"Ethical" is always a matter of perspective. "Legal" and "effective" are the relevant points of contention.
On Wed, May 28, 2014 at 10:29 PM, Brian M. Waters <[email protected]> wrote: > So far the thread of discussion here has focused on whether or not > Weev's plan would /actually work/. But lets take a step back. > > If I understand it, the plan is to facilitate "ethical vulnerability > disclosure" by > 1) Finding security vulnerabilities in live sites > 2) Disclosing them to the public before notifying the site operators > 3) Thereby causing the stock price to drop > and > 4) Making money by short-selling on knowledge only the developer has > > I could distill that to layman's terms: > "Hurting someone else and making money at their expense." > > So, how is that ethical, again? Did I miss something? > > BW > > > On Tue, 27 May 2014 20:49:45 +0200 > Philip Cheong <[email protected]> wrote: > > From https://www.startjoin.com/trollc > > > > *Right now if you're a software exploit developer and you want to > > monetize your craft to pay your rent, there's only one consistent way > > to do so: sell your software exploits. The major customer for these > > are oppressive governments, chiefly that of the United States. We > > know what the United States does with software exploits: it uses them > > to illegally spy on its own citizens, and attack peaceful nations > > around the world.* > > > > *I need your help to create a company that will ethically disclose > > software vulnerabilities to the public. For this I need help getting > > the filing fees necessary to incorporate a hedge fund. I want to > > continue bringing issues in companies that put you at risk to light, > > and short the stocks of those companies when I do so. I will only get > > paid when large corporations being negligent get punished. This will > > create a structure by which security researchers including myself > > will still make a living, only now by disclosing problems instead of > > selling them in secret to criminal governments.* > > > > What say you? Is this brilliant? Or stupid? Awesome? But never going > > to work? > > > > _______________________________________________ > > Sent through the Full Disclosure mailing list > > http://nmap.org/mailman/listinfo/fulldisclosure > > Web Archives & RSS: http://seclists.org/fulldisclosure/ > > > -- > Brian M. Waters > Burlington, Vermont, USA > +1 (908) 380-8214 > [email protected] > https://brianmwaters.net/ > > > _______________________________________________ > Sent through the Full Disclosure mailing list > http://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ > _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
