Full Disclosure mailing list archives
Re: 'Rixstep still aren't as leet as they thought they were'
From: contact () rixstep com
Date: Mon, 22 Jan 2007 12:50:32 +0200
<http://seclists.org/fulldisclosure/2007/Jan/0303.html> Re: 'Rixstep still aren't as leet as they thought they were' Oh it's been fixed all right. Mr Anonymous with the Bent didn't stay around long enough to find out. What's interesting of course is that Mr Anonymous 'backdated' the advisory to make the company look bad. This is not 'full disclosure' - this is the typical behaviour of an Apple fanboy. He got excited on 15 January, did in fact find a bug, and then searched the entire Rixstep site for mention of the product. The earliest he could find was 23 November last year. Unfortunately this amateur didn't take the time to consider several things. 1) There are serial numbers on all SF advisories. Several dozen before his are all dated 15 January 2007. It becomes obvious he's backdating. 2) The product Mr Bent tested is not the product released on 23 November. 3) Mr Bent would have the world think he actually contacted Rixstep prior to going public with his 'nasty bug'. But in such case he got his hands on a copy of a product two weeks prior to it being written. As with Steve Jobs, Nancy Heinen, and Fred Anderson, backdating is generally a Bad Idea (tm). But the bug has indeed been fixed and Security Focus have been alerted to the issue with the behaviour of this person and corrected the appropriate records. Basically all this proves is that this person has a sick mind - something most of us already knew. But now it's out in the open. His goal was to make Rixstep look bad and in the end it is only he and his fanboy friends who look bad. The objective of full disclosure is to close security gaps in software so users are not victimised. It is not to be able to strike back at people like MOAB who dare criticise their beloved platform. Apple fanboys have attacked Brian Krebs, Dan Gillmor, Andrew Stone, Avie Tevanian, George Ou, Kieren McCarthy - and now MOAB and Rixstep - where other vendors such as Microsoft simply say 'yes we know; we are going to fix it' and Microsoft software users take a calm and rational stance to it all. Wikipedia's definition of 'fanboy' is as follows. 'Fanboy or fanboi is a term used to describe an individual (usually male, though the feminine version fangirl may be used for females) who is utterly devoted to a single fannish subject, or to a single point of view within that subject, often to the point where it is considered an obsession. Fanboys remain loyal to their particular obsession, disregarding any factors that differ from their point of view. They are also typically hateful to the opposing brand or competition of their obsession regardless of its merits or achievements.' You can't cure a fanboy just as you couldn't convince the citizens of Jonestown to come home and save themselves - and they will become aggressive to those who try to help them. Wiki's words are good here - this is just a fact of life. Bottom line? Rixstep are just as 'leet' as they've claimed for their stance is not merely that they do more QA than other companies but that they're actively soliciting bug hunts - they won't hide in the PR department like some other companies. Also of note is that Mr Bent, attempting to take the ethical high ground, still hides behind anonymity. If everything were so above board and he felt no shame and disgust at his behaviour - then why hide? We do in fact offer rewards for people who find bugs - and have given away two products already as a result - but we're not about to give them to nasty Apple idiots. This post has little relevance to FD but OTOH neither did any of the rantings of this lunatic. It's just to set the record straight. Watch out for fanboys and if you're contemplating migrating to OS X (most likely you're not) consider you will run into these suicide users all over the place. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: 'Rixstep still aren't as leet as they thought they were' contact (Jan 22)
- <Possible follow-ups>
- Re: 'Rixstep still aren't as leet as they thought they were' fanboy_macpwnie (Jan 22)