Forwarded from: Brian McWilliams <bmcwat_private> http://www.pc-radio.com/response.htm [Refer to the version on the Web since it contains numerous hyperlinked pages. - WK] Statement in response to an article about me by Thomas C. Greene In an on-line story dated August 17, 2001, Thomas C. Greene, a reporter for The Register, published a vicious attack against me and Newsbytes, an on-line news service for which I am a regular freelance contributor. The title of Greene's article was Newsbytes hack tries to embarrass The Register. Greene gave me no opportunity to respond to his critique as part of his article and instead ambushed me, as he apparently does with many of his subjects. Thus I am posting my own response here at my personal Web site. Greene's article apparently was triggered by a story I did August 14 entitled CyberCops Accused of Sloppy Police Work. Here is the lead paragraph of my article, to give you an idea what it was about: "A company that aims to protect on-line merchants against credit card thieves is doing more harm than good, according to three firms recently pilloried by CardCops.com." If you read my story after seeing Greene's attack, you may be surprised to learn that the Register isn't mentioned until the seventh paragraph, and Greene's name doesn't come up at all. While my story does quote the three merchants who refute CardCops' claims that they were hacked, the piece contains no direct criticism whatsoever of the Register, except for this sentence: "Representatives of the three companies contend that the article, and CardCops' report, are factually incorrect." For some reason this statement, attributed to the companies, prompted Greene into a tirade against me. In his August 17 story, he labels me a "twinkie" and "Newsbytes copy drone," and calls Newsbytes a "tech-news repeater." According to Greene, my story was a "would-be exposé challenging our accuracy." I have been trying to understand why Greene, who claims his journalistic trademark is skepticism, would go so ballistic when a veteran reporter (my brief bio is here) takes a different approach to covering the same story. I am no psychologist, but there appear to be several possible background details that might explain Greene's seemingly unprovoked and malevolent attack on Newsbytes and on me. 1. Greene is feeling insecure. While he has earned a loyal following among Reg readers and is respected by many in the IT business, Greene has publicly stumbled in some recent articles. In June, Greene was forced to retract an article about on-line eavesdropping after readers pointed out that one of his main sources lied to him. Earlier this month, the editor of an influential mailing list said that an article by Greene incorrectly concluded that the new FBI director lied to Congress. So maybe Greene's unnecessarily mean-spirited attack on Newsbytes and me was motivated by his desire to prevent his reputation from eroding further. 2. Greene is vindictive. In July, after one of Greene's colleagues at the Reg repeatedly and egregiously plagiarized my articles, I e-mailed the Reg's editors to complain. (I did not notify my editors or publishers at the time about these infractions but was instead hoping that the plagiarist and his editors would gracefully accede to my request that they desist.) The Reg editor replied, "We don't deny [name deleted] had read your stories, you certainly filed before him ... It was just the case that the odd expression stuck in his head as he hurried to file." I don't know if Greene was aware of my plagiarism charge against the Reg, but his editors certainly knew about it when they were deciding whether to run his rant about me on August 17. So maybe his vicious attack was a way of retaliating on behalf of El Reg, as the editors like to call the site. Either way, makes you wonder who really is the "tech-news repeater" in this business. 3. Greene can dish it but he can't take it. As I noted above, Greene prides himself on his hard-nosed, take-no-prisoners reporting style. But he appears to bristle mightily when others are skeptical about his observations or conclusions. Last month, he was challenged by several people on InfoSec News (ISN), a security e-mail list to which we both subscribe. He had just published an article criticizing eEye Digital Security for publishing details on the vulnerability in IIS that led to the Code Red Worm. When I pointed out on the list that he was being hypocritical, since he published a link in another story to a program that exploits the IIS hole (unlike eEye, which never published an exploit), Greene replied: "i don't think it's at all hypocritical ... the most important issue here is the fact that i have no conflict of interest when i link to an exploit. i'm not selling solutions to it." Soon thereafter, another list participant took issue with Greene's explanation by writing: "Imagination and `literary license' are not excuses for shoddy reporting, finger pointing, and utterly overlooking the large implications of the concepts supported by journos." After this, Greene went silent on the issue. Although we haven't met personally and he appears unaware of my work, maybe his attack on Newsbytes and me was provoked in part by this recent, if brief, history between us. 4. Greene can't resist ad hominen attacks. In the ISN discussion over his story about eEye's role in the Code Red Worm, Greene said he detests "twinkies." When I asked him on the list to define what he meant, Greene wrote this: "They're gullibile, and ambitious, and well-groomed, and they don't expect people to lie to them. they went to schools like my alma mater (Williams), but they imagined their professors were all wonderful people, and cherish their diplomas. they can read and digest difficult text, and re-cap it on command; they've learned to follow complex instructions, meet deadlines with pluck, and go about things in a 'professional' manner -- that is, without reluctance, personal flair or (Heaven forbid) independent moral reasoning. They lack imagination, talent, and most of all, courage. And they make me sick." It's unfortunate that an unhappy college experience apparently still colors Greene's outlook on life and other people. But I am not a "twinkie," even by his definition (aside perhaps from the grooming part, which doesn't seem real significant). After I broke stories about events that made them look bad, plenty of big players in the industry -- including Microsoft, America Online, Real Networks, and Dell Computer -- have turned their wrath on me. Greene has no monopoly on "courage." Later, in the same ISN thread, Greene dismissed eEye's Marc Maiffret, an important figure in the security scene, this way: "He seems to do an awful lot of writing in haste, and sounds progressively more defensive and paranoid as time goes by. i just wonder -- assuming he's half the genius he thinks he is -- why he can't mount a simple, effective argument in defence of his actions." If I were half the genius Thomas C. Greene thinks he is, I would have written those two sentences to describe Greene. Or at least plagiarized them. Despite Greene's elevated perception of his work, there are numerous other journalists on the computer security beat who carry as much if not more of the water than he does. They write for publications and services such as AP, Computerworld, InternetNews.com. MSNBC.com, Newsbytes, News.com, Reuters, the Wall Street Journal, and Wired News. And although their writing may not have as much swagger or self-congratulatory bravado as Greene's, they break news all the time as fairly and shrewdly as they can. Brian S. McWilliams -- August 21, 2001 At 08:23 AM 8/17/01, you wrote: >http://www.theregister.co.uk/content/6/21094.html > >By Thomas C Greene in Washington >Posted: 17/08/2001 at 11:20 GMT > >The Washington Post's tech-news repeater Newsbytes has implied that we >were talking bollocks when we revealed several credit card hacks in a >recent story entitled Hacking IIS -- how sweet it is" >http://www.theregister.co.uk/content/4/20960.html > >In that piece we claimed -- on the basis of something called evidence >-- that StrawberryNet.com http://secure.strawberrynet.com; mWave.com >http://direct.mwave.com; and Stic.net http://www.stic.net had been >hacked by means of the IIS folder traversal vulnerability >http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/ >bulletin/MS00-078.asp. > >In hopes of catching us with our trousers down, Newsbytes copy drone >Brian McWilliams hastily ran up a little would-be exposé >http://www.newsbytes.com/news/01/169018.html challenging our accuracy >on the strength of his conversations with the victim companies, all of >whom predictably denied being hacked. > >Of course we've seen the victims of CC hacks deny it endlessly in the >face of withering evidence, as Egghead did >http://www.theregister.co.uk/content/archive/18547.html, and as Amazon >did http://www.theregister.co.uk/content/archive/17387.html. We >consider it an occupational hazard. > >In this case Newsbytes dutifully rang the managers of the victimized >companies and allowed them to claim that they have no knowledge of a >hack. This, of course, is less than conducive to solid newsgathering; >there's often a sort of 'selective ignorance' at play in such >circumstances, we've found. > >And get this: Newsbytes performed a "scan" of some sort which >indicated, to McWilliams' satisfaction, that none of the sites in >question was vulnerable. > >"A scan performed by Newsbytes today revealed that none of the three >firms are (sic) currently vulnerable to the exploit which enabled >variants of the Code Red Worm to infect thousands of Web sites," >McWilliams writes. > >Perhaps McWilliams doesn't understand that Code Red exploits the .ida >buffer overflow vulnerability, not the IIS folder traversal >vulnerability, which we claimed had been used against the sites in >question. A minor detail, perhaps, depending on the power of that >"scan" he claims to have performed. > >We, on the other hand, ran the standard folder traversal exploit on >all the sites, and found, at press time, that two had since patched >against it, while one remained wide open, though it did manage to get >itself patched within four hours of our story's appearance. > >We didn't mention it at the time because we knew the system was open >and didn't want that tiny minority of our beloved readers whom we >don't fully trust to screw them. But since it's now fixed, we'll tell >you that it was mWave, and that we had a nice look at the contents of >their C drive, and managed to call cmd.exe to boot. > >As for Strawberrynet, we reckon they'd prefer that we don't ring their >customers, whose names, addresses, phone numbers, credit card numbers >and expiration dates we've seen, to confirm that they've made >purchases there. But if Brian McWilliams insists, we'll just have to, >we suppose, in spite of the alarm it might cause them. Of course that >would be a terrible embarrassment for the company, so prudence demands >that we only go as far as McWilliams pushes us. > >And as for Stic.net, we've seen their customer accounts, and we know >how much their staff earn. We'd hate like hell to have to publish that >data, so we hope for their sake that Brian McWilliams won't force our >hand. Of course we'll do whatever we must to demonstrate our veracity. > >"For them (The Reg?) to blaspheme us and put our customers at risk >like that, well, this old boy and I can go out behind the barn real >easy," said David Robertson, president of Stic.net," to Newsbytes' >McWilliams. > >Yeah, we spoke with Robertson too, and he was falling all over himself >denying the hack, ringing us every hour on the hour for a time. We've >since learned that he's owned the hack, and even apologized to >CardCops, the organization which first brought his troubles to our >attention. > >He's become immensely harder for us to contact since then. For a guy >who seemed to have our phone number memorized, he's gone suspiciously >quiet of late. He's since neglected to answer our e-mail and our phone >calls. > >But he'll talk to twinkie journos who have absolutely no evidence with >which to refute him -- or us, for that matter. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Aug 22 2001 - 05:31:03 PDT