*I* am pretty sure that tptacek does mean buying vulnerabilities. There are quit... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

JoachimSchipper on Sept 23, 2010 | parent | context | favorite | on: A computer virus with an entirely new purpose

I am pretty sure that tptacek does mean buying vulnerabilities. There are quite a few unsophisticated hackers offering exploits for sale ("serious buyers only") (e.g. on the Full-Disclosure mailing list), and the occasional debate about publishing/selling to "good guys" like Zero Day Initiative/selling to "bad guys" suggests that these sellers are, indeed, unsophisticated.

(Which is not to say that your way wouldn't work too.)

EDIT: Mention Full-Disclosure somewhere.

lsc on Sept 23, 2010 [–]

you might be right. But I know if I was to attempt to buy a botnet (note, I'm a SysAdmin, not a security expert, so I might be doing it wrong.) I'd probably try to do it as I described in my post. People put a lot of trust into popular browser add-ons, and there is very little oversight.

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact