted third party.
    PGP Key: https://defcon.org/html/links/dtangent.html

    Comment

    • #3
      Re: Putting new vulnerabilities up for acution?

      Originally posted by Dark Tangent View Post
      This is a old idea.. I remember having a talk with someone about 4 years ago who was ready to roll out 'ZeroBay.com' and then thought better of it.

      Now it is a different environment.. It might be hard to verify the exploits, but with enough people and equipment you could do just that and act as a trusted third party.
      I agree but I don't see what is in it for the guys doing the validation other than they have free access to the 0-day's put up for sale.
      DaKahuna
      ___________________
      Will Hack for Bandwidth

      Comment

      • #4
        Re: Putting new vulnerabilities up for acution?

        I'm still old school in my thinking I guess when I say that I'll always follow full disclosure and release everything for free to the community at large.

        The financial incentive might be there but the moral imperative trumps that (in me anyways, but I'm probably just weird)
        Never drink anything larger than your head!





        Comment

        • #5
          Re: Putting new vulnerabilities up for acution?

          Originally posted by DaKahuna View Post
          I agree but I don't see what is in it for the guys doing the validation other than they have free access to the 0-day's put up for sale.
          Nowhere on the site does it mention how much the house makes for being the intermediary for these auctions, but there is an extremely telling statement is from the WSLabi Services page...

          WSLabi is also a full service provider of security intelligence to corporations, governments and international organizations.

          Its hard to auction exploits as exclusive if the DSD and NSA/CSS have seen them first.
          Nonnumquam cupido magnas partes Interretis vincendi me corripit

          Comment

          • #6
            Re: Putting new vulnerabilities up for acution?

            Originally posted by erehwon View Post
            WSLabi is also a full service provider of security intelligence to corporations, governments and international organizations.[/SIZE][/B]

            Its hard to auction exploits as exclusive if the DSD and NSA/CSS have seen them first.
            Exactly - how better to market your security services than to have a stead supply of 0-day's.

            I am with Render though - full and open disclosure is the morally ethically thing to do.
            DaKahuna
            ___________________
            Will Hack for Bandwidth

            Comment

            • #7
              Re: Putting new vulnerabilities up for acution?

              Sadly, if there is a way to make a dollar, someone will exploit it...regardless of morality. I think I made this exact statement a few weeks ago in regards to something else.
              "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

              Comment

              Previous template Next
              Working...
              X