Zero day Excel hacker takes on ebay
But vulnerability author says he is still talking with Microsoft
The author of an alleged vulnerability in Microsoft’s Excel software remains committed to bringing the flaw into the public eye, despite the best attempts of Microsoft and eBay to prevent this, vnunet has learned today. An eBay user known only as ‘fearwall’ had posted an auction offering an as yet undisclosed flaw in Excel, known in the security community as a zero day vulnerability, with the intention of selling a detailed description of the bug to the highest bidder. Ebay pulled an auction because it constituted an item that promoted illegal activity. But at the time the sales was ended it is reported to have topped the US$60 mark. The vulnerability seller claims to have contacted Microsoft prior to auctioning the vulnerability and reports suggest Microsoft’s Security Response Centre is examining the report, but the security community is largely divided over the disclosure of such zero day flaws. Typically, software companies are given a window of between one and a number of months to examine and release patches for the problem, before the finer details are released to the public. But fearwall is understood to have said in his auction description: "Since I was unable to find any use for this by-product of Microsoft developers, it is now available for you at the low starting price of $0.01 - a fair value estimation for any Microsoft product." The seller even offered Microsoft employees a discount: “To qualify, you must provide @microsoft.com email address and must mention discount code LINUXRULZ during checkout," he said. He also posed the disclaimer: "The information you receive is for educational and research purposes only." Fearwall, who has since changed his eBay user name, told vnunet today: “I am working with Microsoft to resolve [the situation] and arguing with eBay regarding the auction.”
Reproduced from an article published by vnunet.com
© vnunet.com
The original article can be viewed here:
http://www.vnunet.com/vnunet/news/2147412/zero-day-excel-hacker-fights
Permalink Bookmark Digg this story
