> It's great that they are no longer sooo terribly demanding.
> Do you think, I could get $50,- for some slapper-worm
> improvements? That would be ten pizzas - I love pizza,
> they help me to maintain my natural weight above 100 kg.

I mean really.. when it comes down to it, isn't all form if income eventually
compared to how many pizza's you can buy?

That was the first thing I thought when I saw iDEFNSE pay scale.. "man, if I
find some 0day apache.. I can get TEN pizza's.. 12 if I lie and say I have
coupons each time (Like the delivery boy ever asks for them).

However, if I were going to disclose it.. I'd just disclose it myself.. Not
have iDEFENSE sit on it a month.. let it make its way around the underground
further.

I mean really, that's what is going on.. the developers give it to a couple of
their buddies.. the "QA" team at iDEFENSE.. they either give it to their
friends, or someone owns their box and steals it.. and in the end.. it seems
like you should just keep it to yourself and support non-disclosure, or fire
it off and support full-disclosure.

People bitched up a storm about Symantec and Secfocus.. "Ohh.. We'll never
know for sure if Symantec is holding posts while they can get fixes out, and
profit off of the list".. iDEFENSE does the same thing.. CERT also has their
"heads up" program.. which rarely every works, but sometimes finds out about
-7 to -10 day warez, and their high dollar members get notice about it.. Then
those high dollar members tell their script kiddy admins, and those script
kiddy admins tell their friends.. one of those friends has some talent in his
left finger, and manages to find the vulnerability in the code, and an exploit
is born.

I'm taking donations for a new wheel chair, i don't have any legs.. can anyone
get to www.amaozon.com ? I can't, help me.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]