OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: [Full-disclosure] Another 0day to sell.

From: Joey Mengele (joey.mengelehushmail.com)
Date: Thu Sep 13 2007 - 13:02:20 CDT


If you can't see that knowledge of an impending sale in a 0day
vulnerability in a specific and publicly disclosed product can help
you to mitigate risk against said product in a customers
environment, then I am afraid I must speculate you are not as
educated as a CISSP, and are therefore not even qualified to
develop a password policy, let alone be doing security stuff!

Any good CISSP will tell you there is more to security than
patching! Even some of the bad ones know LOLOL! Unfortunately, most
hacker/cracker webgangs are in on it too!

J
CISSP

On Thu, 13 Sep 2007 13:54:14 -0400 Alex Robar
<alex.robargmail.com> wrote:
>Thank you for actually looking it up. Now that we've got that
>squared
>away...
>
>I agree that it's valuable to see what those 0day threats are, but
>that's
>the key: You don't tell the list. You don't say what they are, and
>_that_ is
>the point of full-disclosure. If you were to post what type of
>vulnerabilities you had, what software they affected... Then I
>wouldn't have
>any type of problem with you offering to sell them. You discovered
>them, and
>you're within your rights to do whatever you want with them. But
>you posting
>that you've got a random 0day to sell doesn't help raise the level
>of
>protection my customers get.
>
>AR
>
>On 9/13/07, Joey Mengele <joey.mengelehushmail.com> wrote:
>>
>> Thanks for the biography. If you are indeed being sincere, I am
>> interested in knowing why you wouldn't find it a valuable
>service
>> to have people publicly attempting to broker deals on the list.
>>
>> What I mean is, wouldn't it raise the GEARYTECH, INC. THREATCON
>a
>> notch or two if someone was attempting to sell a 0day in a piece
>of
>> software that GEARYTECH, INC. has facing The Internets?
>>
>> But honestly Mr. Rebar, isn't it easy to just ignore the one
>> message that seems to bother only you and that other crybaby,
>the
>> Guasconi guy?
>>
>> J
>>
>> "0day happens"
>>
>> On Thu, 13 Sep 2007 13:38:19 -0400 Alex Robar
>> <alex.robargmail.com> wrote:
>> >I don't discover vulnerabilities; It's not my job or an area of
>> >interest to
>> >me. I'm on this list to catch any vulnerabilities in software
>that
>> >my
>> >company deploys to client networks, and deal with protecting
>them
>> >from said
>> >vulnerabilities. Different people offer to sell exploits quite
>> >often on this
>> >list, and they're all told the same thing: Go somewhere else.
>Read
>> >the
>> >charter for what you're supposed to post here.
>> >
>> >AR
>> >
>> >On 9/13/07, Joey Mengele <joey.mengelehushmail.com> wrote:
>> >>
>> >> LOLOLOLOLOLOL keep replying!!!
>> >>
>> >> Do you know any cool security stuff?
>> >>
>> >> J
>> >>
>> >> On Thu, 13 Sep 2007 13:16:28 -0400 Alex Robar
>> >> <alex.robargmail.com> wrote:
>> >> >Right, right... "Someone else can prove that you aren't who
>you
>> >> >say you
>> >> >are." Good argument. Do a little research before posting
>> >something
>> >> >like
>> >> >that.
>> >> >
>> >> >AR
>> >> >
>> >> >On 9/13/07, Joey Mengele <joey.mengelehushmail.com> wrote:
>> >> >>
>> >> >> I think Dr. Neal Krawetz could easily prove Alex Robar is
>> >> >actually
>> >> >> the same person as this Guasconi fag. Neither have
>provided
>> >> >> anything of value to the list. Unless you count self
>> >important
>> >> >> opinions and the tendency to speak for the entire body of
>the
>> >> >list.
>> >> >> Geesh dude, even I post some security stuff!
>> >> >>
>> >> >> So anyway Alex/Guasconi/n3td3v, keep trolling now that
>your
>> >> >secret
>> >> >> is exposed. Or, prove that you are not all the same person
>if
>> >it
>> >> >is
>> >> >> not so.
>> >> >>
>> >> >> J
>> >> >>
>> >> >> On Thu, 13 Sep 2007 12:18:28 -0400 Alex Robar
>> >> >> <alex.robargmail.com> wrote:
>> >> >> >"Full disclosure", much like how it sounds, is for fully
>> >> >> >disclosing
>> >> >> >vulnerabilities that you've found. Guasconi is right -
>This
>> >> >list
>> >> >> >isn't for
>> >> >> >selling exploits you've discovered.
>> >> >> >
>> >> >> >AR
>> >> >> >
>> >> >> >On 9/13/07, Joey Mengele <joey.mengelehushmail.com>
>wrote:
>> >> >> >>
>> >> >> >> I think offers to sell 0day are more relevant to this
>list
>> >> >than
>> >> >> >the
>> >> >> >> stupid trash and one line comments you have provided
>> >> >> >consistently
>> >> >> >> during your time here. Maybe you should stop or find a
>new
>> >> >list?
>> >> >> >Or
>> >> >> >> just kill yourself, perhaps...
>> >> >> >>
>> >> >> >> J
>> >> >> >>
>> >> >> >> On Thu, 13 Sep 2007 02:47:45 -0400 Guasconi Vincent
>> >> >> >> <tyoptyopgmail.com> wrote:
>> >> >> >> >On 9/12/07, Juergen Marester
><marester.juergengmail.com>
>> >> >> >wrote:
>> >> >> >> >> Thanks for people who bought me codes since my last
>> >post.
>> >> >> >> >> I also have other 0day to sell. Contact by e-mail.
>> >> >> >> >
>> >> >> >> >Stop.
>> >> >> >> >
>> >> >> >> >--
>> >> >> >> >Guasconi Vincent
>> >> >> >> >Student.
>> >> >> >> >
>> >> >> >> >_______________________________________________
>> >> >> >> >Full-Disclosure - We believe in it.
>> >> >> >> >Charter: http://lists.grok.org.uk/full-disclosure-
>> >> >charter.html
>> >> >> >> >Hosted and sponsored by Secunia - http://secunia.com/
>> >> >> >>
>> >> >> >> --
>> >> >> >> Click for free info on rehab treatments for drug &
>alcohol
>> >> >> >dependency.
>> >> >> >>
>> >> >> >>
>> >> >>
>> >>
>>
>>>>http://tagline.hushmail.com/fc/Ioyw6h4eH4ipKWT7bgKiT735WpgEy1lOu
>P
>> >m
>> >> >u
>> >> >> >Ht3RDlVRKDdbkjCRPS/
>> >> >> >>
>> >> >> >> _______________________________________________
>> >> >> >> Full-Disclosure - We believe in it.
>> >> >> >> Charter: http://lists.grok.org.uk/full-disclosure-
>> >> >charter.html
>> >> >> >> Hosted and sponsored by Secunia - http://secunia.com/
>> >> >> >>
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >--
>> >> >> >Alex Robar
>> >> >> >alex.robargmail.com
>> >> >>
>> >> >> --
>> >> >> Click here for free information on starting a business
>from
>> >your
>> >> >home.
>> >> >>
>> >> >>
>> >>
>>
>>>http://tagline.hushmail.com/fc/Ioyw6h4dA5RsHere4CNg8GgV7mRB35uzN7
>t
>> >E
>> >> >tJaqcvuCZNvnFtu6Y1/
>> >> >>
>> >> >>
>> >> >
>> >> >
>> >> >--
>> >> >Alex Robar
>> >> >alex.robargmail.com
>> >>
>> >> --
>> >> Click now and find the perfect favors for any occasion!
>> >>
>> >>
>>
>>http://tagline.hushmail.com/fc/Ioyw6h4fF8B62vyiPEzWrCWumSdE7DSdP36
>O
>> >1EwLbUYNMPOkcOGR3n/
>> >>
>> >>
>> >
>> >
>> >--
>> >Alex Robar
>> >alex.robargmail.com
>>
>> --
>> Don't throw your computer away! Click now for expert computer
>repair!
>>
>>
>http://tagline.hushmail.com/fc/Ioyw6h4dHnrqFQpGXOxdKtNlK0fa9ANaeTcJ
>uJChMOTUcYhrVBSgeJ/
>>
>>
>
>
>--
>Alex Robar
>alex.robargmail.com

--
Prices, software, charts & analysis. Click here to open your online FX trading account.
http://tagline.hushmail.com/fc/Ioyw6h4eApyjADBbpGV3nLDaKFtFTBnYAX11AzGYtz94EsEbN8jAMo/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/