From: security curmudgeon (jericho[at]attrition.org)
To: Rahul Tyagi (officialrahultyagi@gmail.com)
Date: Mon, 28 May 2012 03:12:57 -0500 (CDT)
Subject: Re: Thanks For Getting My Book Jerico


On Mon, 28 May 2012, Rahul Tyagi wrote:

: I have mailed you few months back to have a look on my book, but you
: said that time that you are busy, but i am happy to send you this copy.
: and hope you will like it .

Not sure when I will get a chance to read it, but figured I should grab
it while available.

From: security curmudgeon (jericho[at]attrition.org)
To: Rahul Tyagi (officialrahultyagi@gmail.com)
Date: Thu, 14 Jun 2012 19:26:22 -0500 (CDT)
Subject: Re: Thanks For Getting My Book Jerico


On Mon, 28 May 2012, Rahul Tyagi wrote:

: I would love if you personally check my book and give a independent
: review please if you can get some time i'll be very thankful to you.

Did you write all of the material in this book yourself?

From: security curmudgeon (jericho[at]attrition.org)
To: Rahul Tyagi (officialrahultyagi@gmail.com)
Date: Fri, 15 Jun 2012 01:46:58 -0500 (CDT)
Subject: Re: Thanks For Getting My Book Jerico


On Fri, 15 Jun 2012, Rahul Tyagi wrote:

: : Did you write all of the material in this book yourself?
:
: Rahul Tyagi Wrote: Yes from 17 chapters i tired my best to contribute
: from my side i contributed 92% of whole book , 5-8% part of the book is
: contributed by some of my students and some other friends, and two
: chapter cum articles are from guest writers Mr. Rishab Dhangwal(RFI
: Attack) and AMarjit Singh.( Wireless Attacks).

I saw the couple of pages by Dhangwal on RFI, which you credited at the
end.

After skimming the firt half of the book this afternoon, I have to ask
again. Are you sure you wrote everything else in this book, other than
the two sections you identified?

From: security curmudgeon (jericho[at]attrition.org)
To: Rahul Tyagi (officialrahultyagi@gmail.com)
Date: Fri, 15 Jun 2012 11:06:01 -0500 (CDT)
Subject: Re: Thanks For Getting My Book Jerico


On Fri, 15 Jun 2012, Rahul Tyagi wrote:

: Rahul Tyagi Wrote: As i told you before 92% of the book is written by
: me, and rest 5-8% except rishab and amrjit's articles were contributed
: by some of my students and my friends.Like some of spamming portion and
: wireless security portion where contributed by my students.

How about the section on SQL injection and Cross-site Scripting?

From: security curmudgeon (jericho[at]attrition.org)
To: Rahul Tyagi (officialrahultyagi@gmail.com)
Date: Mon, 18 Jun 2012 16:36:11 -0500 (CDT)
Subject: Re: Thanks For Getting My Book Jerico



On Sat, 16 Jun 2012, Rahul Tyagi wrote:

: : How about the section on SQL injection and Cross-site Scripting?

: Rahul Tyagi Wrote:- Jerico can you please list all the section on which
: you have any problem, that would be easier for me to reply in single
: stance. and reply for this SQL Injection and Cross Site scripting i
: wrote that but to increase the section people behind book added more
: content.

I mentioned two specific chapters for you to reply to, and you have no
said several times that you wrote it.

In fact, you did not. You plagiarized the material from other people.

Chapter 6, page 38 - SQL injection (2 paragraphs) taken from verbatim from
http://www.imperva.com/resources/glossary/sql_injection.html. The full
page of text on "simple bypass authentication from frontend" was taken
from
http://www.cmswire.com/cms/web-cms/how-they-hack-your-website-overview-of-common-techniques-002339.php
or another article.

Chapter 6, pages 39-42 - XSS section is all taken verbatim from
http://projects.webappsec.org/w/page/13246920/Cross%20Site%20Scripting.
The only edits you made were to the example URLs, to try to conceal the
fact that it was not your work.

These are not the only sections that contain material you plagiarized from
other sources. Do you understand what an author does, specifically writing
original material OR properly citing material taken from other places? Are
you familiar with plagiarism? If you are, then why did you lie to me?

From: security curmudgeon (jericho[at]attrition.org)
To: Rahul Tyagi (officialrahultyagi@gmail.com)
Date: Mon, 18 Jun 2012 20:08:51 -0500 (CDT)
Subject: Re: Thanks For Getting My Book Jerico


On Sat, 16 Jun 2012, Rahul Tyagi wrote:

: The chapters which are from my hand not from any friend , content adder
: and others, are listed below you can check it out.

I have finished reviewing the book. Based on a pretty quick check, there
are over 20 instances of plagiarized content that I found. Given that a
sizable portion of the book consists of large screenshots and very little
text, it makes up a substantial amount. I am curious to receive a reply to
my previous mail regarding this.

For the parts that you appear to have written, it is clear that you have
about the same grasp on "hacking" as Fadia and others. That is, you don't
know the topic very well. Some of your claims and explanations make it
clear that you do not understand how hacking has been done historically,
nor do you go past the initial script kiddy junk that many people have
been peddling for years. Other than your very basic familiarity with
Backtrack, I don't think you understand a fraction of the topic. If I were
to make a list of all the mistakes and shortcomings of the book, it would
take me a full day or more.

Every single part of this book seems to be junk honestly. Selling it under
the advertising and claims you make on your web page is a disservice to
your readers. The fact that you or Fadia teach people 'hacking', which is
little more than glorified Windows tricks and how to use simple Windows
programs, is laughable and in my opinion, borderline fraud.

jericho

From: security curmudgeon (jericho[at]attrition.org)
To: Rahul Tyagi (officialrahultyagi@gmail.com)
Date: Tue, 19 Jun 2012 00:12:47 -0500 (CDT)
Subject: Re: Thanks For Getting My Book Jerico


On Mon, 18 Jun 2012, Rahul Tyagi wrote:

: Well i respect your words jerico but i am nt agree with your last
: comment that it is junk, for a person who still do no know what is IP
: address , how can u teach him msf, and may be u r right but i have
: written this book by considering a begineer in india not in USA. rest i
: am nt a person who step back, and i am nt having shame of accepting my
: mistakes, if they exist, and one request one time instead of finding
: mistakes try to have a eye of beginr and then read the book. And you knw
: i cant stop you by doing anything even i will not, you can do whatever
: you want your steps will be welcomed from me anytime, but also read
: other chapters only website hacking is not in the race. And you consider
: my another ankit then i let u knw i was nt born in a golden spoon family
: like ankit. and if u really know me you will nt say it for sure. Rest up
: to you.

First, you did not address my questions regarding plagiarism. Why not?
After denying it three times, are you ready to admit you did not write
significant portions of the book?

Second, I am comparing you to Ankit based on your books and apparent
knowledge. I don't care who had a privileged upbringing. You are both
claiming to be experts, both claim to know hacking, and both wrote books
on the topic.

Third, I went through the entire book. My comments are based on that, not
a limited view of web hacking only.

Fourth, there are proper ways to teach a beginner, and this is not it. You
jump all over the place, switching topics, covering them in an illogical
order, and ultimately cover too many topics in a mere 170 pages. Look at
Hacking Exposed (692 pages in 2005) or Maximum Security (896 pages in
2001) and consider they attempt to cover 'hacking' like you do. That many
years back, and 3 - 5x more material than yours, with a LOT more content
on each page. Do you really think that your book brought anything new to
the table over other more recent books? I don't think so. I just don't
understand why you, or Fadia, would think yourself an expert in security
when it is clear you both come from the same poor technical background and
misguided notion on both the breadth and depth of hacking.

From: security curmudgeon (jericho[at]attrition.org)
To: Rahul Tyagi (officialrahultyagi@gmail.com)
Date: Tue, 19 Jun 2012 00:28:09 -0500 (CDT)
Subject: Re: Thanks For Getting My Book Jerico


On Mon, 18 Jun 2012, Rahul Tyagi wrote:

: So you did not find a single good point in this book, this is my last
: question from you ?

Answer my question, and I will answer yours.

: : First, you did not address my questions regarding plagiarism. Why not?
: : After denying it three times, are you ready to admit you did not write
: : significant portions of the book?

From: security curmudgeon (jericho[at]attrition.org)
To: Rahul Tyagi (officialrahultyagi@gmail.com)
Date: Tue, 19 Jun 2012 00:35:19 -0500 (CDT)
Subject: Re: Thanks For Getting My Book Jerico


On Mon, 18 Jun 2012, Rahul Tyagi wrote:

: I replied it jerico i think you did not saw that in hurry, i told you in
: 17 chapters two chapters's content are contributed by my friends and
: students, spamming(By Miss Dox) and web applications, and also due to
: short content more content is being added by the content adder. except
: it Whole 15 chapters are written by me. and out of 17 chapters 15 are
: purely written by me.

I read that. Then I disputed your claims and specifically cited two
examples with where they were taken from. I also told you that I found
over *20 instances* where material was plagiarized from other people.

So what this tells me is that you either do not know what plagiarism
means, or you do and are still denying it despite the evidence I have
seen.

From: security curmudgeon (jericho[at]attrition.org)
To: Rahul Tyagi (officialrahultyagi@gmail.com)
Date: Tue, 19 Jun 2012 00:49:27 -0500 (CDT)
Subject: Re: Thanks For Getting My Book Jerico


On Mon, 18 Jun 2012, Rahul Tyagi wrote:

: I know plagiarism jerico, and if you found the content which is
: plagiarized then what i can promise that in next printing slot the
: refrences would be there, but beside these chapters please also give
: credit for others chapters which are from my pen.

I found plagiarism in chapters 2, 3, 4, 6, 7, 8, 11, 13, 14, and 17.
Several chapters were 80% screenshots with almost no text, and barely
constitute 'authoring' a chapter. Further, I did not check every chapter.
Seriously, it is difficult to give any credit here.

I simply do not understand how you can go from denying plagiarism five
times to saying you will properly cite it next time. There shouldn't be a
next time! This book should be removed from the market and a refund
offered to anyone that purchased it. Your entire carreer is based on
'ethical' hacking. It is time to put the ETHICAL to the test.

: Everyone have dark and white part and considering this book if you
: showing the mistakes from 2 or 3 chapters , i am ready to admin my

See above, it isn't 2 or 3 chapters. It is at least 10 chapters, possibly
more. That is *half the book*.

: mistake that from contributers i did not cross check from net that
: whether the content was plagiarized or not, but please if you think give

This plagiarism is NOT from your contributors. This is in the chapters YOU
repeatedly say you wrote.

I really don't think you understand how bad this is.

From: security curmudgeon (jericho[at]attrition.org)
To: Rahul Tyagi (officialrahultyagi@gmail.com)
Date: Tue, 19 Jun 2012 01:00:10 -0500 (CDT)
Subject: Re: Thanks For Getting My Book Jerico


On Mon, 18 Jun 2012, Rahul Tyagi wrote:

: : I found plagiarism in chapters 2, 3, 4, 6, 7, 8, 11, 13, 14, and 17.

: well if you found plagiarism from these above chapters then i hope you
: did not consider line by line text , if ettercap or another software
: having manual commands written in book that are static and will be on
: internet also as same . so will you consider it also as plagiarism.
: content.Because i can not change it of-course ?

I am not talking about one or two lines, or just command examples. As I
already told you, as *one* example; Chapter 6, pages 39 - 42, all three
full pages of text (several hundred words) were taken almost verbatim from
the http://projects.webappsec.org/w/page/13246920/Cross%20Site%20Scripting
article. Worse, you modified the example URLs from that article in an
attempt to hide the fact that the material was not yours.

That is full-on, wide-scale plagiarism that is inexcusable and unethical.
You simply can't just reference the original if you re-print this book
either. You must obtain permission from the original author if you are to
use that much text. Otherwise, you can only use very small chunks of it,
that fall under "fair use".

When I have time, I will write up the full details in an article that
covers the plagiarism and contact your publisher.

From: security curmudgeon (jericho[at]attrition.org)
To: Rahul Tyagi (officialrahultyagi@gmail.com)
Date: Tue, 19 Jun 2012 01:13:39 -0500 (CDT)
Subject: Re: Thanks For Getting My Book Jerico


On Mon, 18 Jun 2012, Rahul Tyagi wrote:

: No issues jerico, you again and again considering Website Chapter . as i
: told you it is not from me but rest chapters are from me and if you

You said on June 16:

   "... and reply for this SQL Injection and Cross Site scripting i wrote
    that but to increase the section people behind book added more
    content."

You said on June 15:

   "Rahul Tyagi Wrote: As i told you before 92% of the book is written by
    me, and rest 5-8% except rishab and amrjit's articles were contributed
    by some of my students and my friends."

Since you are changing your mind on which parts you wrote, here is another
example:

Chapter 8, pages 56-57 on keyloggers. This is two pages taken verbatim
from http://searchmidmarketsecurity.techtarget.com/definition/keylogger.

Chapter 11, pages 86-87 on types of viruses. This is two pages taken
verbatim from http://www.makeuseof.com/tag/types-computer-viruses-watch/.

Chapter 14, pages 105-106 on penetration testing. One intro paragraph and
all of the bulleted paragraphs from
http://www.secpoint.com/what-is-penetration-testing.html.

Chapter 17, pages 157-158 on WiFi attacks. Some of the introduction, the
image, and most of the four paragraphs taken from
http://www.aboutonlinetips.com/wi-fi-security-how-to-secure-your-wi-fi-network/.

So it appears that both you and your students have plagiarized. If you
want to share their names and which pages they wrote, I will be glad to
include it in my article.

: found any plagiarized content in that then i am ready to admit and and
: will give credit to each source that is my promise but if it is
: plagiarized :).

I don't know how many times I can say this. TEN CHAPTERS, maybe more,
contain plagiarized material. You said you wrote 92% of the book. Do the
math! That means the material you claimed to have written, was in fact
plagiarized.

From: security curmudgeon (jericho[at]attrition.org)
To: Rahul Tyagi (officialrahultyagi@gmail.com)
Date: Tue, 19 Jun 2012 01:14:29 -0500 (CDT)
Subject: Re: Thanks For Getting My Book Jerico


On Mon, 18 Jun 2012, Rahul Tyagi wrote:

: and also tell me so when i can see my self and this conversation on
: attrition ?

Yes, I will include our correspondence as well as the article that
summarizes the plagiarism and gives my general opinion of the book. It
should be up by the end of the week.