'Re: [FD] What do you think of Trollc?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [FD] What do you think of Trollc?
From:       Scott Arciszewski <scott () arciszewski ! me>
Date:       2014-05-29 21:00:30
Message-ID: CAPKwhwuB1g1v+MoJ=QcpmDoAJC=c355629zti3BF8aQMpB8Ntg () mail ! gmail ! com
[Download RAW message or body]

"Ethical" is always a matter of perspective. "Legal" and "effective" are
the relevant points of contention.

On Wed, May 28, 2014 at 10:29 PM, Brian M. Waters <brian@brianmwaters.net>
wrote:

> So far the thread of discussion here has focused on whether or not
> Weev's plan would /actually work/. But lets take a step back.
>
> If I understand it, the plan is to facilitate "ethical vulnerability
> disclosure" by
> 1) Finding security vulnerabilities in live sites
> 2) Disclosing them to the public before notifying the site operators
> 3) Thereby causing the stock price to drop
>  and
> 4) Making money by short-selling on knowledge only the developer has
>
> I could distill that to layman's terms:
> "Hurting someone else and making money at their expense."
>
> So, how is that ethical, again? Did I miss something?
>
> BW
>
>
> On Tue, 27 May 2014 20:49:45 +0200
> Philip Cheong <isctsf@gmail.com> wrote:
> > From https://www.startjoin.com/trollc
> >
> > *Right now if you're a software exploit developer and you want to
> > monetize your craft to pay your rent, there's only one consistent way
> > to do so: sell your software exploits. The major customer for these
> > are oppressive governments, chiefly that of the United States. We
> > know what the United States does with software exploits: it uses them
> > to illegally spy on its own citizens, and attack peaceful nations
> > around the world.*
> >
> > *I need your help to create a company that will ethically disclose
> > software vulnerabilities to the public. For this I need help getting
> > the filing fees necessary to incorporate a hedge fund. I want to
> > continue bringing issues in companies that put you at risk to light,
> > and short the stocks of those companies when I do so. I will only get
> > paid when large corporations being negligent get punished. This will
> > create a structure by which security researchers including myself
> > will still make a living, only now by disclosing problems instead of
> > selling them in secret to criminal governments.*
> >
> > What say you? Is this brilliant? Or stupid? Awesome? But never going
> > to work?
> >
> > _______________________________________________
> > Sent through the Full Disclosure mailing list
> > http://nmap.org/mailman/listinfo/fulldisclosure
> > Web Archives & RSS: http://seclists.org/fulldisclosure/
>
>
> --
> Brian M. Waters
> Burlington, Vermont, USA
> +1 (908) 380-8214
> brian@brianmwaters.net
> https://brianmwaters.net/
>
>
> _______________________________________________
> Sent through the Full Disclosure mailing list
> http://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/
>

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread] 