From: jkouns (jkouns@opensecurityfoundation.org)
To: contact@rixstep.com
Cc: security curmudgeon (jericho@attrition.org)
Date: Sun, 28 Jan 2007 23:02:02 -0500
Subject: Re: Lame Gimmicks

John--
Sorry for the delayed response...  I have been traveling over the past couple of weeks and just now have the chance to respond.
After reading your email it appears that you are a bit upset but I am not quite sure why you directed the email to me personally
(considering I didn't post the blog entry about your contest).

I would suggest that if you still feel strongly about the posting that you submit a comment to the blog.  I will definitely
ensure that it is approved so your response is posted. However, since you have involved me in this..... I would ask one of the
same questions Jericho posted on blog.   I understand that the contest is about finding ANY type of bugs but why not post the
contest to some of the big security mailing lists (such as Full-Disclosure or Bugtraq)?

Do you plan on posting results when the contest is finished?  Hope the contest has been successful.

Anyways...  Virginia is fine.... little cold but fine.
--Jake

From: security curmudgeon (jericho@attrition.org)
To: contact@rixstep.com
Cc: OSVDB Mods (moderators@osvdb.org)
Date: Sat, 24 Feb 2007 05:51:06 -0500 (EST)
Subject: Re: Lame Gimmicks


On Sun, 28 Jan 2007, jkouns wrote:

It's been almost a full month, and John/Rixstep haven't addressed any
comments to me, and haven't apparently posted any comments to the blog (or
they were flagged as spam by the integrated WordPress system).

You have to realize that this only reinforces the notion that the Rixstep
challenge was nothing more than a PR gimmick riding the wave of the other
"Month of X Bugs", right?

Again, we're not close minded or biased, we'll happily present both sides
of the argument. But when the party being questioned doesn't reply to some
basic and sincere questions like Jake (and I) asked, it's difficult to
believe anything other than the original speculation.

Additionally, i'd love to know some of the backstory behind the
Full-Disclosure thread/banter that directed me to the Rixstep challenge to
begin with. Disgruntled employee, unsatisifed customer or something else?

Jericho

From: security curmudgeon (jericho@attrition.org)
To: contact@rixstep.com
Cc: OSVDB Mods (moderators@osvdb.org)
Date: Sat, 24 Feb 2007 07:57:09 -0500 (EST)
Reply-To: moderators@osvdb.org
Subject: [OSVDB Mods] Re: Lame Gimmicks



On Sat, 24 Feb 2007, contact@rixstep.com wrote:

: Christ Jesus you wee tosser - you got nothing better to do?
:
: You really have personality issues, don't you? LOL

I'm busy with my day job and providing security solutions to my clients
for the past few months causing my mails and replies to be considerably
late. I *finally* get around to catching up on my *hobby* project
(OSVDB.org) and send a quick mail to you and Jake (who you whined to even
though he had nothing to do with the original comments). In return, not
even two HOURS later, after my two MONTH late response, I receive this
reply?

If I post this thread in full, who do you think will come across as not
having anything better to do or having 'personality issues'?

Before you respond, consider that I have spent 10 minutes a month for the
last 10 years pointing out the charlatans in the security industry. What
has Rixstep been doing for the past ten years? I'll gladly take on the
title of 'tosser' if you will will agree to take on the title of
'charlatan'. Deal?

Jericho