This is the interim result of a proof of concept for
Google Authentication issues posted in the threads...
1.)
http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/064143.html
(Orkut Server Side Management Error by Susam Pal &
Vipul Agarwal)
2.)
http://lists.grok.org.uk/pipermail/full-dis
On 7/6/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> Note that the Internet as we know it really took off when the pr0n industry
> started using it in a big way. They've always been early adopters of
> new technology...
Wait, so are we waiting for the Internet porn industry to get on board
w
On Fri, 6 Jul 2007, Kevin Finisterre (lists) wrote:
> Do you agree that you are often spoon fed free information by
> individuals that are not paid for providing you a service? Is it so bad
> that some of these nice people would ask for a little compensation here
> and there?
Errr, there is a "su
don't see this idea working.people still prefer idefense as their first choice;)
On 7/8/07, Michal Zalewski <[EMAIL PROTECTED]> wrote:
> On Fri, 6 Jul 2007, Kevin Finisterre (lists) wrote:
>
> > Do you agree that you are often spoon fed free information by
> > individuals that are not paid for pro
Yep. This is nothing new (and nothing noble), there are at least a handful
of web sites that will buy zero days.
Maybe we should start zeBay.
--
[EMAIL PROTECTED]
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure
Dave Hull wrote:
> Yep. This is nothing new (and nothing noble), there are at least a
> handful of web sites that will buy zero days.
>
> Maybe we should start zeBay.
Because you are noble? Or to start something new?
Bye, Michele Sandrelli
___
Full-Dis
On 7/8/07, ascii <[EMAIL PROTECTED]> wrote:
Dave Hull wrote:
> Yep. This is nothing new (and nothing noble), there are at least a
> handful of web sites that will buy zero days.
>
> Maybe we should start zeBay.
Because you are noble? Or to start something new?
That was a joke. I thought it w
On Sun, 8 Jul 2007, Dave Hull wrote:
> On 7/8/07, ascii <[EMAIL PROTECTED]> wrote:
> >
> > I believe that's more noble than selling them to the highest bidder,
> > but I understand some people have to put food on their families.
I prefer to put food *around* my families,
and let them apply t
On 7/8/07, Dave Hull <[EMAIL PROTECTED]> wrote:
On 7/8/07, ascii <[EMAIL PROTECTED]> wrote:
>
> Dave Hull wrote:
> > Yep. This is nothing new (and nothing noble), there are at least a
> > handful of web sites that will buy zero days.
> >
> > Maybe we should start zeBay.
>
> Because you are noble
Maybe this is just my paranoia speaking... but is the real purpose of
the website to provide a facility to auction 0day, or is it a ruse to
collect them?
-a.
On Sun, 2007-07-08 at 13:39 +0200, Michal Zalewski wrote:
>
> Errr, there is a "subtle" line between publicly disclosing vulnerabilities
On Sun, 8 Jul 2007, wac wrote:
> Is more noble to reward hard to do work that also requires a lot of
> knowledge which sometimes people does even takes time to even say "thank
> you".
Vulnerability research is good. Getting paid for research is good. Holding
vendors accountable is good.
Yet, sec
On 7/8/07, Michal Zalewski <[EMAIL PROTECTED]> wrote:
[..]pretty much stands against *all* the core values of
the hacker culture - a culture to which this field of research owes quite
a bit.
Agreed, but values have changed.. thats why there are terms as white/black
and shades of gray all over
Paul Melson wrote:
> Wait, so are we waiting for the Internet porn industry to get on board
> with the auctioning of exploits? I'm so confused.
You think some part of it is NOT already involved in the exploit market
place?
Regards,
Nick FitzGerald
__
Bad typo:
"shared and relatively rare sequences" should read "shared and relatively
frequent sequences".
By using the sequence index instead of payload it is theoretically possible to
reduce payload size, i.e. compress and in the case of not all packets being
available to an interceptor also so
Yep, now officials have confirmed that they will censor Pirate Bay off
the net. They have already added it to "black list" of "child porn" and
ISP will update their filters to include it in just few days... Then we
wont be able to reach Pirate Bay anymore.
This is what they call free speech & f
Michal,
I completely agree with you about the ethics of selling exploits to the
black-market. However, there needs to be a reasonable alternative to
working for a "thank you" from the vendor. Very knowledgeable people who
spend their valuable time tracking down bugs deserve to be able to make a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sun, 08 Jul 2007 19:27:58 -0600 George Ou
<[EMAIL PROTECTED]> wrote:
>Michal,
>
>I completely agree with you about the ethics of
>selling exploits to the black-market. However,
>there needs to be a reasonable alternative to
>working for a "thank yo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I agree on most of these points.It seems that researchers don't get back
what they put in.
At the same time,you can't expect to get rich off finding exploits,either.
The security industry,as a whole,needs to get on the bandwagon of how
far the enve
Well... I believe that ppl do know vulns, that are not discussed/discovered by
tech companies or open forums, and they use it for their personal gains.
Its just a matter of single transaction that needs to be happen and it'll
spread
like a wild fire.
cheers
- Original Message
From:
19 matches
Mail list logo