Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Trend Micro's Vista "0day exploit auction" claim

from [Roger A. Grimes] Network Security [Permanent Link]
Subject: RE: Trend Micro's Vista "0day exploit auction" claim
Date: Tue, 19 Dec 2006 21:55:44 -0500 
I can't verify it. But $50K for an exploit against an OS that will not
be widely deployed for many months seems to be excessive. Who in their
right mind would want to pay $50K to exploit 10 machines before the
exploit is captured, sent to MS, and patched, all before the general
population really starts running it.

It doesn't pass the commonsense test to me. A zero day on XP Pro would
be oh, so much more valuable. 

-----Original Message-----
From: Ryan Meyer [mailto:lists@youthinkitweprintit.com] 
Sent: Tuesday, December 19, 2006 1:59 PM
To: bugtraq@securityfocus.com; pen-test@securityfocus.com
Subject: Trend Micro's Vista "0day exploit auction" claim

A number of popular tech news sources are reporting Trend Micro's CTO,
Raimund Genes, publicly claiming that there are "auctions" for zero-day
Windows Vista exploits. Further, he claims these auctions are fetching
approx $50,000.

Could anyone verify Trend Micro's claim?

It seems dubious, at best, to me and possibly nothing more than pure
FUD.

Sorry to get off topic.

Ryan Meyer
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] [ GLSA 200612-21 ] Ruby: Denial of Service vulnerability, Raphael Marichez
Next by Date:  critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip, quincy
Previous by Thread:  Trend Micro's Vista "0day exploit auction" claim, Ryan Meyer
Next by Thread:  RE: Trend Micro's Vista "0day exploit auction" claim, Simple Nomad
Indexes:  [Date] [Thread] [Top] [All Lists]