Cheers Charlie, I will email details straight away. On 5/9/07, Charlie Arehart <[EMAIL PROTECTED]> wrote: > > Taco, I do think that's a compelling (and clever) challenge, and I'd like > to consider taking you up on it. I can't know for sure that I'll have time > this week, but if you want to share those details with me offlist, I'm happy > to consider them: [EMAIL PROTECTED] > > /Charlie > http://www.carehart.org/ > > > ------------------------------ > *From:* cfaussie@googlegroups.com [mailto:[EMAIL PROTECTED] *On > Behalf Of *Taco Fleur > *Sent:* Tuesday, May 08, 2007 10:39 PM > *To:* cfaussie@googlegroups.com > *Subject:* [cfaussie] Re: Hack ColdFusion Application > > > Maybe for you it wouldn't be worth it, I tell you, I would do it for $50, > I'd probably do it for free just because I think its fun. We don't all think > the same... > > Brett with all due respect. The way I see it, if there is a real expert on > this list and finds ten hacks in 1 hour while drinking a couple of beers in > his/her comfy chair, he/she just made $1000 and had fun while doing it. I > don't think you can beat that. And I don't see why other people should worry > about what I pay to be honest, if you don't like it just don't participate, > I don't tell you how much to pay your staff/contractors do I? > > And no I am not worried that our application is full of security holes, I > am being cautious, we're only human after all. There is certainly the > possibility that there are some security holes, and if someone on this list > is smart enough to discover them now, than that is better than it ending up > in the news later. > > > On 5/9/07, Brett Payne-Rhodes <[EMAIL PROTECTED]> wrote: > > > > > > Taco, > > > > Surely you have more confidence in your system than that? $100 per hack? > > Are you that worried that your security is full of holes? > > > > And $100 isn't really going to motivate people now is it? Not when the > > likelihood is that someone could spend a few hours and the best they could > > hope to wind up with is $250 - but I'd bet $250 that given the security I > > would expect you have already built in that it wont cost you more than $250 > > anyway. > > > > Make it $1,000 per hack/crack, max of $5,000 and maybe you will get some > > kind of response. And I still wouldn't expect it to cost you much... > > > > Cheers, > > > > Brett > > B) > > > > > > Taco Fleur wrote: > > > OK, I'm now offering $100 per hack/crack found.. Anyone interested > > > please email me directly. > > > > > > On 5/2/07, *Taco Fleur* <[EMAIL PROTECTED] > > > <mailto:[EMAIL PROTECTED]>> wrote: > > > > > > I'm looking for someone interested to try and crack/hack one of > > our > > > applications that is going to launch soon. www.sellmystuff.com.au > > > < http://www.sellmystuff.com.au/> > > > (not the pages there now). > > > > > > Happy to pay $50 per hack/crack discovered (maximum $250 pp). > > > > > > What I mean by hack/crack is; > > > - login with invalid account > > > - edit someone elses details > > > - XSS > > > - Session hijacking > > > - SQL Injection > > > > > > What I do not mean is; > > > - DOS attacks > > > - Other attacks that are aimed at the web server or anything else > > > nothing to do with the application itself > > > > > > Will provide more details to people interested. > > > > > > -- > > > Taco Fleur - http://www.pacificfox.com.au > > > <http://www.pacificfox.com.au/> > > > Web Design, Web development, Graphic Design and Complete Internet > > > Solutions > > > an industry leader with commercial IT experience since 1994 > > > > > > > > > > > > > > > -- > > > Taco Fleur - http://www.pacificfox.com.au > > > Web Design, Web development, Graphic Design and Complete Internet > > Solutions > > > an industry leader with commercial IT experience since 1994 > > > > > > > > > > > > Web Design, Web development, Graphic Design and Complete Internet > > Solutions > > an industry leader with commercial IT experience since 1994 > > > > > >
-- Taco Fleur - http://www.pacificfox.com.au Web Design, Web development, Graphic Design and Complete Internet Solutions an industry leader with commercial IT experience since 1994 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "cfaussie" group. To post to this group, send email to cfaussie@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en -~----------~----~----~----~------~----~------~--~---
<<inline: ace.gif>>
