Comment by isoprophlex
Comment by isoprophlex 10 months ago
Yeah, you have to have some solid backbone not to sell this off to some malicious party for 20-50x that amount...
Comment by isoprophlex 10 months ago
Yeah, you have to have some solid backbone not to sell this off to some malicious party for 20-50x that amount...
How does this work in practice? What systems are in place to prevent someone selling an exploit and then turning around and disclosing it properly as soon as they have the money, potentially getting even more money through legal channels? Is there some sort of escrow?
> Am I too optimistic? I feel like most regular people I know wouldn’t sell this off.
Probably you're just used to a relatively good life, not a bad thing :)
Image being able to sell this off for $20,000 (although I think you could ask for more, seems to be a really bad vulnerability) in a marketplace, for >90% of the world that's a pretty good amount of money that you could survive a long time on or add a lot of additional quality to your life.
Arc is used disproportionately by users who work in tech which tend to be paid quite well.
Am I wrong in thinking that with this vuln you could drain any financial accounts that they log into Arc with? Or, if they use Arc at work, that you now have a way to exfiltrate whatever data you want?
A browser vuln is about as bad as an OS vuln considering how much we use browsers for.
Am I too optimistic? I feel like most regular people I know wouldn’t sell this off. Most people are not antisocial criminals by nature, and also wouldn’t know how to contact a “state actor” even if they wanted to.