Kevin Mitnick Selling Security Exploits For $100k?

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Kevin Mitnick selling exploits for $100,000? Hell, raise your hand if you knew the guy was still alive. :D

He's now offering the Absolute Zero Day Exploit Exchange, a service that sells "exclusive" unpatched exploits to companies and governments for $100,000 or more. If you're willing to pay for a premium tier, you can even get notification the moment an exploit is available for a program you're interested in -- whether or not it's your own.
 
Exactly what "Good Intentions" use could this stuff have?

Only two types are gonna buy it. Well funded criminals or the government. Neither has our best interests in mind.
 
Anyone with secrets would pay to know when problems in their OS and programs show up. I know I have written about fourteen custom patches to my home system because I had stuff people wanted and I had to lock down the system. Knowing the exploits even exist cuts down the work of security guys by over 80 percent because the hardest part is finding the exploits to plug them.
 
Smells like barely concealed extortion to me.

"See, I've got this exploit here for a program you use. I'll sell it to anyone who pays, but if you pay then maybe you can fix it."
 
He was a pretty famous hacker back in the days...most wanted at some point if I recall correctly.
 
Yes. I think he's gotten a bit brazen as of late by offering this shit. It's the same shit that got him in jail but now he wants money.

He knows the business side now. He'll probably do quite well in my opinion.
 
Yes. I think he's gotten a bit brazen as of late by offering this shit. It's the same shit that got him in jail but now he wants money.

IMO there is a fine line between selling exploits and using exploits. I'm not saying that he won't get in trouble for selling them, but it is a lot less likely than using if he were using the exploits.
 
Smells like barely concealed extortion to me.

"See, I've got this exploit here for a program you use. I'll sell it to anyone who pays, but if you pay then maybe you can fix it."

A guy has got to make a living. Most lock companies hire ex-criminals to improve their products. What better way to secure your software/product than to hire the same guy who broke into it?
 
IMO there is a fine line between selling exploits and using exploits. I'm not saying that he won't get in trouble for selling them, but it is a lot less likely than using if he were using the exploits.
Not sure I follow that logic. Exploits must first be found before they can be used, and the "service" Mitnick is now extorting people for is traditionally provided gratis by hackers. I agree with others who're labeling him a slimebag. The guy's just out of jail, maybe he misses anal sex.
 
Not sure I follow that logic. Exploits must first be found before they can be used, and the "service" Mitnick is now extorting people for is traditionally provided gratis by hackers. I agree with others who're labeling him a slimebag. The guy's just out of jail, maybe he misses anal sex.

Not all hackers do this for free, many do it to get paid. You think Google or Mozilla or Facebook would be as secure if they didn't have the bounty program? Everyone needs money and this is one way of making your skills pay off.
 
Not all hackers do this for free, many do it to get paid. You think Google or Mozilla or Facebook would be as secure if they didn't have the bounty program? Everyone needs money and this is one way of making your skills pay off.
Is there any point at which you would start calling it extortion?
 
Why should hackers be required to give up their exploit discoveries for a couple of bucks, a burger, and a pat on the back. You wonder why so many of them use the exploits to steal information? Because it pays a hell of a lot better than telling people about them. I say this guy is trying to turn the industry around and make it more profitable to tell people about problems.
 
Why should hackers be required to give up their exploit discoveries for a couple of bucks, a burger, and a pat on the back. You wonder why so many of them use the exploits to steal information? Because it pays a hell of a lot better than telling people about them. I say this guy is trying to turn the industry around and make it more profitable to tell people about problems.
Again I'm unsure what the point is. There's philanthrophy and then there's extortion. IMO you'll need to choose one of those and go with it. What happens when sooner or later this clown (in fact anyone) finds an exploit really worth holding a company (or maybe the world) hostage to. Are you claiming it would be sold for the same arbitrary $100K as Mitnick's other exploits? What's the upper limit on his asking price, $110,000?

If we increase the profit motive for hacking, no other result is possible other than an increase in its prevalence and popularity.
 
Is there any point at which you would start calling it extortion?

Extortion would be me stealing your personal information and then demanding money or else I release it. These hackers aren't stealing anything they're essentially saying "Hey your boat has a hole in it, I'll patch it for you for $100."
 
Back
Top