Follow us on Twitter!
Things are more like they are now than they have ever been before. - Dwight D. Eisenhower
Friday, April 25, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 25
Guests Online: 22
Members Online: 3

Registered Members: 82906
Newest Member: ilija
Latest Articles
View Thread

HellBound Hackers | Computer General | Hacking in general

Author

Zero Day Ethics

scrptnnj
Member



Posts: 3
Location:
Joined: 10.11.11
Rank:
Guest
Posted on 26-03-12 23:04
http://www.forbes. . .gure-fees/
Withholding zero days to sell on the black market certainly doesn't seem ethical to me, but I can see how the money and fame could be tempting. I personally try to stay away from egocentricity and I think they're more important things than money(Then again no one has ever offered me $100,000). What do you all think? What would you do with a $100,000 zero day?

Edited by scrptnnj on 27-03-12 04:12
Author

RE: Zero Day Ethics

Arabian
Banned



Posts: 332
Location: inside you.
Joined: 22.09.10
Rank:
Apprentice
Posted on 27-03-12 03:12
Unethical to whom? According to whose morality? Is it better to fund your exploitation of a corporation that supports both child slave labor in foreign countries AND deprives you of your rights to completely own your software, or to keep silent and fully disclose, letting them profit from your hard work at an increasingly lengthening margin from most other operating system and utilities companies?

Or how about exploiting Linux, where they depend on user input to find and help patch bugs and security weakpoints in the system?

So? If you think you're morally superior because you'd rather see full-disclosure with no compensation, you've got a greater ego than those that would sell their exploits. No one is morally righteous in this case.

I'd take the money, because I the time and dedication finding the exploit, and I'd rather see Microsoft lose money and customers (whom inevitably flock to Apple or Linux) than find fault with some Ukrainian mafia figure making money.


G'bye y'all! I was an asshole, So korg banned me.

Edited by Arabian on 27-03-12 03:13
Author

RE: Zero Day Ethics

kierron
Member



Posts: 9
Location: Arkansas
Joined: 06.01.12
Rank:
Guest
Posted on 27-03-12 03:37
@arabian, very well said
Author

RE: Zero Day Ethics

scrptnnj
Member



Posts: 3
Location:
Joined: 10.11.11
Rank:
Guest
Posted on 27-03-12 03:58
Sorry if my wording was off, I know morals are subjective and I know I'm not superior to anyone else,but I meant to my own standard of ethics it seemed off and I was just curious to see other peoples views in the hbh community. Mostly I was curious if the community had any set of shared ethics other than just what can be posted on the forums.

I tend to support full disclosure because I empathize with the programmers and the customers, not the companies. I'm sure Microsoft and Google can deal with losing a little bit of money, but I'd hate to see a programmer lose their job, or some working class family have the their bank account cleaned out.

Edited by scrptnnj on 27-03-12 04:25
Author

RE: Zero Day Ethics

Arabian
Banned



Posts: 332
Location: inside you.
Joined: 22.09.10
Rank:
Apprentice
Posted on 27-03-12 05:40
Your argument disenfranchises 2 sectors of the population:

1. The consumer/user.
2. The lower level outsourced assemblyline worker.

You think the middle class well educated programmer is going to be the one suffering most if you don't fully disclose? You're helping maintain the employment of the people who could best handle losing their jobs, and at the same time, supporting a company that deprives others of far too much.


G'bye y'all! I was an asshole, So korg banned me.

Edited by Arabian on 27-03-12 05:42
Author

RE: Zero Day Ethics

ellipsis
Member



Posts: 173
Location:
Joined: 13.06.09
Rank:
Uber Elite
Posted on 27-03-12 07:26
I would sell the exploit but definitely not for $100,000. $250,000. It's good to have high standards.


10000101
Author

RE: Zero Day Ethics

chompish
Member

Your avatar

Posts: 8
Location:
Joined: 01.12.11
Rank:
Guest
Posted on 29-03-12 23:13
i'm more interested in who i get in touch with to pay me for the exploits? Grin
Author

RE: Zero Day Ethics

ellipsis
Member



Posts: 173
Location:
Joined: 13.06.09
Rank:
Uber Elite
Posted on 30-03-12 01:22
chompish wrote:
i'm more interested in who i get in touch with to pay me for the exploits? Grin


The companies themselves. Or you can sell them to other hackers. Just be creative.


10000101