<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman, new york, times, serif;font-size:12pt"><DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">So,</DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"> </DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">Let's say I know how to bypass the alarm to your house. Should I put it up for sale and not worry about who buys it or why because it is "none of my business"?</DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"> </DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">Its people like you who give the security profession a bad name.</DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"> </DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">Mario<BR><BR></DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">----- Original Message ----<BR>From: Simon Smith <simon@snosoft.com><BR>To: Roman Medina-Heigl Hernandez <roman@rs-labs.com>; Untitled <full-disclosure@lists.grok.org.uk><BR>Cc: bugtraq@securityfocus.com<BR>Sent: Thursday, January 18, 2007 2:27:06 PM<BR>Subject: Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE<BR><BR>
<DIV>Oh, <BR> About your ROI question, that varies per buyer. I am not usually told<BR>about why a buyer needs something as that's none of my business.<BR><BR>On 1/18/07 4:22 AM, "Roman Medina-Heigl Hernandez" <roman@rs-labs.com><BR>wrote:<BR><BR>> Simon Smith escribió:<BR>>> Amen!<BR>>> KF is 100% on the money. I can arrange the legitimate purchase of most<BR>>> working exploits for significantly more money than iDefense, In some cases<BR>>> over $75,000.00 per purchase. The company that I am working with has a<BR>>> relationship with a legitimate buyer, all transactions are legal. If you're<BR>> <BR>> <naive><BR>> <BR>> I was wondering which kind of (legal) enterprises/organizations would pay<BR>> $75000 for a simple (or not so simple) exploit.<BR>> - governmental organizations (defense? DoD? FBI? ...)<BR>> - firms offering high-profiled pen-testing
services?<BR>> - ... ?<BR>> <BR>> What about the ROI for such investment?<BR>> <BR>> </naive><BR>> <BR>> Regards,<BR>> -Roman<BR>> <BR>> _______________________________________________<BR>> Full-Disclosure - We believe in it.<BR>> Charter: <A href="http://lists.grok.org.uk/full-disclosure-charter.html" target=_blank>http://lists.grok.org.uk/full-disclosure-charter.html</A><BR>> Hosted and sponsored by Secunia - <A href="http://secunia.com/" target=_blank>http://secunia.com/</A></DIV></DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><BR></DIV></div><br>
<hr size=1>Everyone is raving about <a href="http://us.rd.yahoo.com/evt=45083/*http://advision.webevents.yahoo.com/mailbeta">the all-new Yahoo! Mail beta.</a></body></html>