harryjohnston alerts us to a story picked up by a few bloggers in the security space. A Russian security research company, Gleg, has discovered a zero-day in the latest version of RealPlayer 11. But they won't reveal details to Real, or to CERT, despite repeated requests. Details are available only to their clients who pay a lot of money for early access to such knowledge. To describe Gleg's business model Daniweb rather cautiously puts forward the word "blackmail." The story was first exposed in Ryan Nariane's Securitywach blog.