[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] IE7 Zero Day
- To: <full-disclosure@xxxxxxxxxxxxxxxxx>, <n3td3v@xxxxxxxxx>
- Subject: Re: [Full-disclosure] IE7 Zero Day
- From: <0x80@xxxxxxx>
- Date: Sun, 07 May 2006 11:08:57 -0700
>Have you e-mailed secure@xxxxxxxxxxxxx and asked them if they want
>to
>make an offer? I know they've done private deals with security
>researchers in the past, and trust me, they were offered a lot
>more
No I have not emailed Microsoft. They are not entitled to any
exlusivity.
>illegal auction. I think its in your best interest to e-mail
>secure@xxxxxxxxxxxxxx
Illegal? Tell me what law in what country I have broken.
>
>1) You don't want to make as much money as you could by offering
>Microsoft to buy your vulnerability in private.
Like I said. MS can offer just like anyone else but they do not
get any special treatment.
>2) You want to be held responsible for selling an exploit which
>leads
>to a major incident, worm, virus outrage.
The vulnerabilities I have for sale could be used in such a way but
I am in no way responsible for what the purhcaser uses it for. Are
bullet manufacturers responsible when someone shoots someone else?
>3) Microsoft just contact the FBI and get your actual home address
>from your e-mail server logs because you didn't initially offer
>Microsoft to buy the exploit, and you end up getting arrested.
Again. What law have I broken here?
Concerned about your privacy? Instantly send FREE secure email, no account
required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/