[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] What do you think of Trollc?

To: fulldisclosure@xxxxxxxxxxxx
Subject: Re: [FD] What do you think of Trollc?
From: "Brian M. Waters" <brian@xxxxxxxxxxxxxxxx>
Date: Wed, 28 May 2014 22:29:31 -0400

So far the thread of discussion here has focused on whether or not
Weev's plan would /actually work/. But lets take a step back.

If I understand it, the plan is to facilitate "ethical vulnerability
disclosure" by
1) Finding security vulnerabilities in live sites
2) Disclosing them to the public before notifying the site operators
3) Thereby causing the stock price to drop
 and
4) Making money by short-selling on knowledge only the developer has

I could distill that to layman's terms:
"Hurting someone else and making money at their expense."

So, how is that ethical, again? Did I miss something?

BW


On Tue, 27 May 2014 20:49:45 +0200
Philip Cheong <isctsf@xxxxxxxxx> wrote:
> From https://www.startjoin.com/trollc
> 
> *Right now if you're a software exploit developer and you want to
> monetize your craft to pay your rent, there's only one consistent way
> to do so: sell your software exploits. The major customer for these
> are oppressive governments, chiefly that of the United States. We
> know what the United States does with software exploits: it uses them
> to illegally spy on its own citizens, and attack peaceful nations
> around the world.*
> 
> *I need your help to create a company that will ethically disclose
> software vulnerabilities to the public. For this I need help getting
> the filing fees necessary to incorporate a hedge fund. I want to
> continue bringing issues in companies that put you at risk to light,
> and short the stocks of those companies when I do so. I will only get
> paid when large corporations being negligent get punished. This will
> create a structure by which security researchers including myself
> will still make a living, only now by disclosing problems instead of
> selling them in secret to criminal governments.*
> 
> What say you? Is this brilliant? Or stupid? Awesome? But never going
> to work?
> 
> _______________________________________________
> Sent through the Full Disclosure mailing list
> http://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/


-- 
Brian M. Waters
Burlington, Vermont, USA
+1 (908) 380-8214
brian@xxxxxxxxxxxxxxxx
https://brianmwaters.net/

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Follow-Ups:
- Re: [FD] What do you think of Trollc?
  - From: Michal Zalewski
- Re: [FD] What do you think of Trollc?
  - From: Jeffrey Paul
- Re: [FD] What do you think of Trollc?
  - From: Scott Arciszewski

References:
- [FD] What do you think of Trollc?
  - From: Philip Cheong

Prev by Date: Re: [FD] TrueCrypt?
Next by Date: Re: [FD] TrueCrypt?
Previous by thread: Re: [FD] What do you think of Trollc?
Next by thread: Re: [FD] What do you think of Trollc?
Index(es):
- Date
- Thread