Is it ethical or even legal to charge for other peoples work?
As far as I know France seems have some pretty strong (and weird) copyright laws.
And yes, they are blaming French Laws prohibiting full disclosure.
In conformity with applicable French laws prohibiting Full-disclosure, the FrSIRT will no longer distribute exploits and PoCs on its public web site. Public exploits section has thus been definitively closed.
Nothing to do with making money I’m sure.
Classic bait and switch eh, collect all the info from the public domain, get everyone pointing to your service, then start charging for it.
FrSIRT is an independent organisation providing real-time threat monitoring and alerting services. FrSIRT works 24x7x365 to monitor, review, and analyze new vulnerabilities, threats and exploits to offer a unique vulnerability notification service allowing system, network, and security professionals to keep track of the latest security threats.
Available since 2003, FrSIRT Vulnerability Notification Service (FrSIRT VNSâ„¢) is a web-based security alerting service, providing real-time information to customers about information security threats and IT product vulnerabilities that affect the entire corporate information technology domain. FrSIRT VNSâ„¢ alerts are delivered through a continually updated Web portal, XML feeds and email subscriptions.
Ah how we LOVE branding. You can see the
scam prices here.
I’ll be removing links on all my sites to FrSIRT and will start recommending Security Forest instead.
I mean I had a feeling it might happen when they rebranded from K-Otik (The hackers friend with a h4x0r name) to FrSIRT, a more professional bunch with a corporate looking site.
But essentially they are still just collecting exploits from mailing lists and hosting them on a website, big deal eh?
Oh well let them, if people pay to get what they can get elsewhere, or from Google cache, more fool them.
Any other good resources to recommend?