Shoutbox

If any of you are good in finding exploits in OS'es or Browsers, you may want to have a look at IDefense Labs - Quarterly Vulnerability Challenge.

quote:

---

Challenge Focus: Remote Arbitrary Code Execution Vulnerabilities in Vista & IE 7.0
Time Period: Q1, 2007
Prize Amount: $8,000 - $12,000
Submission Deadline: Before Midnight EST on March 31, 2007

---

I just read about this on a website and didn't want to leave you guys out. Good Luck if you participate in this.

It is simply not worth it when you can triple that amount by selling a proof of concept to third-parties.

But then again, what do you deep inside rather have?

$30.000 knowing that you just contributed to the most disgusting type of viruses/spyware/zombie networks/spambots by doing business with criminals...

or $10000 for making the most used OS in the world and by that the people using it a little safer. Feeling good about it and something that might look good on your CV too if you're into security related business.

quote:

---

Originally posted by MenthiX
But then again, what do you deep inside rather have?

$30.000 knowing that you just contributed to the most disgusting type of viruses/spyware/zombie networks/spambots by doing business with criminals...

or $10000 for making the most used OS in the world and by that the people using it a little safer. Feeling good about it and something that might look good on your CV too if you're into security related business.

---

You could do both and see which one wins in getting their program out

Anyway, I think this is a great thing to do.  It does make me feel a little better about the updates being worthy.

quote:

---

Originally posted by markee
You could do both and see which one wins in getting their program out

Anyway, I think this is a great thing to do.  It does make me feel a little better about the updates being worthy.

---

Anyways..., I think what MenthiX said makes more sense.. helping people safer is better, since you might be the one getting the spyware, virus, etc. that they company you sold it to produces.

By the way, the minimum award (for a working exploit, that is) is $2000

quote:

---

Originally posted by MenthiX
But then again, what do you deep inside rather have?

$30.000 knowing that you just contributed to the most disgusting type of viruses/spyware/zombie networks/spambots by doing business with criminals...

or $10000 for making the most used OS in the world and by that the people using it a little safer. Feeling good about it and something that might look good on your CV too if you're into security related business.

---

I wasn't talking about criminals... I was talking about security solution providers.

quote:

---

Originally posted by MenthiX
doing business with criminals.

---

Adding to that, there was a news article on a Dutch tech site... http://www.nos.nl/nosjournaal/artikelen/2007/1/16...mputerhackers.html (Dutch! can't find a English source). Basically two guys sold exploit code to what later turned out to be Russian mafia. Because of that and another virus/botnetwork they had they are now facing 3 years prison, which serves them right.