<HTML>
<HEAD>
<TITLE>Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE</TITLE>
</HEAD>
<BODY>
<FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'>Mario, <BR>
What Netragard is doing is in fact not nearly as naive as what you are proposing. In fact, what Netragard is doing will most probably help “alarm companies” in the future.<BR>
<BR>
On 1/20/07 7:10 AM, "Mario D" <phisher_hunter@yahoo.com> wrote:<BR>
<BR>
</SPAN></FONT><BLOCKQUOTE><FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'>So,<BR>
<BR>
Let's say I know how to bypass the alarm to your house. Should I put it up for sale and not worry about who buys it or why because it is "none of my business"?<BR>
<BR>
Its people like you who give the security profession a bad name.<BR>
<BR>
Mario<BR>
<BR>
----- Original Message ----<BR>
From: Simon Smith <simon@snosoft.com><BR>
To: Roman Medina-Heigl Hernandez <roman@rs-labs.com>; Untitled <full-disclosure@lists.grok.org.uk><BR>
Cc: bugtraq@securityfocus.com<BR>
Sent: Thursday, January 18, 2007 2:27:06 PM<BR>
Subject: Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE<BR>
<BR>
Oh, <BR>
About your ROI question, that varies per buyer. I am not usually told<BR>
about why a buyer needs something as that's none of my business.<BR>
<BR>
On 1/18/07 4:22 AM, "Roman Medina-Heigl Hernandez" <roman@rs-labs.com><BR>
wrote:<BR>
<BR>
> Simon Smith escribió:<BR>
>> Amen!<BR>
>> KF is 100% on the money. I can arrange the legitimate purchase of most<BR>
>> working exploits for significantly more money than iDefense, In some cases<BR>
>> over $75,000.00 per purchase. The company that I am working with has a<BR>
>> relationship with a legitimate buyer, all transactions are legal. If you're<BR>
> <BR>
> <naive><BR>
> <BR>
> I was wondering which kind of (legal) enterprises/organizations would pay<BR>
> $75000 for a simple (or not so simple) exploit.<BR>
> - governmental organizations (defense? DoD? FBI? ...)<BR>
> - firms offering high-profiled pen-testing services?<BR>
> - ... ?<BR>
> <BR>
> What about the ROI for such investment?<BR>
> <BR>
> </naive><BR>
> <BR>
> Regards,<BR>
> -Roman<BR>
> <BR>
> _______________________________________________<BR>
> Full-Disclosure - We believe in it.<BR>
> Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html">http://lists.grok.org.uk/full-disclosure-charter.html</a><BR>
> Hosted and sponsored by Secunia - <a href="http://secunia.com/">http://secunia.com/</a><BR>
<BR>
<BR>
<HR ALIGN=CENTER SIZE="1" WIDTH="100%">Everyone is raving about the all-new Yahoo! Mail beta. <a href="http://us.rd.yahoo.com/evt=45083/*http://advision.webevents.yahoo.com/mailbeta"><http://us.rd.yahoo.com/evt=45083/*http://advision.webevents.yahoo.com/mailbeta></a> <BR>
</SPAN></FONT></BLOCKQUOTE><FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'><BR>
</SPAN></FONT>
</BODY>
</HTML>