I can't verify it. But $50K for an exploit against an OS that will not be widely deployed for many months seems to be excessive. Who in their right mind would want to pay $50K to exploit 10 machines before the exploit is captured, sent to MS, and patched, all before the general population really starts running it. It doesn't pass the commonsense test to me. A zero day on XP Pro would be oh, so much more valuable. -----Original Message----- From: Ryan Meyer [mailto:lists@xxxxxxxxxxxxxxxxxxxxxxx] Sent: Tuesday, December 19, 2006 1:59 PM To: bugtraq@xxxxxxxxxxxxxxxxx; pen-test@xxxxxxxxxxxxxxxxx Subject: Trend Micro's Vista "0day exploit auction" claim A number of popular tech news sources are reporting Trend Micro's CTO, Raimund Genes, publicly claiming that there are "auctions" for zero-day Windows Vista exploits. Further, he claims these auctions are fetching approx $50,000. Could anyone verify Trend Micro's claim? It seems dubious, at best, to me and possibly nothing more than pure FUD. Sorry to get off topic. Ryan Meyer
