- To: <guninski@guninski.com>, <sandblad@acc.umu.se>, <http-equiv@excite.com>, <osioniusx@yahoo.com>, "Liu Die Yu" <liudieyuinchina@yahoo.com.cn>, <stardust@safecenter.net>, <jkuperus@planet.nl>
- Subject: Join "IE Dream Team"
- From: "Dror Shalev" <dshalev@finjan.com>
- Date: Tue, 30 Dec 2003 17:46:06 +0200
---------------------------------------------------------------
Q:what is worse, a published technique or the unknown one?
A:IE Dream Team
---------------------------------------------------------------
<http://www.finjan.com/>
<http://www.finjan.com/>
Finjan Software - Mobile Code Research Center (MCRC),
a department designated to detect the next attack by malicious hackers
and
Invent new proactive security technologies,
Finjan MCRC recognizes that there is an abundance of technical security
knowledge concerning as-yet-undisclosed vulnerabilities and exploit code
that are constantly discovered or created by individuals and security
groups.
Some of this information may see the light of day on security mailing
lists or eventually be disclosed as the result of a post-mortem analysis
of a compromised computer system.
Our "IE Dream Team" Program (IDT) compensates individuals who provide
Finjan MCRC with advance notification of unpublished vulnerabilities
and/or exploit code / Security Research .
IE Dream Team
Who
Finjan MCRC would like to re craw best IE Security researchers ,
To perform Research that will help Finjan MCRC to invent new Proactive
security technologies :
Georgi Guninski,
jelmer ,
Andreas Sandblad,
http-equiv ,
thePull ,
Star Dust ,
Die liu yu .
What - The Offer
Our "IE Dream Team" Program (IDT) compensates individuals who provide
Finjan MCRC with advance notification of unpublished vulnerabilities
and/or exploit code / Security Research .
Finjan MCRC would like to re craw best IE Security researchers ,
To perform Research that will help Finjan MCRC to invent new Proactive
security technologies.
We offer 200 $ per month , for virtual work, 1 day a week, according to
MCRC assignment.
We are interested in research on those following subjects:
* Java Cellular Security (midlets).
* Unpatched IE Vulnerabilities list.
* Email security (Windows only , Outlook, OWA).
* Active Content (Windows only: Active X , Java- MS only).
* html, Style, java script valuations.
* IE exploits.
* web mails (exploits code, ways to protect).
* DOT.NET client security.
* feature security products development.
** Exploits POC will be a plus only .
how - The Rules
*
The group members could work alone or share information between
the group members , according to the assignments.
*
The researchers could continue post there finding without any
Finjan MCRC approve,but will have to keep NDA and not to publish
anything from Finjan assignments, with out getting permissions from MCRC
manager , menashe Eliezer.
*
the researchers will get a Finjan email , hosting space (ftp) ,
and salary .
*
the researchers will not perform Any Hacking actions by the name
of finjan , or related to finjan products.
*
Payment : Finjan MCRC offers three methods of payment:
1. Mail Check - Checks can be sent to a physical mailing address or a
post office box.
2. Personal PayPal Account -PayPal does not charge fees to the receiver
of money in a Personal PayPal Account.
Business PayPal Accounts are subject to
fees based on your usage & history with PayPal.
3. Western Union - Western Union is used in select countries only.
Why-Motivation
Full Disclosure is about being open and honest - as is Open Source -
furthermore, competition is good for the overall security of the
industry.
Beyond this the information is out there...
and there is still the equation of hard work and strict discipline as
well as having an open mind.
(the Pull - Unorthodox Bug Finding Techniques )
When you find a root security bug you have often found a golden key into
the systems of the world.
If you are good, you give that up and report it to the proper
authorities.
If you are bad you steal a bunch of money and move to the Bahamas.
(the Pull - Unorthodox Bug Finding Techniques )
The same thing is true in physical security, though.
There are a great many martial artists that could do some serious damage
to a great many people at anytime.
Very few martial artists ever go on a rampage.
This is the honor of battle.
Computer security is in the same paradigm.
(the Pull - Unorthodox Bug Finding Techniques )
Who are we- Finjan MCRC
MCRC is the leading research department at Finjan Software, dedicated to
the research and detection of potential Internet and e-mail attacks.
MCRC's goal is to be one step ahead of malicious hackers attempting to
exploit open platforms and technologies to develop next generation
mobile malicious code, worms, trojans, viruses and spyware. MCRC
researchers also contribute to the development of next generation
defense tools for Finjan's proactive content security solutions. For
more information, visit <http://www.finjan.com/mcrc/index.cfm>
http://www.finjan.com/mcrc/index.cfm.
About Finjan
Finjan Software is the leading provider of proactive content security
solutions to global organizations. Exceeding the preliminary level of
defense typically offered by reactive anti-virus software solutions,
Finjan's Vital Security family of products proactively respond to
changing, yet-to-be-created Internet security threats and close the
Window of Vulnerability. Finjan is recognized by analyst firm IDC as
the leader in the worldwide malicious mobile code security market. For
more information, visit http://www.finjan.com.
-please free to contact me in any question regarding IE Dream team.
Dror
--------------------------------------------------------
Dror Shalev
+972-54-434-909
+972-9-865-9440 ex 251
drorshalev@finjan.com
Security Portal Manager
www.TheSecurityAuthority.com <outbind://79/www.TheSecurityAuthority.com>
--------------------------------------------------------
Q:what is worse, a published technique or the unknown one?
<http://www.finjan.com/>
<http://www.finjan.com/>
Attachment:
IE Dream Team.doc
Description: IE Dream Team.doc
--- End Message ---