The logic that Dan would have gotten a lot of money if he had sold the vulnerability on the black market is flawed. He and his company will make much much... much more money by doing what he did. It opened up a lot of doors for his company to do business. Add all of the money they'll get from those new consulting contracts over the years and it'll become clear that there's much less money in being a black hat. Selling a vulnerability would have resulted in a short term profit that would have no profit after the initial one time deal. Instead Dan and his company secured enough consulting contracts to last for many many years.
On Fri, Aug 8, 2008 at 10:03 AM, Randy <[EMAIL PROTECTED]> wrote: > Post interview remarks to Dan after his talk: > > " > > Black Hat founder and organizer Jeff Moss asked Kaminsky in a press > conference following his presentation how much he thought he could have > gotten for the vulnerability on the black market, if he'd decided to sell it > to hackers or criminal syndicates instead of warning the world. > > Kaminsky declined to guess a figure. > > "The value of this class of bugs is high enough that it justifies very > extensive research," he said. "If there is such value by investing in the > attacks, we have to invest more. " > > Black Hat yet white at heart. Thank God he is. > > " > > -- > RandallMan > ---------- > I always step on the grass. > > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
