[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

How worse is the shellshock bash bug than Heartbleed?

To: Lodewijk andré de la porte <[email protected]>
Subject: How worse is the shellshock bash bug than Heartbleed?
From: [email protected] (Troy Benjegerdes)
Date: Wed, 1 Oct 2014 12:28:03 -0500
Cc: Georgi Guninski <[email protected]>, [email protected]
In-reply-to: <CAHWD2rKQARd=9ucDORfsyqELFB3FiDafK_Wqah7rONXyuzPigA@mail.gmail.com>
References: <[email protected]$> <[email protected]> <[email protected]$> <17223152.OU4snMSJSA@lapuntu> <[email protected]$> <CAHWD2rKQARd=9ucDORfsyqELFB3FiDafK_Wqah7rONXyuzPigA@mail.gmail.com>

On Tue, Sep 30, 2014 at 03:59:33PM +0200, Lodewijk andrÃ© de la porte wrote:
> On Sep 30, 2014 3:40 PM, "Georgi Guninski" <[email protected]> wrote:
> >
> > If I had a budget for buying sploits, I would
> > pay much more for shockshell than for HB, might be wrong.
> 
> This is a really good metric. It instantly combines utility with potential
> etc.

What the world needs is a 'proof-of-exploit' based cryptocurrency that
has a bidding period, and then a 'exclusive' period where the winning 
bidder gets the sploit, and then a disclosure period where the crypto 
key to decrypt the sploit becomes public.

Then we could tell how serious software vendors are by how many sploits
for their own stuff they are the highest bidders for. You might even 
have Lloyds offering sploit insurance.....

The only sound electronic money would then be the one that creates money
by sploiting other socially-engineerinable electronic money.

Prev by Date: Mu [was: How worse is the Shellshock bash bug than Heartbleed?]
Next by Date: Radical-safest TLDs in 2007
Previous by thread: Mu [was: How worse is the Shellshock bash bug than Heartbleed?]
Next by thread: Radical-safest TLDs in 2007
Index(es):
- Date
- Thread