Security Community Errata

Whether it is $39.99 anti-virus software, or $500/hr specialty penetration testing, you are paying a price for a piece of security. The security companies that offer these solutions insist that security is important for you as a person and critical to your business. So important in fact, that they expect you will pay ridiculous prices for solutions that aren't as complete or helpful as they seem. One of the cornerstones and components of 'security' is integrity; "1. adherence to moral and ethical principles; soundness of moral character; honesty". When security providers have a breakdown in their own integrity, you should be aware of it. When the company taking your money in return for security products and services fails to maintain a certain level of integrity, you should challenge them on why they think they are qualified to sell security offerings.

This page exists to enlighten readers about errors, omissions, incidents, lies and charlatans in the security industry. With the media running rampant and insufficient checks and balances for their reporting in place, the general population has been misled about everything from hackers to viruses to 'cyberwar' to privacy. In recent years, companies peddling security products and services have taken a turn for the worse, casting aside ethics in favor of lies and profit. Over the years, many companies and people have developed a taste for money and fame when it isn't deserved. These frauds and charlatans survive on being in front of cameras and news articles, constantly peddling their ideas and solutions, when they typically have no merit.

People often ask why we are so critical about articles, or focusing on a single paragraph of a larger article. Regardless of the size or frequency of errors, these problems can be viewed as single bricks in a large wall. The more people read these bricks, the more they begin to see the entire wall. After reading the same errors or omissions from several news sources, the information makes an amazing transition from 'unbiased news' to 'fact'. The notion that it is 'unbiased news' in the first place is just as ludicrious, but a fact of life. Like the news clips, charlatans build their careers by using the same methods. Quoted in an article here, give a weak presentation there and before long it is spun into an elaborate resume, extensive use of the word 'expert' and "twenty years of experience."

The contents of these pages are the opinions and observations of attrition.org staff. However, we frequently receive pointers to articles, information and budding charlatans in our industry. In some cases, we receive material that we republish as is. For any material to appear on this page, we feel that our opinion or posted content is backed by a reasonable amount of evidence and logic. We try to distinguish what is factually incorrect versus our opinions. Do not take this page as gospel; use it as one of many information resources, do your own research and form your own opinions. While we will strive to keep this project as unbiased as possible, there will be many times where we can only counter opinions, bias and implications with those of our own. If you feel that we are accurate, remember there are things you can do to help.

We are always open to suggestions, ideas, corrections, disagreements or new information. We are also receptive to your assistance with our wish list. For additional information about this project, please read our frequently asked questions.



Shame Public figures in InfoSec accused of sexual misconduct and abuse.
Certified Pre-owned Companies that ship malware with new products.
Legal Threats Threat of legal action against security researchers.
Autofail Security companies and auto update mechanisms that failed.
Charlatans Public figures, media whores, and people working in the industry who aren't the experts they claim.
Plagiarism Instances of plagiarism by those in the security industry.
Security Companies Companies that provide security products and services, while failing to maintain their own security.
Security Companies that Spam Security companies that send unsolicited mail (spam).
Other Company Incidents Non-security companies that had security incidents that should be known to their customers.
Statistics Questionable or incorrect statistics on security and computer crime.
The Media (FIN) Mainstream media, news web sites, radio, television and magazines that got it wrong.



Errata Submission Information


Copyright 1999-2012 by Attrition.org. Permission is granted to quote, reprint or redistribute provided the text is not altered, and appropriate credit is given. Graphics provided by Cupcake and Jay Dyson.


main page ATTRITION feedback