Buying/selling exploits?

[MrLinus]

Just got the following note on Full Disclosure:

Hello list,

We would like to announce a new service to the security community at securityfocus ,its about buying new,private exploits.
So if you are looking to profit from your findings - the place is irc.exploits.cx the main chan is #exploits , details can be found on the /motd or you could just ask in the main channel.

Our IRC network also supports ssl - irc.exploits.cx port: 9999


We're looking forward to see you online!


best regards,
exploits.cx staff

Now, first off. I'm not a coder. I'm lucky if I can get a "Hello World" program to work. That said, I can -- sorta -- figure out most exploits/POC and the gist of what is being attempted.

But for the life of me, reading this email, I cannot see anyone taking this seriously. Now the email seems to suggest that they are representing SecurityFocus (?? -- Maybe a misread on my part) but if I'm a company who does pentesting or a company wanting to ensure my security or even if I'm a blackhat, I'm gonna know myself or have someone specialized in those fields rather than take a huge risk and buy exploits from a complete unknown.

[HTRegz]

Hey Hey,

Yer damn fast MsM... I just finished reading the email about it and you had it posted..

I actually think it's a rather lucrative idea.... exploits, if you use a major website as your source, are always a little behind what's actually out. If the people that discover these exploits and want to make a little coin to release them early.... I really think there are a few companies out there that would take advantage of it... One of these releases may save your company millions of dollars in downtime and/or damages.... It's like investing in the stock market, but I think it's a risk that many people would be willing to take... (if it proves to be as good as it claims to be)

I'm actually connected to their IRC server right now

MotD
We are currently looking for the following :
-
- ### Windows XP - SP2 - local priv. or remote
- ### Linux 2.4.x/2.6.x kernel - local private or 0 dayz
- ### exim,postfix,sendmail,qmail - remote
- ### samba - remote
- ### IE, Firefox, Safari vulnerabilities
- ### FreeBSD 5.x - local private or 0 dayz
- ### FreeBSD 4.x - local private or 0 dayz
- -----------------------------------------
- Payments are received via / made by :
- Paypal , WesternUnion , MoneyGram or E-gold
- -----------------------------------------
- Please dont try to abuse or fraud us , cause thats not our purpose !
- All exploits will be reviewed before sending payments !
- Reviewed vendors will get special privileges and receive bigger payments !
- English language during sells is accepted only !
- The server has an ssl connection on port 9999 , normal port 6667 !
- -----------------------------------------
- Have a nice sell !
- -----------------------------------------
- The main channel for selling / buying is #exploits

Hrm... just went back to that window to join the channel and see if there wasn anything to add to this.. and I've pinged out.. I also cannot connect anymore

I'm trying with a shell now and it seems to be slowly connecting.. I'm thinking their servers are being hammered after that email...

I'll post anything else I found when I do find it.

Peace,
HT

[Edit]
Looks like it is still down.. none of my hosts can connect...
[/Edit]

[spurious_inode]

What about computer/corporate espionage? Some unscrupulous companies out there will pay well for someone to
spy on their competitors... Dropping 5K on some unreleased exploits could just be a business expense for professional code thiefs.

Just a thought...

-- spurious

[DjM]

Anyone checked out their Web Site , seems kind of Micky Mouse to be affiliated with SecurityFocus.

Cheers:

[HTRegz]

Hey Hey,

I'm not sure that they're claiming to be affiliated with Security Focus, but more that they're assuming FD to be filled with Security Focus members... and they're just using that to tie everything together.

Peace,
HT

[DjM]

Originally posted here by HTRegz
Hey Hey,

I'm not sure that they're claiming to be affiliated with Security Focus, but more that they're assuming FD to be filled with Security Focus members... and they're just using that to tie everything together.

Peace,
HT

Thanks HT, as soon as they drop the name SecurityFocus, it would tend to make people believe that they (SecurityFocus) supports their efforts. Thats kind of what I read into it, but then again I didn't get much sleep last night.

Cheers:

[MrLinus]

Wow.. $29USD for:

This is the big security database archived including an installer.
Features:
# More then 222 services exploits + protections for them
# GTK / QT based installer for the database
# Online updater -> CVS / Subversion / Rsync
# Options for multiple testing on services
# Web based interface
# Console based interface

I dunno. They accept major credit cards or "PaySat" (never heard of that).

Although I do like their penguins: http://exploits.ath.cx/