Re: Trend Micro's Vista "0day exploit auction" claim


On Tue, December 19, 2006 7:59 pm, Ryan Meyer wrote:
A number of popular tech news sources are reporting Trend Micro's CTO,
Raimund Genes, publicly claiming that there are "auctions" for zero-day
Windows Vista exploits. Further, he claims these auctions are fetching
approx $50,000.

Could anyone verify Trend Micro's claim?

It seems dubious, at best, to me and possibly nothing more than pure FUD.

Sorry to get off topic.

Ryan Meyer



Hello Ryan

Anything is possible. Whether or not it's FUD is totally irrelevant IMHO.
Considering Vista officially launched on November 30*, what's the number
of deployed servers at the moment?
How many of these will be business/mission critical (thus "interesting")?

Sure, the "bad guy" paying 50k for the exploit can sit around waiting for
vulnerable vista's to pop up but if they're willing to pay that price they
should get a developer/security researcher, lock him up in a basement with
a server running vista and get (possibly) more (then 1) 0-day exploit(s).

Kr

Roger

*: according to this link (chosen at random):
http://www.cnn.com/2006/TECH/ptech/11/30/windows.vista.ap/index.html?eref=rss_tech
According to the article, it will get in consumer's hands "as of January 30"

--
Life is 10 percent what you make it and 90 percent how you take it. -
Irving Berlin