How worse is the shellshock bash bug than Heartbleed?
Troy Benjegerdes
hozer at hozed.org
Wed Oct 1 10:28:03 PDT 2014
On Tue, Sep 30, 2014 at 03:59:33PM +0200, Lodewijk andré de la porte wrote:
> On Sep 30, 2014 3:40 PM, "Georgi Guninski" <guninski at guninski.com> wrote:
> >
> > If I had a budget for buying sploits, I would
> > pay much more for shockshell than for HB, might be wrong.
>
> This is a really good metric. It instantly combines utility with potential
> etc.
What the world needs is a 'proof-of-exploit' based cryptocurrency that
has a bidding period, and then a 'exclusive' period where the winning
bidder gets the sploit, and then a disclosure period where the crypto
key to decrypt the sploit becomes public.
Then we could tell how serious software vendors are by how many sploits
for their own stuff they are the highest bidders for. You might even
have Lloyds offering sploit insurance.....
The only sound electronic money would then be the one that creates money
by sploiting other socially-engineerinable electronic money.
More information about the cypherpunks
mailing list