<div><a href="http://seclists.org/fulldisclosure/2006/Dec/0382.html">
<address class="headers"><span id="from"><dfn><font color="#000000">"</font></dfn></span></address>
<address class="headers"><span><dfn>From</dfn>: n3td3v <</span></address></a><a href="mailto:xploitable_at_gmail.com?Subject=Re:%20n3td3v%20calls%20on%20month%20of%20bug%20campaigns%20to%20stop">xploitable_at_gmail.com
</a><a href="http://seclists.org/fulldisclosure/2006/Dec/0382.html">> <br><span id="date"><dfn>Date</dfn>: Wed, 20 Dec 2006 21:38:38 +0000</span><br>
<p>[introduction] <br>n3td3v is deeply sad at the new trend of morally accepted blackmail by <br>the security community, known better as a month of bugs. <br>
<p>sincere researchers are coming forward more frequently to threaten <br>companies with a month of vendor bugs. <br>
<p>because they are known to be sincere they are morally left off the <br>hook from what is known by n3td3v to be straight forward blackmail. <br>
<p>blackmail is illegal, for this reason n3td3v wishes to make the <br>following recommendations: <br>
<p>[1]bug a day for a month campaigns are blackmail on the part of the <br>researcher, all should be outlawed by government. <br>
<p>[2]n3td3v calls on the government to make it highly illegal and <br>morally unacceptable to threaten a month of bugs for a vendor and its <br>customers <br>
<p>[3]security researchers think its "fun" but all it amounts to is blackmail <br>
<p>[4]all blackmail attempts shouldn't be dressed up as harmless fun <br>
<p>[5]governments need to wake up and swiftly arrest those making month <br>of bug claims in the future <br>
<p>[6]corporations and its consumers shouldn't be scared mongered and <br>threatened by individuals <br>
<p>[7]researchers shouldn't use their real name or real place of <br>employment and expect exclusion from legal action against blackmail <br>
<p>[8]researchers shouldn't be allowed to profit or gain career <br>opportunities by such claims to action by the researcher <br>
<p>[9]researchers should be taken into custody, questioned and have their <br>hardware obtained for forensic analysis before a month of bugs is due <br>to start <br>
<p>[10]individuals threatening to carry out a month of bugs shouldn't be <br>labelled as "security researchers" by the media and security experts <br>
<p>[11]such individuals should be clearly labelled as "criminals", <br>"malicious attackers" and "blackhats", no matter what other "friendly" <br>or "useful" research they've carried out in the past.
<br>
<p>[media dork reference] <br></p></p></p></p></p></p></p></p></p></p></p></p></p></p></p></p></a><a href="http://news.com.com/2061-10793_3-6144833.html">http://news.com.com/2061-10793_3-6144833.html</a><a href="http://seclists.org/fulldisclosure/2006/Dec/0382.html">
</a>
<p>"</p>
<p>link: <a href="http://seclists.org/fulldisclosure/2006/Dec/0382.html">http://seclists.org/fulldisclosure/2006/Dec/0382.html</a></p></div>
<div> </div>