[ISN] Exploits Contributor Program

From: InfoSec News (isnat_private)
Date: Wed Aug 21 2002 - 01:31:54 PDT

  • Next message: InfoSec News: "[ISN] U.S. Probes Firm In Security Breach"

    [It looks as if someone is poking fun at iDefense's Vulnerability 
    Contributor Program: http://www.idefense.com/contributor.html  - WK]
    ---------- Forwarded message ----------
    Date: Tue, 20 Aug 2002 19:08:59 -0700 (PDT)
    From: Bram Cohen <bramat_private>
    To: cryptographyat_private
    Subject: Exploits Contributor Program (fwd)
    I just got the following spam. I have no idea what their deal is,
    anybody care to guess if it's an extortion group?
    ---------- Forwarded message ----------
    Date: Wed, 21 Aug 2002 01:14:24 -0000
    From: iMoolah <ecpat_private>
    To: iMoolah <ecpat_private>
    Subject: Exploits Contributor Program
    iMoolah is pleased to announce the official launch of its Exploits
    Contributor Program (ECP). The ECP pays contributors very well for
    the advance and exclusive notification of exploit code and malicious
    iMoolah belives you might find our terms for contributing to the ECP
    very attractive. The following provides answers to some basic
    questions about the program:
    Q. How will it work?
    A. iMoolah understands the majority of security researchers are paid
    peanuts for publishing security research, and $400 for a fully
    working unpublished exploit just doesn't cut it; rather, it could be
    for any of a number of motivations, including the following:
     * MONEY MONEY MONEY MONEY MONEY. Everyone's in it for a quick buck.
     * Other more boring reasons that have nothing to do with moolah.
    The ECP is for those who may or may not want to have their research
    made public to the Internet community, but who would definitely like
    to be paid for doing the work.  The compensation will depend, among
    other things, on the following items:
     * The kind of information being shared (i.e. local or root exploit)
     * The amount of detail and analysis provided
     * The potential severity level for the information shared
     * The types of applications, OSes, and other software/hardware
     * Verification by iMoolah
     * The level of exclusivity for data granted to iMoolah
     * Number of users of the affected application
    We don't want anything worth less than US$1000, and we won't pay you
    anything less either.  And if you've got something really good, we'll
    give you much more than that.  Who said you have to stay poor?
    Q. Who should contribute to the ECP?
    A. The ECP is open to any individual, security research group or
    other entity.  That means YOU and your buddies.
    Q. Why are you launching this program?
    A. Many services charge clients for access without paying the
    original contributor. Under the iMoolah program, the contributor is
    compensated, iMoolah verifies the issue, and we only let the public
    know if you want us to.
    Q. Who gets the credit?
    A. The contributor is always credited for discovering the exploit
    Q. When can I contribute?
    The ECP is active. You are welcome to begin contributing today.
    To learn more, go to http://imoolah.hotusa.org/. If you have
    questions or would like to sign up as a contributor to the ECP,
    please contact us at ecpat_private
    The Cryptography Mailing List
    Unsubscribe by sending "unsubscribe cryptography" to majordomoat_private
    -=(End forwarded message)=-
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed Aug 21 2002 - 03:54:04 PDT