From: security curmudgeon (jericho-at_attrition.org)
To: Leonard Chin (chinleonard@me.com)
Date: Thu, 1 Dec 2011 16:39:37 -0600 (CST)
Subject: Re: my 2 cents


Hi Leonard;

: Saw some postings from you, and am intrigued by your most recent
: "mission". I'm unsure about your definition of ethics, and I'm not

I don't have a strict set defined on paper. When doing Errata work, I will
largely use the person or organization's ethics that I am writing about.
So when writing about ISC2 for example, I go by their posted ethics and my
interpretation of them. Beyond that, it is generally just a "what seems
right", often mixed with discussion among staff about if an incident is
truly 'bad' or violates ethical standards.

: questioning it. This is written to you on an individual capacity, and I
: can't stop it if you extract parts of it or in full, and utilize
: whichever way you deem fit. It's your choice, and everyone has theirs.

I believe I am fair on quoting material from email. Obviously with 'Going
Postal', that is a different kind of thing. When it comes to Errata, if I
decide to use something, I make sure it is not quoted of context.
Generally, mail like this does not need to be quoted and adds no value
anyway. As an example, I had extensive mails with Jack Koziol of ISI, and
believe I ended up quoting a sentence out of them to give his point of
view.

: (But will appreciate if you could let me know if you decide to do so,
: and not be like "someone" who will just post it out and then "oh btw, I
: posted whatever you wrote...blah blah blah.")

I will do my best, but can't make any promises. As I said, discussions
like this are almost always better left between the two parties, not
shared with the world. If the mail was a rebuttal to something we posted,
then it is fair for me to post it to give our readers both sides of the
story.

: Perhaps however I, or anyone from ECC respond to whatever that is being
: thrown out there now, there will still be a knife out for us. And for me
: personally, I do not wish to be embroiled in this - so if this gets
: worse, I can't do anything about it.

Between us, your name has come up once, but I haven't looked into you at
all. Right now, the only focus is on ECC as an organization, with some
digging on Bavisi. Since he has been very vocal regarding the blog spam
accusations, he has put himself into the lime light.

: I'm quite sure you would have reviewed whatever information that is
: being fed to you, and that you will ascertain yourself whether are they
: authentic - before passing on any statements (or judgement) in public.

Absolutely. The stories we are receiving are varied, some wilder than
others. For me to post anything based only on sources, I need 3 people
that do not appear to have any relation to each other, giving me similar
stories, that pass the 'smell test'. I of course try to verify anything
and everything before posting where possible. If I were to post anything
based on less, I would disclaim it as such, and only as a last resort
after I had exhausted all of my research avenues.

: My question would be, why are all these being mentioned now, and why are
: there "some" people who are so enthusiastic about "garnering"
: information so diligently?

The ECC blog spam thing struck a nerve in many people. That prompted them
to start speaking out against ECC from their own point of view. In reading
all of that, the message we got was a lot of disgruntled people. That in
turn lead us to say "send us your stories" so we can determine if there is
really a 'story', or if its just a lot of people being grumpy. But, to be
fair, we already had some notes on ECC going back over a year. Just
nothing worth writing up by themselves.

: Well, perhaps there are indeed unhappy and aggrieved individuals.. or
: maybe "SORE" would be a more appropriate word to use here... But isn't
: there always 2 sides to the coin? Choosing to remain silent to some
: allegations, DOES NOT imply in anyway that one is guilty of such.

Absolutely not. There are generally 3 sides to any story involving 2
people. =) One thing we try to do on Errata, is write articles that are as
factual as possible, and forgo opinion any chance we get. Those are less
likely to be disputed when evidence is presented. As time permits, we will
often mail out and ask for opinion of the person we are writing about, but
that doesn't always happen. To be perfectly honest, and feel free to share
this with Bavisi, his handling of the blog spam mess does not motivate me
to contact him. His response was hostile, accusatory, potentially
defamatory, and does not indicate he is willing to consider or believe
something could be possibly be wrong in his house. That isn't the kind of
person I see as being beneficial to start a dialogue with, as they tend
not to be productive at all.

: Maybe I should highlight a case - which clearly shows why some
: individual(s) are hell bent on bad-mouthing ECC. Is it a case of simply
: being sore? You decide yourself.

Perfect. The more information we get, the better chance we have of
figuring something out.

: Yes, I did expel (or nicely put - withdrew an invitation to) a certain
: individual from presenting at the recent event in Miami. That's because
: I found out (pretty close to the event) that this particular
: "individual" was the same person that I had evicted from last year's
: event. And I have absolutely no regrets in doing so! Which event
: organizer would allow someone (a group of them actually) remain in an
: event hall when they draw and display anti-sementic images right at
: their booth? Which event organizer can tolerate when these same people

I have heard of a few people being 'uninvited' to speak, but their stories
don't line up with this. I am wondering if this is a case that I haven't
heard yet, or don't have enough details to correlate. The closest thing
that comes to mind is actually the other way; I have a call to make with
someone who claims that ECC members made racial slurs against him.

: are disturbing and annoying the rest of the exhibitors, not to mention
: the delegates, by shouting anti-jews messages and threatening other
: exhibitors? I did what a decent person would do, and that is to have
: them expelled and escorted out of the venue immediately, and I imposed a
: ban on these individuals from future events. Do I have a right to do so?
: Yes I do. Is it a fact? Of course it is when there are so many people on
: site who witnessed the fracas they're creating, and saw me evicting
: them.

Absolutely. That sounds like a justified reaction. I only wish they had
been exposed in a more public fashion. If someone in the security industry
is doing that, I want to publish an article about it so others can steer
clear from them.

: When one wants to dig dirt, I'm sure they will try to find something,
: and make a big fuss out of it. And its amazing to see some fabricated
: "information" that are being re-used again. OMG.. I can't help but burst
: into laughter when I read some of it. Just FYI - Jay Bavisi does not
: even have a Yahoo account! And did ECC go public with the FULL CONTEXT
: of the correspondence/communications between the author of the recent
: blog posting and Jay? They chose not to.

Dewhurst opted not to make them public either, to be fair.

Regarding the Yahoo account; how do you know? I mean seriously, step back
and be completely objective here. How do you know he didn't create a Yahoo
account at some point in the past? Or more recently without your
knowledge? Finally, what does the Yahoo account reference anyway? What is
the big deal if he did or did not?

: How about mentioning some of the good that was done (most recently at HH
: Miami with regards to one of our presenters)? Should we/I have bragged
: about it - then what does that make us? Again, a charlatan or a self
: bragging monster? LOL! So if the knife is out there for one, no matter
: what one does, he'll still be cut/sliced/dissected, one way or another.

There are ways to present your good work without being either. Companies
do it all the time. The trick is finding that nice balance of "we did
good" without bragging or inflating the action or worth of the actions.

: And btw, the question about my nationality? (Never knew this country
: looks into that) But well, I'm a proud Singaporean, born and bred, and
: working for a respectable US organization. [If its about nationality
: now, would it be racial or religion next?? OMG, I don't believe it!]

I haven't seen your nationality questioned. The only question regarding
'nationality' and ECC is really a very different issue. It is something
that is on my list to research, but it doesn't have to do with you, more
about ECC and their position in the industry, specifically related to
comments ECC has made.

: Look, I can't stop you on your crusade, neither am I attempting to do so
: here. And I am definitely not up for challenging you or what you're
: doing. Hey, its the Internet - one can say, write, feel however way they
: wish to! :) I'm sure you know best what you're doing. Since we had
: corresponded before, this is simply a personal note to you to share my 2
: cents worth of thoughts (not that it matters perhaps). As for ECC, I'll
: let them respond however they deem fit and if/when necessary.

A few thoughts here:

Until this mail, I didn't know you were that involved with ECC. As i said,
I haven't even begun to do the research that is required to get a fair
picture of the accusations and try to validate any of it. I was under the
impression your involvement was only a 'strategic partner' of sorts, due
to your involvement in the conference(s) you run.

My "crusade" ... I won't argue that term really. Consider it passionate
interest if you want. =) However, within 24 hours, and based on
information that was learned *BEFORE* the 'blog spam' fiasco exploded
(yes, ECC was very recently on our radar for other issues), there will be
a charlatan page put up. There is one thing I have personally confirmed
that is not up for dispute really; plagiarism. Worse? I am 99% sure that
the plagiarism issue goes considerably deeper, and I will be in a position
to take the time to validate that claim in the coming weeks.

The article I wrote covering the blog spam is more of a summary of the two
blog posts, Bavisi's response, and my own additional research that found
some interesting things not covered by the other two blogs. The article
ends that *we feel* ECC was responsible for it, but I believe I present a
good and fair picture, link to the ECC statement, etc. If there is any
additional information ECC would like to make public, please send it to
me.

The last thing I started poking around on last night was based on someone
noticing peculiarities about an ECC member's history. He claims to have
worked for a company that has no Google footprint. At all. That as you can
imagine, is very suspicious. So from my side, what does that mean? If he
is lying about employment history, that obviously calls into question the
rest of his history and more importantly, *why* is he lying about it. It's
those little strings we follow that tend to lead to the big stuff. There
may be an honest explanation to it, and if we can't find it, we *may* mail
him and ask for details.

Finally, in case it isn't obvious, almost all of the recent flap started
with other people sending us leads, information, and stories. As i said,
we had a few things about ECC from the past that were minor. Then, a
couple weeks ago we got the plagiarism lead which pushed ECC much higher
on the 'to research' list. The recent flap and stories have pushed them to
the top of the work pile.

Thanks for taking the time to mail and start this discussion.

Brian

From: security curmudgeon (jericho-at_attrition.org)
To: Leonard Chin (chinleonard@me.com)
Date: Fri, 2 Dec 2011 02:29:32 -0600 (CST)
Subject: Re: my 2 cents


: Thanks for the lengthy response, and I did take time to "digest"... :)
:
: I'm kick-starting our conference in Vegas, and I will send you my
: response once things settle down here. But your response did get me
: thinking a lot.

Sounds good. As a heads up, found additional plagiarism in ECC material
this evening. That means 2 confirmed, with the 3rd extremely likely.

: Yes, more will be coming your way.

Understood. If you feel that looping anyone else at ECC in is appropriate,
feel free. What I said to you applies to them. Specifically, if you would
like to bring Bavisi in, that may be good. I do have a few questions for
him, but I will reiterate; if his response is as hostile and accusatory as
it was toward Dewhurst, go ahead and keep this between us. We're at a
point where this isn't "accusations", and this isn't a conpsiracy theory
(e.g., the work of a competitor).

.b

From: security curmudgeon (jericho-at_attrition.org)
To: Leonard Chin (chinleonard@me.com)
Date: Fri, 2 Dec 2011 04:03:40 -0600 (CST)
Subject: Re: my 2 cents


: Hey Brian,
:
: I'd be happy to connect and let the "source" speak to you.

To be clear, anyone at EC-Council would *not* be a 'source' in the context
of the word, as applies to journalism. Meaning, a protected source that
will not be disclosed or quotes attributed to them.

While I currently have no intention of posting our entire correspondance
to the public, if a comment is made by an EC-Council staff or board member
that is best served by being published, I will.

CC accordingly. =)

.b

From: security curmudgeon (jericho-at_attrition.org)
To: Leonard Chin (chinleonard@me.com)
Date: Sat, 3 Dec 2011 22:04:31 -0600 (CST)
Subject: question about a PR


http://www.prweb.com/releases/prweb2011/9/prweb8811235.htm

Who wrote this?

From: security curmudgeon (jericho-at_attrition.org)
To: Leonard Chin (chinleonard@me.com)
Date: Sun, 4 Dec 2011 12:53:57 -0600 (CST)
Subject: Re: question about a PR

On Sun, 4 Dec 2011, Leonard Chin wrote:

: We did have a pool of contract freelancers which we hired earlier, so
: looking at the dates, its written by them.

Odd, never heard of PRs being outsourced. Anyway, it has a few lines of
plagiarized content in it.

From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Fri, 2 Dec 2011 16:34:06 -0600 (CST)
Subject: Re: Connect


Hi Jay;

: The fact that you are doing this prior to forming any opinion signifies your professionalism and I appreciate it.

It is only fair, and a required step when doing Errata work. As i told
Leonard, we want as much information as possible, as it is the only way to
make an informed opinion.

: What you see on the web is one side and naturally, as a founder, I am
: passionate about ECC and find it painful to see twisted facts. Sometimes
: my passion comes across as agreesion.....but that is not what it is
: meant to be.

I assume you are referring to the 'blog spam' posting by Dewhurst. If so,
there was an update made by him that I did not see ECC comment on. From
his blog (in case you haven't re-read it since he updated):

   A hacker group called TeaMp0isoN had leaked the r00tsecurity.org forum
   database last year which happened to contain the IP addresses of the
   users when they registered. One of those IP addresses was the same one
   that left the SPAM on my blog. The IP address belonged to the
   "rkvishwakarma" username, who had registered with the
   "rajkumar@eccouncil.org" email address, a long time employee of
   EC-Council.

   http://www.gonullyourself.org/ezines/TeaMp0isoN/TeaMp0isoN%201.txt

Could you comment on this? Does this information help your internal
investigation? Who is "rkvishwakarma" / "rajkumar" within your
organization?

: I just got to Vegas and I am on pacific time.
:
: Give me a number you want me to call you and a time or you can call me
: instead on my cell at 15052740411
:
: I do ask that you give me some times today as I am running some errands
: and want to be in a quite place when I speak to you.

Honestly, I would like to keep this via email for the time being. We do
Errata work in our spare time, and it is easier to discuss these points
and give more informed replies after time to digest it. Since I personally
deal with hundreds of mails a day, it is also beneficial for my memory to
be able to go back and read something you said days prior. As for the
replies, I understand you travel a lot and are busy, so please take your
time and reply as permitted by your schedule.

: P/s: To get you started in the right direction, I am asking for my
: office to send me the incorporation certificate of Michael Ray.

Can you tell me a little about the company? Since there appears to be
absolutely no Google footprint, we have no idea what industry the company
is in, what country they are based out of, how big the company is (sounds
big given the description of your work there), etc.

Could you also clarify something, and you can chalk this up to my
ignorance of how the legal system works in the UK; your LinkedIn profile
says you were a Barrister at Law. Is that the equivilent of a lawyer in
the U.S.? Or does a Barrister work directly for the courts?

Finally, for now, could you give me a statement or opinion on EC-Council's
policy for dealing with plagiarism? Specifically, do you maintain a policy
to help ensure the material you publish does not include plagiarized
material? If plagiarism is detected, what is ECC's response or course of
action? I ask because I have found two confirmed cases of it, and am
99% sure there will be a third in the coming days.

Thanks,

Brian

From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Sat, 3 Dec 2011 02:52:41 -0600 (CST)
Subject: Re: Connect


: Since you did not respond to my request to chat, I assume you must be
: tied up.

Yes. Currently working on a glass of Tequila and exposing another person
that plagiarizes large amounts of content for a magazine in India.

: I shall start my response before this weekend. I want to collect all the
: data to share, as much as we can, the facts with you.
:
: I assume you will not publish anything until you have had a chance to
: review it, correct?

Absolutely.

I would also like to request that you and/or EC-Council respond to one
point of my last mail in writing, as an official response that I may
publish, regarding plagiarism.

Thanks!

Brian

From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Sat, 3 Dec 2011 03:07:04 -0600 (CST)
Subject: Re: Connect


On Sat, 3 Dec 2011, Jay Bavisi wrote:

: Absolutely, when you read my response, you will know why we did not post
: anything on Ryan's site on that matter.

OK, but Ryan's site did not bring up the subject of plagiarism at all. I
wouldn't expect you to address that issue there.

: P/S : I have asked Leonard to share with you details of the guy we
: evicted who made Antisemitism comments and is apparently one of the best
: hackers of the world.
:
: I understand that he happens to be one of your supporters and informers.
:
: I am sure you will investigate that story fairly like you plan to do
: with mine/ECC.

Absolutely. If I can validate it, I will publish details.

: After you have made up your mind and hopefully, cleared us of any wrong doing, we should talk.

I'm afraid to say, I will not 'clear' you of all wrong doing. As i said, i
have found several instances of plagiarized content "written" by
EC-Council. I am still working on reviewing content (but not this
evening), and it will be another week before I can finish the reviews I
have planned.

: Thank you for responding and enjoy your tequila.

And enjoy Vegas =) You should be hitting a casino or club instead of
mailing me!

Brian

From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Sat, 3 Dec 2011 03:29:01 -0600 (CST)
Subject: Re: Connect


: If you are so confident, then you know something I don't.

100% confident. In case you weren't aware, detecting plagiarism is
something we have done quite a bit of work in:

http://securityerrata.org/errata/plagiarism/

http://securityerrata.org/errata/plagiarism/detecting_plagiarism.html

: I am not sure if you know about our licensed/permission based content?

Perhaps not, but I know that some of the plagiarized content is not
available for licensing (e.g., taken from U.S. government sources)..

For another set of content, I have already verified that you have a
license with the original creator. Yes, I try to be as thorough as
possible.

Brian

From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Sat, 3 Dec 2011 03:38:50 -0600 (CST)
Subject: Re: Connect


On Sat, 3 Dec 2011, Jay Bavisi wrote:

: Brian - If the content is outsourced ( some of ours is) it may be
: possible that mistakes may happen.
:
: However, if you see a pattern or clear intent to plagiarize, it is a
: different issue.

Definitely a pattern. The volume and location of plagiarism is too great
to be a "rogue outsourced consultant".

: However, this is a very serious allegation.

As you can see from the links I sent, we're good at what we do. I stand by
our reviews.

: Would you share with me what you have found so that I can investigate
: this internally?

After I finish the last part of the review, yes. I will share all of the
details and the results of the research.

Brian

From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Sat, 3 Dec 2011 03:48:35 -0600 (CST)
Subject: Re: Connect


On Sat, 3 Dec 2011, Jay Bavisi wrote:

: Thanks Brian.
:
: I am glad to know that you will share this with us prior to going
: public. If this is true, it will be dealt with very seriously.

I don't want to give details until the review is done, to ensure it is as
accurate as possible. I have emails out to some sources asking about
licensing and permission for example, some of which have been answered,
and some have not.

However, plagiarism has been found in:

        EC-Council Certified Incident Handler (ECIH) Course
        EC-Council Alchemy Blog

In addition, I have two EC-Council books being shipped here, due to arrive
next week. Both of them appear to have plagiarized content in them as
well, based on Google searches and some of the book material being
available online. However, without the book in hand, I cannot verify it so
I can't speak to the accuracy of the preliminary findings.

Brian

From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Sat, 3 Dec 2011 04:51:39 -0600 (CST)
Subject: Re: Connect


On Sat, 3 Dec 2011, Jay Bavisi wrote:

: You know, we use a software called ithenticate. We pay a significant sum
: for every word it verifies.

I am familiar with the software. It is *horrible*. It wasn't able to catch
any of the plagiarism I found by hand. When I mailed the creator of it
suggesting a few enhancements, he basically said "no" saying his customers
wouldn't care. I thought he was an idiot for dismissing the ideas so
quickly.

: However, looks like you found stuff we did not or it was swept under the
: radar from me without the use of the software. I will have to
: investigate this.
:
: Please point me to the right direction. What courseware other than this
: that I need to look into.

That is the only course I have examined.

: I will investigate ECIH and Alchemy immediately.

The Alchemy Blog is trivial to find. There are 3 posts, all 3 are taken
100% from C|Net articles.

: On a personal note - If it is true, I wonder why someone like you would
: not offer these services to companies like mine.

Doing this by hand is time consuming, and not profitable. While the
results are substantially better than automated services, no one will pay
me a decent amount of money to do it.

By day, I do a considerable amount of technical editing. Word is out in
the community that I am a pretty good tech editor. I have had 2 authors
ask me to tech edit their books for them, neither has offered me money,
just "a few copies of the book".

Brian

From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Sat, 3 Dec 2011 04:55:15 -0600 (CST)
Subject: Re: Connect


: For ECIH - I hope you are looking at the entire book with the references
: and not just the power point slides that we sent to a reviewer (We both
: know him).

I reviewed the PPT presenter slides for a few modules of ECIH, and one PDF
that had the presenter slide and notes for one module. The PDF had no
additional footnotes or citations for that module. In addition, there was
no appendix or 'references' section in the document either.

As for the *book*, as I said, I have 2 EC-Council books on the way but I
have not received them yet.

Brian

From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Sat, 3 Dec 2011 20:45:45 -0600 (CST)
Subject: Re: Connect


On Sun, 4 Dec 2011, Jay Bavisi wrote:

: ok, that may explain it. The references are normally in the end of the
: books and in some at the end of the chapters.
:
: I can send it to you if you like. Why don't you wait for the books and
: then let me know.

Yep, like I said, two on the way. That will give me a good idea what is
there.

The question then becomes, are the books handed out as part of the class?

Brian

p.s., In case you didn't see, two more plagiarizers exposed in the last 24
hours, thus the me being busy part =)

        http://securityerrata.org/errata/plagiarism/bennet_bayer.html

        http://securityerrata.org/errata/plagiarism/r_manoj.html

From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Sat, 3 Dec 2011 20:51:56 -0600 (CST)
Subject: Re: Connect


: Brian - If you can show me you are better than Ithenticate, I will hire
: your services but prefer you working full time for us. There is so much
: to verify, I want every word verified. I can send you our ithenticate
: contract and the 500,000 pages usage !

Honestly, I don't believe you could match my current salary, and I don't
think I would be happy doing that full time.

: a) We could trust to do a good job
: b) Had fantastic english
: c) Has technical background ?respect in the community is a plus too.

There are a lot that can, but again, the money isn't there. Tech editors
are not considered a high dollar position (rightfully so usually).

: You may choose to insult us publicly or help us solve a challenge that
: ithenticate can't fix. It's up to you, Brian.

I don't believe the Errata articles are particularly insulting, not most
of them at least. That kind of prejudicial wording is not appropriate in
my opinion.

: But - If the system failed us, you should not call us frauds.You are
: influential and it will kill a lot of the work we did in such a short
: amount of time.

I cannot say the system has failed you though. The only way I could do
that is plug all of this into iThenticate and see the results.
Unfortunately, they require specific formats to be used for uploads, and a
lot of the material I am reviewing is not in those formats (e.g., PDF).

: We are very serious about integrity. The fact that you would even
: consider placing my name or my organizations onto Charlatan was an

Once again, you are being defensive and prejudicial in your reply to me,
the same way you were with Dewhurst. You are insulting me, my work, and MY
integrity by challenging me in this manner. My track record in exposing
frauds and plagiarism has only been challenged by the people I am
exposing, in an attempt to hide my work. It has not been challenged by
anyone else in the industry, despite being peer reviewed.

If your goal is to insult me, so be it, we can end our communication here.

Brian

From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Date: Wed, 7 Dec 2011 17:15:12 -0600 (CST)
Subject: Re: Connect


Thanks for your detailed answers. I have read through once and will read
it again later to make sure I understand everything. Some of my questions
are cleared up, I likely have follow-up to a couple of them.

.b

From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Wed, 7 Dec 2011 17:11:28 -0600 (CST)
Subject: licensed/permission based content (was Re: Connect)


On Sat, 3 Dec 2011, Jay Bavisi wrote:

: I am not sure if you know about our licensed/permission based content?

I have a copy of "Ethical Hacking and Countermeasures, Threats and Defense
Mechanisms" by EC-Council Press / Course Technology/Cengage Learning.

I do not see anything in the front of the book indicating licensed
content, see no footnotes at the end of chapters, no appendix listing
sources, etc. Using this book as an example, where would I find the
content that is licensed or you have permission to include? If it isn't in
the book, can you provide a list?

Brian

From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Wed, 7 Dec 2011 19:16:47 -0600 (CST)
Subject: Re: licensed/permission based content (was Re: Connect)


: : I am not sure if you know about our licensed/permission based content?
:
: I have a copy of "Ethical Hacking and Countermeasures, Threats and Defense
: Mechanisms" by EC-Council Press / Course Technology/Cengage Learning.
:
: I do not see anything in the front of the book indicating licensed
: content, see no footnotes at the end of chapters, no appendix listing
: sources, etc. Using this book as an example, where would I find the
: content that is licensed or you have permission to include? If it isn't
: in the book, can you provide a list?

Yeah, please consider this a formal request for a list of material that
has been licensed by EC-Council to be used in this book without
attribution.

According to page xvii, the author of this book is Michael H. Goldner.
Would you also clarify if he is a contractor or employee of EC-Council?

Thanks,

.b


p.s. You can read into the above as confirmation that I have found
extensive material taken from six different sources in the first 14 pages
of the book, all of which pre-date the book publication date (including
two from 1998).

From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Thu, 8 Dec 2011 15:48:12 -0600 (CST)
Subject: EC-Council work being used w/o authorization


Looks like EC-Council's material is being used w/o attribution in a few
places. While reading through Ethical Hacking and Countermeasures :
Threats and Defense Mechanisms, found these pages that appear to be using
content from chapter 1:

http://www.amarjit.info/2009/05/trojans-and-backdoors-5-wrappers.html

http://buddyhack.wordpress.com/2011/04/29/trojans-and-backdoors-5-wrappers/

http://www.alhasebat.net/vb/attachment.php?attachmentid=245&d=1146392065

You will need to do a full analysis before contacting them. There is
enough material that appears to be directly from the book, but please
verify.

.b

From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Fri, 9 Dec 2011 03:01:17 -0600 (CST)
Subject: Re: licensed/permission based content (was Re: Connect)


: : I do not see anything in the front of the book indicating licensed
: : content, see no footnotes at the end of chapters, no appendix listing
: : sources, etc. Using this book as an example, where would I find the
: : content that is licensed or you have permission to include? If it isn't
: : in the book, can you provide a list?
:
: Yeah, please consider this a formal request for a list of material that
: has been licensed by EC-Council to be used in this book without
: attribution.
:
: According to page xvii, the author of this book is Michael H. Goldner.
: Would you also clarify if he is a contractor or employee of EC-Council?

Did more examination this evening. Even if EC-Council licenses material,
there is at least one case where this book uses an image from a Syngress
book published in 2006, without attribution, *and* slaps the Copyright
EC-Council warning under it. While I do not doubt you have licensed some
content, I cannot imagine that the license allows for you to in turn
copyright the material as your own.

I am afraid we're looking at substantial plagiarism in "Ethical Hacking
and Countermeasures : Threats and Defense Mechanisms" based on the
examination so far. I hope to conclude my examination tonight, tomorrow at
the latest.

Brian

From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Fri, 9 Dec 2011 03:03:52 -0600 (CST)
Subject: Re: licensed/permission based content (was Re: Connect)


: This book belongs to Cengage Learning. It is written and published by
: them for our exam standards in our name. They hire authors, they write
: the content, they transfer copyright to ECC and they publish it in our
: name based on our exams.

: Michael Goldner is not an EC-Council employee or a contractor of
: EC-Council. You will need to contact Cengage for all questions
: pertaining to this series.

I can certainly do that, but understand that the book has "EC-Counil |
Press" in the upper right hand corner, and "Course Technology / CENGATE
Learning" in the upper left. At the bottom is a large C\EH Certification
logo as well.

While this may be 'their' book, it is certainly branded as EC-Council and
C|EH.

I'd expect you to be a little more angered by what I have found. Enough
to warrant something more than "contact them". If they are at fault, but
branding the book under your name, you should seriously consider legal
action against them.

Brian

From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Fri, 9 Dec 2011 03:11:22 -0600 (CST)
Subject: Re: licensed/permission based content (was Re: Connect)


On Fri, 9 Dec 2011, Jay Bavisi wrote:

: ok - thanks for the update. I would like to know whatever you learn so
: that I can act accordingly.

I will share my findings regarding this book with you after I complete
the review, before publishing anything.

If CENGAGE is ultimately responsible, you should also start giving thought
to how you and EC-Council will respond should we find plagiarism in
additional books. Note, very preliminary results suggest that is the case.
The second "EC-Council" book has not arrived yet, so I cannot verify it
presently.

Brian

From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Fri, 9 Dec 2011 03:19:33 -0600 (CST)
Subject: Re: licensed/permission based content (was Re: Connect)


On Fri, 9 Dec 2011, Jay Bavisi wrote:

: As soon as I learn from you, I will ask them to update the errata page
: on the site of the book.

This is not errata. Errata is a list of errors, meaning technical errors,
typos, etc.

This is *outright plagiarism*. This is unethical behavior and a civil
offense in many countries.

: We do have an extensive license with Syngress but it is for our official
: guide.

As I said, even if CENGAGE has a similar license, I would bet a dollar it
does not allow for them to try to copyright Syngress images to EC-Council.
Let me make sure you understand that. While you are telling me this is
CENGAGE's doing, they are slapping an EC-Council copyright on their book,
and on each individual graphic. One way or another, EC-Council is
partially culpable in this.

Brian

From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Fri, 9 Dec 2011 03:46:49 -0600 (CST)
Subject: Preliminary review of 'Ethical Hacking and Countermeasures : Threats and Defense Mechanisms'


Jay;

The following are rough notes based on a brief review of the book 'Ethical
Hacking and Countermeasures : Threats and Defense Mechanisms', bu Course
Technology / CENGAGE Learning and branded as EC-Council | Press. The
copyright is 2010 to EC-Council, not CENGAGE.

This review is based on spot checking three chapters, but not in their
entirety. Based on what I found, I didn't feel the need to go any further.
Given the wide variety of where the material was taken from, I believe it
is clear that the author, Michael H. Goldner, plagiarized content without
permission or attribution. In many cases, he changed wording enough to
make it fit in this book, and possibly as a method for attempting to
obscure the plagiarism.

Please remember, these are my very rough notes, something that I do not
publish and generally do not share with anyone.

Brian

--

1-2 definition of trojan horse from
http://www.starstandard.org/guidelines/DIG2011v1/ch11s03.html
1-4 trojan section. some verbatim, some paragraphased from
http://web.archive.org/web/20081209053403/http://www.aboutonlinetips.com/what-is-trojan-horse-and-how-to-recover-from-a-trojan-horse-infection/
        p1, s1 = verbatim
        p2, s1 / s2 = verbatim
        p4, s1 / s2 = almost verbatim
        p5, s2 = almost verbatim
        p7-13 (~50% of page) = verbatim from
http://www.itexperts4u.com/blog/2009/03/places-where-trojans-hide-in-ur-system/
March 11th, 2009

http://www.data4experts.com/2009/07/where-do-trojans-hide-in-our-system.html
July 04, 2009
1-5 different ways a trojan can get into a system, first 6 of 8 same
list/order as 1-4 link
1-9     p2-7 = uses almost 100% of text verbatim from this resource, but
expands on it.

[..]

From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Date: Fri, 9 Dec 2011 18:02:28 -0600 (CST)
Subject: Re: licensed/permission based content (was Re: Connect)


On Sat, 10 Dec 2011, Jay Bavisi wrote:

: I know. What I meant is until I do not have all the details, I cannot be
: for sure what is errata and what is plagiarism on the books written by
: Cengage.
:
: As soon as I do have the information, I will take this up with Cengage.

I sent the preliminary notes to you last night.

I have a contact at Syngress will verify the presence of a license on
Monday morning.

Brian

From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Sun, 11 Dec 2011 01:38:27 -0600 (CST)
Subject: Re: Preliminary review of 'Ethical Hacking and Countermeasures : Threats and Defense Mechanisms'


: Thank you for these notes. I appreciate it.
:
: Somehow this mail did not make it to my mobile. I will take this up with
: the folks at Cengage .

Excellent. If they push back, remind them that another book from Thomson
Course Technology (that later became Course, part of Cengage) was also
found to have plagiarism.

http://securityerrata.org/errata/charlatan/ankit_fadia/network_intrusion/

From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Thu, 15 Dec 2011 17:49:58 -0600 (CST)
Subject: Re: Preliminary review of 'Ethical Hacking and Countermeasures : Threats and Defense Mechanisms'


Hey Jay;

Any word from Cengage on this?

.b