First, he's not a security researcher; calling him that gives him an air of credibility he DOES NOT deserve. He's a sleazy typosquatter giving himself the title of "researcher" to gain a veneer of respectability. I am the risk manager for an organization hit by this guy; his intent is made perfectly clear in the extortion snail-mail he sends his victims: I have your mail, pay me what I ask or I go public. He might wrap it up in a "i'm just an unsolicited security researcher trying to help you", but any attempts to discuss the "vulnerability" with him (the "vulnerability" being that my company didn't register every possible misspelling of our trademarks across all possible TLD's), he will refuse to do so until we signed a consulting contract with him.
Complete scumbag who abuses the system for his own benefit. He started this scam going after smaller companies with no InfoSec staff or Risk Managers, offering to settle for $295; once that worked a couple of times, he moved up to mid-sized companies, provincial government assets, international law firms, banks, and finally the big boys like Lockheed Martin. While he may have succeeded on some of the smaller companies, every bigger organization saw through his scam and either passively ignored his demands or is suing him into oblivion.
He is not welcome in the information security or information risk management communities as long as persists in this behaviour. HDMoore at Attrition.org has has been acting as a clearinghouse for this dude's activities; one read-through and you'll understand that Kenzie has unclean hands.
This guy is a Sith and does not deserve your empathy. When justice is meted out, he will never work in IT again.
I can help clarify some misunderstandings with regards to the impartiality of the gymnastics scoring system (Note: I am a former USAG Judge as well as a former competitive gymnast at the collegiate level).
1) Gymnastics routines are made up of a series of interconnected skills 2) Each skill in the routine has a "perfect" execution form; that is, straight legs, pointed toes, straight arms, clean shoulder-to-knee lines, or whatever the skill calls for. 3) If a gymnast performs a skill, and the execution of the skill does not meet the "perfect" execution form, points are deducted for each imperfection within the skill 3a) Gymnastics judges are, for the most part, former competitive gymnasts with an intimate understanding of the execution of the skills which they are judging, and undergo extensive training for identifying imperfections in the execution of said skills. 4) Depending on the severity of the imperfection, points are deducted (minor bends in the limbs account for small deductions, while falls or failure to execute skills correctly or in sequence account for large deductions). 5) Add up all the deductions for each skill in a routine, and you've got your execution deductions.
Now, the new scoring system is based on a response to the ridiculous difficulty of modern gymnastics. Each skill in any given event is given a difficulty rating depending on how difficult it is to execute the skill flawlessly. In mens gymnastics, for example, difficulty ratings go from an A-level (skills like a basic back flip) to F-level (skills like a triple twisting double back flip). It makes sense that gymnasts who perform more difficult skills should be rewarded with higher scores, so that's where the new system comes into play.
In the old days, no matter how difficult your routine was, everyone started off with a "10" and was deducted for execution of skills. So, a gymnast who performed a triple back flip (an F-level skill) in his routine would be on the same level as a gymnast who only did a double front flip (a D-level skill); judges would solely deduct based on execution rather than take into account the difficulty of the skill. So now, instead of you starting with a perfect score, have to BUILD towards the perfect score by creating a routine with high level skills (that is, graded D, E, and F).
Now, back to judges. Judges can now take into account skill difficulty as well as skill execution when judging a routine. Keep in mind that judges aren't judging a routine based on their personal opinion. They judge based on universally accepted "perfect" forms and the skills are directed in the FIG code of points (created by gymnasts for gymnasts, by congress). As a former judge, I can tell you that our judging performance is also graded by how well we can spot imperfections in execution; judges don't get to the Olympic level unless they are eagle-eyed and impartial.
I hope this helps everyone as they continue their discussions on the matter.
Slashdot Mirror
Sorry to self-reply, but I misattributed.
HDMoore = Jericho
Sorry for the brainfart.
First, he's not a security researcher; calling him that gives him an air of credibility he DOES NOT deserve. He's a sleazy typosquatter giving himself the title of "researcher" to gain a veneer of respectability. I am the risk manager for an organization hit by this guy; his intent is made perfectly clear in the extortion snail-mail he sends his victims: I have your mail, pay me what I ask or I go public. He might wrap it up in a "i'm just an unsolicited security researcher trying to help you", but any attempts to discuss the "vulnerability" with him (the "vulnerability" being that my company didn't register every possible misspelling of our trademarks across all possible TLD's), he will refuse to do so until we signed a consulting contract with him.
Complete scumbag who abuses the system for his own benefit. He started this scam going after smaller companies with no InfoSec staff or Risk Managers, offering to settle for $295; once that worked a couple of times, he moved up to mid-sized companies, provincial government assets, international law firms, banks, and finally the big boys like Lockheed Martin. While he may have succeeded on some of the smaller companies, every bigger organization saw through his scam and either passively ignored his demands or is suing him into oblivion.
He is not welcome in the information security or information risk management communities as long as persists in this behaviour. HDMoore at Attrition.org has has been acting as a clearinghouse for this dude's activities; one read-through and you'll understand that Kenzie has unclean hands.
This guy is a Sith and does not deserve your empathy. When justice is meted out, he will never work in IT again.
I can help clarify some misunderstandings with regards to the impartiality of the gymnastics scoring system (Note: I am a former USAG Judge as well as a former competitive gymnast at the collegiate level).
1) Gymnastics routines are made up of a series of interconnected skills
2) Each skill in the routine has a "perfect" execution form; that is, straight legs, pointed toes, straight arms, clean shoulder-to-knee lines, or whatever the skill calls for.
3) If a gymnast performs a skill, and the execution of the skill does not meet the "perfect" execution form, points are deducted for each imperfection within the skill
3a) Gymnastics judges are, for the most part, former competitive gymnasts with an intimate understanding of the execution of the skills which they are judging, and undergo extensive training for identifying imperfections in the execution of said skills.
4) Depending on the severity of the imperfection, points are deducted (minor bends in the limbs account for small deductions, while falls or failure to execute skills correctly or in sequence account for large deductions).
5) Add up all the deductions for each skill in a routine, and you've got your execution deductions.
Now, the new scoring system is based on a response to the ridiculous difficulty of modern gymnastics. Each skill in any given event is given a difficulty rating depending on how difficult it is to execute the skill flawlessly. In mens gymnastics, for example, difficulty ratings go from an A-level (skills like a basic back flip) to F-level (skills like a triple twisting double back flip). It makes sense that gymnasts who perform more difficult skills should be rewarded with higher scores, so that's where the new system comes into play.
In the old days, no matter how difficult your routine was, everyone started off with a "10" and was deducted for execution of skills. So, a gymnast who performed a triple back flip (an F-level skill) in his routine would be on the same level as a gymnast who only did a double front flip (a D-level skill); judges would solely deduct based on execution rather than take into account the difficulty of the skill. So now, instead of you starting with a perfect score, have to BUILD towards the perfect score by creating a routine with high level skills (that is, graded D, E, and F).
Now, back to judges. Judges can now take into account skill difficulty as well as skill execution when judging a routine. Keep in mind that judges aren't judging a routine based on their personal opinion. They judge based on universally accepted "perfect" forms and the skills are directed in the FIG code of points (created by gymnasts for gymnasts, by congress). As a former judge, I can tell you that our judging performance is also graded by how well we can spot imperfections in execution; judges don't get to the Olympic level unless they are eagle-eyed and impartial.
I hope this helps everyone as they continue their discussions on the matter.