There has been a lot of noise on social media sites today about an apparent breach of VUPEN’s website. The rumour being that 130 zero day vulnerabilities were purloined.
We saw this on Twitter from Security Errata:
Dear @Vupen, we have received reports that your site was compromised and ~ 130 0-day stolen this year. Any comment? No reply to mails…
— Security Errata (@securityerrata) June 7, 2012
A little digging and I found this post on Kevin Townsend’s site:
There are reports a French group called Vupen, who are famous as resellers for zero-day vulnerabilities, has been hacked – and 130 zero-days have been leaked.
Um, still no smoking gun.
So, I sent VUPEN an email to dig into it. I received a very pointed response.
From Email:
Hi Dave,
This compromise rumour is totaly false, nothing happend at all. So there is no story to tell.
Thanks,
Chaouki Bekrar – VUPEN
CEO & Head of Research
http://www.vupen.com
Fair enough. Anyone have any evidence to the contrary they would like to share? Feel free to drop is a line “tips AT liquidmatrix DOT org”
Until that point, calling this one a tempest in a tea pot in lieu of evidence.
(Image used under CC from I Am Not I)