...now coming from a black hat near you. Not surprising. Where there's money, there's people willing to pursue it.

Paris, because she's unsafe at any speed. Or sumtin...

So I guess we can expect a(nother) avalanche of tripe damning sysadmins and thus excusing the criminals?

Paris because she's equal to the suppliers of the above mentioned tripe.

The definition of security research and reporting is a bit greay here. It reads to me that he paid some criminals to use there service so he could see what was on the menu and is now asking top companies to contact him to see if there on the list.

Now call me silly but thats not security research, thats marketing given alot of companies will contact as some MD or the like gets spooked reading the news etc.....

So it boils down to, find criminal service, pay criminals for service and then advitise said service as the next big dark scary thing and then thru the realms of non-disclosure of insecure sites etc force alot of top companies to contact him directly. Must say for securty work its poor show paying the criminals for there work, but given the marketing gains from this it does seem a rather cheap investment.

That said there are alot of idiots out there in IT who dont know what security is. But when security is down to the weakest chain of a temp with a flash-drive or a intern or a secratary who will print a document you need for a meeting with X,Y,Z in there offices later on. Lets face it there are people out there who click random pop-up's blindly and believe anything thats in a printed formated font of electricity.

But back to the main subject in sumary: It is akin to a Doctor telling you about the black death and how its out there now and contact me for a consultation so I can tell you if you are already dead.

Paris - because she could of very well done this job just as well.

Credit card? Who'd be stupid enough?