(Abhishek Singh)
(Baibhav Singh)
(Hirosh Joseph)
(Abhishek Singh) |
(Baibhav Singh) |
(Hirosh Joseph) |
The book "Vulnerability Analysis and Defense for the Internet" by Abhishek Singh (Editor), Baibhav Singh, and Hirosh Joseph contains plagiarized material from a variety of sources. Some of the material that appears to be original contains technically inaccurate information that severely misleads the reader. The book was published by Springer Science+Business Media, LLC in 2008 (ISBN: 9780387743899, e-ISBN: 9780387743905, LoCCN: 2007941398).
In addition to the plagiarism, some content in the book is incredibly inaccurate demonstrating that the authors have no practical experience with the subject matter. For example, on page 81 they provide a flow chart to "determine if a website is prone to cross-site scripting" (http://t.co/VbwLhZrH). This chart tells the reader that by inputting "test" into a search box and receiving the word in the returned results, the application is vulnerable to cross-site scripting (XSS). Not only is this completely wrong, this statement has never been accurate historically either. By their logic, the Google search engine is vulnerable to XSS because the page returns your search terms at the top, above the search results. The subsequent text describing XSS is just as inaccurate as the flow chart. In addition, on page 89 they give a similar flow chart describing SQL injection (http://is.gd/u9dK20) that has the same illogical assumptions and inaccuracies.
The following table details the portions of the book that were taken from other sources, making up a considerable of the material. In some cases, material is taken almost verbatim with very few alterations. In other cases, material is clearly taken from another source, but rewritten significantly; this is done for brevity and possibly to obscure the source. This shows willful infringement of copyright and inexcusable plagiarism.
| Page(s) | Description | Original Source |
| 1 | Section 1.1 Introduction | Heavily based on Improving QoS of VoIP over WLAN (IQ-VW) by Mona Habib and Nirmala Bulusu (Dec, 2002) |
| 2-6 | Section 1.2 to 1.2.4 | Rewritten, but the order of material and the math clearly from Intercepting Mobile Communications: The Insecurity of 802.11 by Borisov, Goldberg, Wagner (Feb, 2001) |
| 17 | Section 1.2.12.1 Physical Layer Attack or Jamming | ~ 90% verbatim from p128 of Wi-Foo: The Secrets of Wireless Hacking by Andrew Vladimirov, Konstantin V. Gavrilenko, Andrei A. Mikhailovsky (Jul, 2004) |
| 18-20 | Sections 1.2.12.1.1 to 1.2.12.1.4 | ~ 99% verbatim from The Feasibility of Launching and Detecting Jamming Attacks in Wireless Networks by Wenyuan Xu, Wade Trappe, Yanyong Zhang, Timothy Wood (2005) |
| 21-23 | Sections 1.2.12.3 to 1.2.12.6 and 1.2.13 | ~ 95% verbatim from p129-131 of Wi-Foo: The Secrets of Wireless Hacking by Andrew Vladimirov, Konstantin V. Gavrilenko, Andrei A. Mikhailovsky (Jul, 2004) |
| 23-24 | Section 1.2.13.1 | ~ 85% verbatim from p121 of Wi-Foo: The Secrets of Wireless Hacking by Andrew Vladimirov, Konstantin V. Gavrilenko, Andrei A. Mikhailovsky (Jul, 2004) |
| 28-37 | Sections 1.3.1.1.1 to 1.3.1.1.5 | Rewritten, but the order of material and some of the same wording from p236-246 of Real 802.11 security: Wi-Fi protected access and 802.11i by Jon Edney, William A. Arbaugh (Jul, 2003) |
| 37-38 | Part of section 1.3.1.1.6 | Likely from Norwegian Research Network: TKIP. Book diagrams are redone, but exactly like the source. |
| 39-42 | Sections 1.3.2.1 to 1.3.2.2.2 | Same order as book, lot of same wording, but rewritten for brevity. From p269-277 of Real 802.11 security: Wi-Fi protected access and 802.11i by Jon Edney, William A. Arbaugh (Jul, 2003) |
| 79 | Section 4.2 on XSS | First 2 paragraphs almost verbatim from The Cross-Site Scripting (XSS) FAQ |
| 80 | Section 4.2, half of 2nd paragraph and bullets | Almost verbatim from Cross-Site Scripting: Are your web applications vulnerable? by Kevin Spett (Sep, 2005) |
| 94-95 | Section 4.3.2.2.1 | Mostly verbatim from Oracle-Base: DBMS_ASSERT - Sanitize User Input to Help Prevent SQL Injection |
Due to the findings in chapter 1 and 4, a more extensive review was not deemed necessary. No other chapters were reviewed for plagiarism or technical accuracy.
