First Windows 8 Bug Found, Put Up For Sale

CommanderFrank · Nov 3, 2012

Vupen is a French company that specializes in finding flaws in software programs. The company has already identified a security flaw in the newly released Windows 8 operating system and promptly put the exploit up for sale to the highest bidder. Capitalism at its finest.

Vupen claims to have bypassed Microsoft's "sandbox," a protective environment in which new Windows 8 software runs, isolated from other software components.

Woe · Nov 3, 2012

More power to them, looks like Microsoft needs to be the highest bidder.

Trimlock · Nov 3, 2012

Woe said:
More power to them, looks like Microsoft needs to be the highest bidder.

Thats if this thing is even legit.

It could be a security flaw that lets you clear your minesweeper times remotely for all we know.

SkribbelKat · Nov 3, 2012

Trimlock said:
Thats if this thing is even legit.

It could be a security flaw that lets you clear your minesweeper times remotely for all we know.

That would be so lame, since Minesweeper scores are a big deal here in western Washington.

Jagger100 · Nov 3, 2012

We don't know who you are. We don't know what price you want. If you are looking for ransom, we can tell you we do have money. Money we can use to hire people with a very particular set of skills; skills they have acquired over a very long career. Skills that make them a nightmare for people like you. If you bury the security flaw now, that'll be the end of it. They will not look for you, They will not pursue you. But if you don't, they will look for you, they will find you, and they will kill you.

Gorankar · Nov 3, 2012

LOL, good luck with that. If the sell it to anyone but MS, and it gets used by them to cause any damage, Vupen will be sued, and perhaps even prosecuted criminally.
It is a bluff to exhort money out of MS. Oh, never mind, it is extortion plain ans simple. Is that illegal in France?

SonDa5 · Nov 3, 2012

Woe said:
More power to them, looks like Microsoft needs to be the highest bidder.

Either that or wait and see what happens then figure out the exploit and put out SP1 for it.

Hop-Scotch · Nov 3, 2012

SkribbelKat said:
That would be so lame, since Minesweeper scores are a big deal here in western Washington.

I am very proud of my Minesweeper scores, that and I'm the only one of my friends that understands the game.

THOMO · Nov 3, 2012

BS, I found a flaw 3months ago and the bidding on that is at £13,000,000

SkribbelKat · Nov 3, 2012

Hop-Scotch said:
I am very proud of my Minesweeper scores, that and I'm the only one of my friends that understands the game.

Very few people are [H]ard enough to play Minesweeper and Freecell. Most are gaming posers who play FPS stuff and have never really experienced how intense Windows games can get.

modulus · Nov 3, 2012

Capitalism at its finest?

How is this different from me going on craigslist and saying I'll tell the highest bidder where my neighbor keeps his spare key?

BBA · Nov 3, 2012

modulus said:
Capitalism at its finest?

How is this different from me going on craigslist and saying I'll tell the highest bidder where my neighbor keeps his spare key?

Well, it may not be that analogous.

This company goes to foreign governments and antivirus companies for bids...which would be like you calling the police and telling them to make an offer bid for information on how to break into your neighbors bank account. Really doesn't make a lot of sense other than being flat out extortion.

Cheetoz · Nov 3, 2012

BBA said:
Really doesn't make a lot of sense other than being flat out extortion.

I wans't aware that this is what extortion means...

Vicinity · Nov 3, 2012

SkribbelKat said:
That would be so lame, since Minesweeper scores are a big deal here in western Washington.

Mmm.. yes. I hear it's the State Sport.

Semantics · Nov 3, 2012

who needs security flaws when you can just get the user to click yes.

[21CW]killerofall · Nov 4, 2012

Social hacking is much easier than brute force anyway. All you have to do is go into your local business dressed as a bug spray guy and ask to get into the manager's office to spray for bugs. Hacking their machine is the easy part considering all of the powerful software out there that you can run off a usb flash drive.

XamediX · Nov 4, 2012

jpm100 said:
We don't know who you are. We don't know what price you want. If you are looking for ransom, we can tell you we do have money. Money we can use to hire people with a very particular set of skills; skills they have acquired over a very long career. Skills that make them a nightmare for people like you. If you bury the security flaw now, that'll be the end of it. They will not look for you, They will not pursue you. But if you don't, they will look for you, they will find you, and they will kill you.

Windows Taken PT2

SkribbelKat said:
Very few people are [H]ard enough to play Minesweeper and Freecell. Most are gaming posers who play FPS stuff and have never really experienced how intense Windows games can get.

What the fuck are you talking about? I have a 4:1 K/D ratio in Modern Warfare 3 and that is the most realistic PC game on the market right now. Minesweeper... psshhh.

Semantics said:
who needs security flaws when you can just get the user to click yes.

[21CW]killerofall;1039292634 said:
Social hacking is much easier than brute force anyway. All you have to do is go into your local business dressed as a bug spray guy and ask to get into the manager's office to spray for bugs. Hacking their machine is the easy part considering all of the powerful software out there that you can run off a usb flash drive.

I was thinking the same thing myself. It's so much easier to socially hack your way to the machine physically when that option is available. But if you want to hack China or something, it'll be easier in person because that swim is a bitch.

Enrage · Nov 4, 2012

GORANKAR said:
LOL, good luck with that. If the sell it to anyone but MS, and it gets used by them to cause any damage, Vupen will be sued, and perhaps even prosecuted criminally.
It is a bluff to exhort money out of MS. Oh, never mind, it is extortion plain ans simple. Is that illegal in France?

Depending on its lethality, a working 0 day exploit with Win7 or Xp commands a 6-7 figure sum. There are plenty of parties willing to spend those sort of dollars and Microsoft isnt one of them. Its a very lucrative market and happens more than we like to know.

Bamboo · Nov 4, 2012

Semantics said:
who needs security flaws when you can just get the user to click yes.

lol

Sly · Nov 4, 2012

GORANKAR said:
LOL, good luck with that. If the sell it to anyone but MS, and it gets used by them to cause any damage, Vupen will be sued, and perhaps even prosecuted criminally.

Except the largest and most famously known collection of zero day exploits was traced back to the government itself. Did they get sued?

SkribbelKat · Nov 4, 2012

Vicinity said:
Mmm.. yes. I hear it's the State Sport.

Yeah, true. The competitive clans are huge here. People get really hardcore into it because it's such an engaging game.

DeathPrincess · Nov 4, 2012

SkribbelKat said:
That would be so lame, since Minesweeper scores are a big deal here in western Washington.

I know an exploit to let you cheat on solitaire scores, which has been in almost every Windows since forevar... Yet i've never told anyone or sold it on! One day a black hat might find out and become the solitaire world champion, then I shall have to live with my guilt forevar.

SkribbelKat · Nov 4, 2012

DeathPrincess said:
I know an exploit to let you cheat on solitaire scores, which has been in almost every Windows since forevar... Yet i've never told anyone or sold it on! One day a black hat might find out and become the solitaire world champion, then I shall have to live with my guilt forevar.

I'm pretty sure that only those strange people in Atlantis Georgia play Solitaire competitively and their entire continent sunk like 40 years ago so no one will probably miss them.

By the way, what exploit is this? I have a world championship to win.

XamediX · Nov 7, 2012

SkribbelKat said:
I'm pretty sure that only those strange people in Atlantis Georgia play Solitaire competitively and their entire continent sunk like 40 years ago so no one will probably miss them.

I bet there is still one person left, in a bubble, quietly playing solitaire waiting for the land walkers to blow themselves up so Atlantis can RISE AGAIN!

SkribbelKat · Nov 7, 2012

XamediX said:
I bet there is still one person left, in a bubble, quietly playing solitaire waiting for the land walkers to blow themselves up so Atlantis can RISE AGAIN!

I hope that person packed a lot of snacks and has a way to get online. It'd be really boring there with nothing to eat but fishy and nothing to do but play Solitaire.

XamediX · Nov 7, 2012

You don't remember when the deep sea internet pipelines were cut a few months ago? Guess who stole cable? Yup. The last survivor of Atlantis.

SunnyD · Nov 7, 2012

XamediX said:
What the fuck are you talking about? I have a 4:1 K/D ratio in Modern Warfare 3 and that is the most realistic PC game on the market right now. Minesweeper... psshhh.

Realistic my ass. You've obviously never played Amish Farm Simulator.

XamediX · Nov 7, 2012

SunnyD said:
Realistic my ass. You've obviously never played Amish Farm Simulator.

I tried but it wouldn't run on my 560ti without a 50% OC and I still got artifacts whenever I got in and out of the horse buggy. Unless that's a feature not a bug?

First Windows 8 Bug Found, Put Up For Sale

Cat Can't Scratch It

Limp Gawd

[H]F Junkie

Supreme [H]ardness

Supreme [H]ardness

[H]F Junkie

Supreme [H]ardness

Gawd

Gawd

Supreme [H]ardness

Limp Gawd

Supreme [H]ardness

[H]ard|Gawd

2[H]4U

2[H]4U

2[H]4U

2[H]4U

Weaksauce

Gawd

Supreme [H]ardness

Supreme [H]ardness

Fully [H]

Supreme [H]ardness

2[H]4U

Supreme [H]ardness

2[H]4U

2[H]4U

2[H]4U