[Full-disclosure] IE7 Zero Day

[0x80 at hush.ai]

>Have you e-mailed secure at microsoft.com and asked them if they want 

>to
>make an offer? I know they've done private deals with security
>researchers in the past, and trust me, they were offered a lot 
>more

No I have not emailed Microsoft.  They are not entitled to any 
exlusivity.

>illegal auction. I think its in your best interest to e-mail
>secure at microsoft.com.

Illegal?  Tell me what law in what country I have broken.

>
>1) You don't want to make as much money as you could by offering
>Microsoft to buy your vulnerability in private.

Like I said.  MS can offer just like anyone else but they do not 
get any special treatment.

>2) You want to be held responsible for selling an exploit which 
>leads
>to a major incident, worm, virus outrage.

The vulnerabilities I have for sale could be used in such a way but 
I am in no way responsible for what the purhcaser uses it for.  Are 
bullet manufacturers responsible when someone shoots someone else?


>3) Microsoft just contact the FBI and get your actual home address
>from your e-mail server logs because you didn't initially offer
>Microsoft to buy the exploit, and you end up getting arrested.

Again.  What law have I broken here?





Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485