I always wonder what’s stopping security researchers from selling these exploits to Blackhat marketplaces, getting the money, waiting a bit, then telling the original company, so they end up patching it.
Probably break some contractual agreements, but if you’re doing this as a career surely you’d know how to hide your identity properly.
Yes, but I was saying the Blackhat marketplaces wouldn’t really have much recourse if the person selling the exploit knew how to cover their tracks. i.e. they wouldn’t have anyone to sue or go after.
I’m saying blackhat hackers can make far more money off the exploit by itself. I’ve seen far worse techniques being used to sell services for hundreds of dollars and the people behind those are making thousands. An example is the slow bruteforcing of blocked words on YouTube channel as they might have blocked their name, phone number, or address.
What you’re talking about is playing both sides, and that is just not worth doing for multiple reasons. It’s very obvious when somebody is doing that. People don’t just find the same exploit at the same time in years old software.
I always wonder what’s stopping security researchers from selling these exploits to Blackhat marketplaces, getting the money, waiting a bit, then telling the original company, so they end up patching it.
Probably break some contractual agreements, but if you’re doing this as a career surely you’d know how to hide your identity properly.
It’s not worth the risk. If your job is border control, would you be smuggling goods? Maybe some would, but most would not.
They’re whitehat because they don’t want to take part in illegal activities, or already have and have grown from it.
Chances that such an old exploit get found at the same time by a whitehat and a blackhat are very small. It would be hard not to be suspicious.
Yes, but I was saying the Blackhat marketplaces wouldn’t really have much recourse if the person selling the exploit knew how to cover their tracks. i.e. they wouldn’t have anyone to sue or go after.
I’m saying blackhat hackers can make far more money off the exploit by itself. I’ve seen far worse techniques being used to sell services for hundreds of dollars and the people behind those are making thousands. An example is the slow bruteforcing of blocked words on YouTube channel as they might have blocked their name, phone number, or address.
What you’re talking about is playing both sides, and that is just not worth doing for multiple reasons. It’s very obvious when somebody is doing that. People don’t just find the same exploit at the same time in years old software.