PWN 2 OWN contest winner Shane Macaulay listed his Vista equipped Fujitsu U810 laptop on eBay yesterday causing a big stir. Many people first thought it was an April Fool's joke but Shane was serious about selling the very laptop he won during the PWN 2 OWN contest.
He said that a top-quality hacker could probably examine the machine's hard drive and dig up the unpatched zero-day exploit code he had used to compromise the computer. However he never intended to disclose details of a flaw, at least not before the patch was created.
In a Tuesday interview with IDG News he explained that Adobe Systems plans to patch his Flash bug on April 8, the day his auction was set to end, and so he would have been practicing responsible disclosure, releasing details of a flaw that had already been patched.
According to contest rules; any vulnerability that the Zero Day Initiative awards a cash prize for, becomes the property of the ZDI, and therefore the winner can not discuss or disclose details of the 0day until the affected vendor has successfully patched the issue. Any discussion of the bug prior to the public disclosure of a ZDI advisory will result in forfeiting of the prize.
In an InfoWorld article a hacker who knows Macaulay said that the April 1 listing is "a bit coincidental," but that he may not be worried about forfeiting the $5,000 in prize money TippingPoint paid him for his hack. "He makes good money," said Marc Maiffret, an independent security researcher, in an instant message interview. "It's all just funny to him."
However eBay thought he was in violation of their user agreement, which says that users may not "distribute viruses or any other technologies that may harm eBay, or the interests or property of eBay users," so they pulled the listing.
When asked about it Macaulay had some funny answers when asked about these issues.
On the eBay terms of service problem, he said that he knew "some highups," at the company and was "confident, when I speak with eBay they will grant me a waiver."
And does TippingPoint know about what he's doing? "I believe at some level," he answered. "I'm sure things might change as the word percolates to the executives. Maybe I shouldn't have sold the [TippingPoint] bag with the laptop!!"
Read the IGN interview and more about Shane at InfoWorld
No comments:
Post a Comment
All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.
Thank you
Geek-News.Net