[ISN] When Hacks Attack: The Computer Security Textbook Plagiarism Epidemic

From: InfoSec News <alerts_at_private>
Date: Fri, 29 Jul 2011 04:08:06 -0500 (CDT)

By Adam Penenberg
Fast Company
July 27, 2011

A crusader from Attrition.org has found that an alarmingly high number 
of books written by computer security experts are nearly 100% copied 
from other sources. What does that say about the industry?

Borrowing code is standard operating procedure for those who work with 
software. All modern computer program languages use what is known as an 
"object oriented" model, which means code is designed to be 
modular--like swappable, repeatable, spawning objects. Over time 
standards have emerged, with programs often inheriting code from 
third-party libraries. Many popular open source packages like Drupal or 
Wordpress are not only composed of contributions and "borrowings" of 
thousands of developers and sources, but are architected to be 
customized by copying parts to be "overridden." In other words, copying 
is required, and there are a variety of licenses that specifically allow 
for it, provided credit is given. Code is a bit like a message in a 
bottle floating in the ocean... it could end up anywhere. If someone 
doesn't want you taking his code, it would be cloaked with encryption.

This "information wants to be free," the credo of programmers 
everywhere, is a far cry from American copyright law and tradition, 
which discourages unfettered copying. This difference in ethos may 
explain why so many computer security books appear to be plagiarized. 
Indeed, entire tomes--written by an array of self-proclaimed computer 
security experts--seem to have been copied and pasted from other sources 
without attribution, their authors not even bothering to conjure up a 
single original adverb, as if they were just grabbing code from another 

I first became aware of this plagiarism-palooza from Brian Martin, a 
computer security professional who, under his handle "Jericho," is a 
founding member of Attrition.org, a popular computer security web site 
that has as its mission (he calls it a "crusade") "to expose industry 
frauds and inform the public about incorrect information in computer 
security articles." He has spent months plugging phrases from these 
books into Google in an attempt to locate the original source material.

The project, he says, was a "nasty side effect" of investigating 
"charlatans"--those who thrive on deceit to promote themselves--when a 
fan pointed out a book review that had found rampant plagiarism in a 
popular computer security book. From there it snowballed, and since many 
of these authors have written multiple books, he has no shortage of 
material. Lately he's noticed more and more plagiarism and copyright 
violation (wholesale scraping of content) in the security world.


Attend Black Hat USA 2011, hosted at Caesars Palace in
Las Vegas, Nevada July 30-Aug 4, offering over 60 training
sessions and 9 tracks of Briefings from security industry elite.
To sign up visit: http://www.blackhat.com
Received on Fri Jul 29 2011 - 02:08:06 PDT

This archive was generated by hypermail 2.2.0 : Fri Jul 29 2011 - 02:10:38 PDT