Exploits Selling / Buying

Discussion:

(too old to reply)

Alexander Hristov

2005-06-06 18:53:24 UTC

Hello list,

We would like to announce a new service to the security community at
securityfocus ,
its about buying new,private exploits.
So if you are looking to profit from your findings - the place is
irc.exploits.cx the main chan is #exploits , details can be found on
the /motd or you could just ask in the main channel.

Our IRC network also supports ssl - irc.exploits.cx port: 9999

We're looking forward to see you online!

best regards,
exploits.cx staff
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Stan Bubrouski

2005-06-06 20:43:13 UTC

Permalink

I think a couple questions about this would definately prudent:

1) What do you have to gain from this?
2) How do we know your not just selling the exploits to
DDoSers/Spammers/Extortionists?
3) Are you just going to keep exploits sold to you private so you can
sell them to felons and and offer zero benefit to the community
what-so-ever?
4) Why do people need to connect to IRC to find out info about this if
you have a website you could easily post it on?

And on a side note your site is shady and so is this idea. I only
hope nobody falls for this and I wonder if there is any liability
here.

-sb

Post by Alexander Hristov
Hello list,
We would like to announce a new service to the security community at
securityfocus ,
its about buying new,private exploits.
So if you are looking to profit from your findings - the place is
irc.exploits.cx the main chan is #exploits , details can be found on
the /motd or you could just ask in the main channel.
Our IRC network also supports ssl - irc.exploits.cx port: 9999
We're looking forward to see you online!
best regards,
exploits.cx staff
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Daniel

2005-06-06 21:04:31 UTC

Permalink

The line which causes the most amount of interest for me is:

* - All exploits will be reviewed before sending payments !

hmmm so i send in my l33t qmail sploit, you "review" it, decide its
not upto standard and say "no"
In the meantime, my super l33t qmail sploit is currently making its
rounds across the worlds s-k-a servers after being traded by a group
claiming to have a new qmail 0hday...

Call me old fashioned.. I think this business model needs some working
here Alexander

Todd Towles

2005-06-06 21:22:05 UTC

Permalink

So...why give you to when iDefense will give me money for exploits. The
program is proven and used by many. Strange

-----Original Message-----
Sent: Monday, June 06, 2005 4:05 PM
To: Alexander Hristov
Subject: Re: [Full-disclosure] Exploits Selling / Buying
* - All exploits will be reviewed before sending payments !
hmmm so i send in my l33t qmail sploit, you "review" it,
decide its not upto standard and say "no"
In the meantime, my super l33t qmail sploit is currently
making its rounds across the worlds s-k-a servers after being
traded by a group claiming to have a new qmail 0hday...
Call me old fashioned.. I think this business model needs
some working here Alexander

Post by Alexander Hristov
Hello list,
We would like to announce a new service to the security

community at

Post by Alexander Hristov
securityfocus , its about buying new,private exploits.
So if you are looking to profit from your findings - the place is
irc.exploits.cx the main chan is #exploits , details can be

found on

Post by Alexander Hristov
the /motd or you could just ask in the main channel.
Our IRC network also supports ssl - irc.exploits.cx port: 9999
We're looking forward to see you online!
best regards,
exploits.cx staff
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

xyberpix

2005-06-06 21:36:20 UTC

Permalink

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I love the way that you put this.

"We would like to announce a new service to the security community....."

This is definitely a new service, no one's ever thought of this before,
well no one
wearing a white hat anyway. I can really see this benefitting the
security community greatly.
The more exploits that you manage to sell, the more work it creates for
us to go and fix, really good business plan.

Mmm, oh wait, will you be selling to terrorists as well, I hear they
have a lot of money to spend on this sort of thing?

/me checks calender, nope it's not April 1st again.

C'mon Alex, be serious.

xyberpix

For Security And Open Source News And Info Visit:
http://www.xyberpix.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFCpMHUcRMkOnlkwMERAinXAJwINQNcLFQ9dAU1AY5P1t3tyMoaAwCfVnyd
FrDVz/zyfZ9nFxle4J6xZ6k=
=G2AG
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Eric Paynter

2005-06-06 21:54:49 UTC

Permalink

Clearly the original post was either a troll or a fraud. We don't need to
keep telling him how weak the business model is.

-Eric

Post by xyberpix
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I love the way that you put this.
"We would like to announce a new service to the security community....."
This is definitely a new service, no one's ever thought of this before,
well no one
wearing a white hat anyway. I can really see this benefitting the
security community greatly.
The more exploits that you manage to sell, the more work it creates for
us to go and fix, really good business plan.
Mmm, oh wait, will you be selling to terrorists as well, I hear they
have a lot of money to spend on this sort of thing?
/me checks calender, nope it's not April 1st again.
C'mon Alex, be serious.
xyberpix

http://www.xyberpix.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
iD8DBQFCpMHUcRMkOnlkwMERAinXAJwINQNcLFQ9dAU1AY5P1t3tyMoaAwCfVnyd
FrDVz/zyfZ9nFxle4J6xZ6k=
=G2AG
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Georgi Guninski

2005-06-07 08:15:45 UTC

Permalink

Post by Eric Paynter
Clearly the original post was either a troll or a fraud. We don't need to
keep telling him how weak the business model is.

--
where do you want bill gates to go today?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

V***@vt.edu

2005-06-08 03:45:10 UTC

Permalink

Post by Georgi Guninski

Post by Eric Paynter
Clearly the original post was either a troll or a fraud. We don't need to
keep telling him how weak the business model is.

The fact that iDefense is doing it as well doesn't make it any less weak a model.

It may be quite workable when you're the only company doing it - but if another
company starts doing it as well, you end up with a price war likely to take out
at least one of the competitors.

If nothing else, the presence of competition will likely soon tell us what the
*real* value of an exploit is, as opposed to what iDefence has been paying :)

Stan Bubrouski

2005-06-08 05:20:23 UTC

Permalink

This is VERY different from iDefense. iDefense gives advanced notice
of vulnerabilities. These guys are buying exploits and SELLING THE
EXPLOITS not sending out advisories. It looks like they are probably
trying to profit from felons, afterall who else is gonna buy these
unknown exploits? Course if they know they are selling them to
felons, well...

-sb

Post by Georgi Guninski

Post by Eric Paynter
Clearly the original post was either a troll or a fraud. We don't need to
keep telling him how weak the business model is.

you should also tell idefense how weak their business model is (check in
their advisories the difference between "clients notified" and "gone public").
it is strange how people aprove a bloated u$a corp, but flame semianonymous
poster :)
--
where do you want bill gates to go today?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Byron L. Sonne

2005-06-06 23:58:16 UTC

Permalink

Dude, that's weak. In my opinion, all exploits should be made
immediately available to anyone, free of charge.

Post by Alexander Hristov
We would like to announce a new service to the security community at
securityfocus ,
its about buying new,private exploits.
So if you are looking to profit from your findings - the place is
irc.exploits.cx the main chan is #exploits , details can be found on
the /motd or you could just ask in the main channel.

V***@vt.edu

2005-06-07 01:13:20 UTC

Permalink

Post by Byron L. Sonne
Dude, that's weak. In my opinion, all exploits should be made
immediately available to anyone, free of charge.

Oh, I dunno about "immediately". I figure since they give the rabbit
a head start during a greyhound race, it's only sporting to send the
program maintainers a note "Yo. D00dz! Chek this out. U g0t a week's
head start. Werd."

But that's just me.

Byron L. Sonne

2005-06-07 01:43:30 UTC

Permalink

Post by V***@vt.edu
Oh, I dunno about "immediately". I figure since they give the rabbit
a head start during a greyhound race, it's only sporting to send the
program maintainers a note "Yo. D00dz! Chek this out. U g0t a week's
head start. Werd."

That sounds like a reasonable idea.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Matteo Giannone

2005-06-08 02:40:05 UTC

Permalink

Ehm,
I joined the irc server to take a look around:

/links
n0=irc.exploits.cx (0) Exploits Buyers Network
n1=opensource.arc.nasa.gov (1) DEFEND SYSTEM
n2=stats.exploits.cx (1) stats.exploits.cx - get stats
n3=services.exploits.cx (1) Services for IRC Networks
n4=irc2.exploits.cx (1) BG Exploits Buyers Network

wtf opensource.arc.nasa.gov means ?

Teo

__________________________
http://teokolo.altervista.org

____________________________________________________________
Navighi a 4 MEGA e i primi 3 mesi sono GRATIS.
Scegli Libero Adsl Flat senza limiti su http://www.libero.it

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Moritz Naumann

2005-06-08 11:31:14 UTC

Permalink

Post by Matteo Giannone
wtf opensource.arc.nasa.gov means ?

Got a web browser? ;-)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Matteo Giannone

2005-06-08 13:00:16 UTC

Permalink

Post by Moritz Naumann

Post by Matteo Giannone
wtf opensource.arc.nasa.gov means ?

Got a web browser? ;-)

Web Browser ? What is that?

I meant: why opensource.arc.nasa.gov should be linked to a lame irc server like
irc.exploit.cx ?

__________________________
http://teokolo.altervista.org

____________________________________________________________
Navighi a 4 MEGA e i primi 3 mesi sono GRATIS.
Scegli Libero Adsl Flat senza limiti su http://www.libero.it

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Paul Rolland

2005-06-08 13:42:48 UTC

Permalink

Post by Matteo Giannone

Post by Matteo Giannone
wtf opensource.arc.nasa.gov means ?
Got a web browser? ;-)

Web Browser ? What is that?
I meant: why opensource.arc.nasa.gov should be linked to a
lame irc server like
irc.exploit.cx ?

Nasa's exploring new worlds with limited budget ? :-)

Paul

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Enune

2005-06-09 00:28:59 UTC

Permalink

Space, flight and errors to boot!
http://opensource.arc.nasa.gov/project.jsp?id=*

Meep, meep.
Enune

Post by Paul Rolland

Post by Matteo Giannone

Post by Matteo Giannone
wtf opensource.arc.nasa.gov means ?
Got a web browser? ;-)

Web Browser ? What is that?
I meant: why opensource.arc.nasa.gov should be linked to a
lame irc server like
irc.exploit.cx ?

Nasa's exploring new worlds with limited budget ? :-)
Paul
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Nullum magnum ingenium sine mixtura dementiae fuit
[There is no great genius without some touch of madness]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Calum Power
- Cultural Jammer
- Security Enthusiast
- Hopeless Cynic
***@fribble.net
http://www.fribble.net

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Stuart Low

2005-06-09 00:59:57 UTC

Permalink

Post by Enune
Space, flight and errors to boot!
http://opensource.arc.nasa.gov/project.jsp?id=*

That's hardly something have "exploitable" nature. It's a plain ol'
Number Format exception. At least this way the only way it'll get past
there is by parsing a number.

Stuart

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Moritz Naumann

2005-06-08 17:50:45 UTC

Permalink

Post by Matteo Giannone
I meant: why opensource.arc.nasa.gov should be linked to a lame irc server like
irc.exploit.cx ?

Thats a good question, and I'm afraid I can't answer it. However, three
possible explanations come to my mind:

1. the server was compromised and added to the bot.. i mean irc network
2. the server was added to the network by someone at nasa.gov on purpose
3. the server is not really linked to the network and someone is just
trying to make you think so

But then, you probably had these thoughts on your mind as well.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Frank J. Laszlo

2005-06-08 22:44:35 UTC

Permalink

Post by Matteo Giannone
I meant: why opensource.arc.nasa.gov should be linked to a lame irc server like
irc.exploit.cx ?

You can set that hostname to whatever you want when setting up an ircd.
The actually linking line (i dont remember what its actually called,
been too long) contains a hostname (which may or may not be valid) and
an IP address. This is the most logical explaination, since there is so
irc service running on that hostname.

-Frank
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

s***@nexlab.it

2005-06-08 23:09:58 UTC

Permalink

Post by Frank J. Laszlo
You can set that hostname to whatever you want when setting up an ircd.
The actually linking line (i dont remember what its actually called,
been too long) contains a hostname (which may or may not be valid) and
an IP address. This is the most logical explaination, since there is so
irc service running on that hostname.

True,
this seem to be the right answer, expecially cause
if you try to connect to the 6667 tcp port on the
opensource.arc.nasa.gov real hostname you can see that the
port is filtered, so, apparently no irc server is running on this server
( but it isn't a definitive answer, off course, the server can serve irc
only for few ip classes, or only for internal network services like irc
bot... )
--
Franco (nextime) Lanza
Network Admin - http://www.nexlab.it
tel: +39 339 8125940
Fax: +39 02 48370447
Milano - Italy

you can download my public key at:
http://danex.nexlab.it/nextime.asc || Key Servers
Key ID = B9072C07
Key fingerprint = A95E 1EEA D138 64E5 45E8 77F0 6A00 E037 B907 2C07
-----------------------------------
echo 16i[q]sa[ln0=aln100%Pln100/snlbx]sbA0D212153574F444E49572045535520454D20454B414D204F54204847554F4E452059415020544F4E4E4143205345544147204C4C4942snlbxq | dc
-----------------------------------