On 4/19/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > forgot to mention so the format of the file is popular , in security at > least a lot ;> > > [EMAIL PROTECTED] wrote: > > auction is up for whitehat industry only, proof required, you open a > > file, the shellcode runs, included are some explanations and the poc > > exploit. > > You are welcome to message me to my email or on the forum for much > > informations. > > > > Arnaud Dovi
Robert Lemos and Joris Evers are getting moist. Maybe theres security news in April afterall. Matthew Murphy should enjoy the media spotlight, while it lasts. This is perfect media bait. They can write about the auction and link to it and talk about how acceptable it is for researchers to sell xploits. Also, how easy is it to phish someone who has asked for "whitehats with proof". I know many infos about Yahoo that only people within Yahoo would usually know, and its not hard to spoof mail headers, and i'm sure theres others like me who could easily pose as "whitehat within big dot com"? Anyway, good luck with the sale, most whitehats would slam you for selling an xploit, than ask to buy it, but yeah, expect all sorts of social engineering in your inbox from blackhat hopefuls. Maybe you can list the most convincing after the sale. "The world's most convincing phishing and social engineering attempts 2006" or something. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
