FrSIRT Starts Charging for OTHER Peoples Work (Exploits)

The New Acunetix V12 Engine


Is it ethical or even legal to charge for other peoples work?

As far as I know France seems have some pretty strong (and weird) copyright laws.

And yes, they are blaming French Laws prohibiting full disclosure.

In conformity with applicable French laws prohibiting Full-disclosure, the FrSIRT will no longer distribute exploits and PoCs on its public web site. Public exploits section has thus been definitively closed.

Nothing to do with making money I’m sure.

Classic bait and switch eh, collect all the info from the public domain, get everyone pointing to your service, then start charging for it.

FrSIRT is an independent organisation providing real-time threat monitoring and alerting services. FrSIRT works 24x7x365 to monitor, review, and analyze new vulnerabilities, threats and exploits to offer a unique vulnerability notification service allowing system, network, and security professionals to keep track of the latest security threats.

Available since 2003, FrSIRT Vulnerability Notification Service (FrSIRT VNSâ„¢) is a web-based security alerting service, providing real-time information to customers about information security threats and IT product vulnerabilities that affect the entire corporate information technology domain. FrSIRT VNSâ„¢ alerts are delivered through a continually updated Web portal, XML feeds and email subscriptions.

Ah how we LOVE branding. You can see the scam prices here.

I’ll be removing links on all my sites to FrSIRT and will start recommending Security Forest instead.

I mean I had a feeling it might happen when they rebranded from K-Otik (The hackers friend with a h4x0r name) to FrSIRT, a more professional bunch with a corporate looking site.

But essentially they are still just collecting exploits from mailing lists and hosting them on a website, big deal eh?

Oh well let them, if people pay to get what they can get elsewhere, or from Google cache, more fool them.

Any other good resources to recommend?

Digg This Article

Posted in: Exploits/Vulnerabilities, Legal Issues

, , , ,


Latest Posts:


Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.


5 Responses to FrSIRT Starts Charging for OTHER Peoples Work (Exploits)

  1. backbone March 20, 2006 at 10:30 am #

    for new exploits & vulnerabilities you can always check securityFocus (my favorite)… also for network tools (mostly for UNIX) i recomend packetStormSecurity

  2. Haydies March 20, 2006 at 11:18 am #

    Its the information age, we have freedom of information, but now the information is no longer free.

    Knowlage has always driven people, its a currency of its own but less and less it matters what you know as to how well you can google. If some ones done if before, why do it your self?

    Half the IT industry would suddenly find them selfs out of their depth if google went down :-)

  3. Navaho Gunleg March 20, 2006 at 4:03 pm #

    Half the IT industry would suddenly find them selfs out of their depth if google went down

    Yeh, recently our ISP at work had some network-issues — then you see how you have come to depend on good search engines. :)

  4. st3f March 27, 2006 at 8:02 am #

    Do not forget about milw0rm, great site for exploits.

  5. Darknet March 27, 2006 at 8:11 am #

    st3f: Yah I’ll write about alternatives to FrSIRT soon, I’ve already drafted the article, milw0rm is of course there :)