Re: [Full-disclosure] Office 0day

Kradorex Xeron wrote:
On Sunday 24 June 2007 16:19, toto.toto@xxxxxxxxxxxxx wrote:

I can't give detail here


Isn't this list called "full-disclosure"? - in otherwords: If you aren't
going to disclose anything: DON'T post that you "have something". This list
is designed specifically for disclosing (and discussing on the occasion)
vulnerabilities, problems, etc to the entire community at once, not just
selectively who you choose (i.e. who buys your "0day").


Finding good buyers is tricky. There is a market for bug selling, but
you've got to be well connected.

Jared :)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages

  • Re: Using 0days as part of pen-test?
    ... that you see, including "future vulnerabilities". ... Just imagine that you are a auditor and you dont know this vuln (and many ... I think that you must follow the legal way to disclose the vuln (inform ... (networking permiter, user perimeter, enviroment perimeter, stack protection, ...
    (Pen-Test)
  • Re: Call to arms - INFORMATION ANARCHY
    ... > If Microsoft would simply offer cash rewards to vulnerability discoverers, ... > conditioned on the discoverer promising to never disclose to a third party, ... > vulnerabilities and 100 B type vulnerabilities are found, ...
    (NT-Bugtraq)
  • Re: [Full-disclosure] Is Firefox JavaScript flawed ?
    ... find most vulnerabilities, or to disclose them, or even to patch them. ... vulnerabilities for fun and profit. ...
    (Full-Disclosure)