The economics of the black hat world

December 9, 2005

Apparently you can buy details of a zero-day flaw in Excel on eBay. Only $60 at the moment (a snip).

Cheap, when you consider just how many banks do their financial modelling in Excel Spreadsheets made up of massive Monte Carlo calculations.

(Then again, a zombie network of 1000 compromised PCs is currently fetching around $300.)


  1. lamentables said,

    Some days when I read what you and are thinking about I am reminded of Flanders and Swann discussing the problems of talking to scientists…ah, H2SO4 Professor! Don’t synthesise anything I wouldn’t synthesise. And the reciprocal of pi to your good wife…

    I worry that there’s so much of the world for which I don’t understand the language.

    (sorry don’t know how to do subscripts or greek)

  2. sbisson said,

    Superscripts are done by typing <sup> and </sup>

    Subscripts similarly are <sub> and </sub>

    HTML codes for Greek and other character entities can be found here.

  3. lamentables said,


    You’re such a useful person to know.

    H2SO4 Cool!

  4. marypcb said,

    my geeky husband addresses the detail and ignores the thrust of the comment; definition of geek 😉

  5. lamentables said,


  6. marypcb said,

    Anyone who was really selling one of these would probably sell it somewhere less public than eBay though?

    Hmmm. Researchers complain bugs aren’t fixed fast enough. Companies complain leaking bugs causes attacks. How about a vulnerability escrow service that keep a list of numbers of submitted and fixed vulnerabilities so they don;t ahve to be leaked to stop them being sat on?

