From jericho at attrition.org  Sat Jul  9 00:19:19 2011
From: jericho at attrition.org (security curmudgeon)
Date: Sat, 9 Jul 2011 00:19:19 -0500 (CDT)
Subject: [attrition] couple rebuttals posted..
Message-ID: <alpine.LNX.2.00.1107090018550.15028@forced.attrition.org>


http://attrition.org/security/rebuttal/

11.07.08 - Rebuttal: The Pyrrhic Benefit of FUD
11.07.07 - Rebuttal: Microsoft, Unhackable and Ridiculous

From jericho at attrition.org  Mon Jul 25 18:00:14 2011
From: jericho at attrition.org (security curmudgeon)
Date: Mon, 25 Jul 2011 18:00:14 -0500 (CDT)
Subject: [attrition] Rebuttal: We Are InfoSec Professionals... Not The
	Beatles
Message-ID: <alpine.LNX.2.00.1107251759540.9906@forced.attrition.org>


http://attrition.org/security/rebuttal/rebuttal-who_the_hell_cares.html

Rebuttal: We Are InfoSec Professionals... Not The Beatles
Mon Jul 25 16:03:32 CDT 2011
Lyger

This is a rebuttal piece to We Are Infosec Professionals - Who the Hell 
Are You? (2011-07-15) by Javvad Malik.

From jericho at attrition.org  Tue Jul 26 00:22:22 2011
From: jericho at attrition.org (security curmudgeon)
Date: Tue, 26 Jul 2011 00:22:22 -0500 (CDT)
Subject: [attrition] =?iso-8859-15?q?My_Canons_on_=28ISC=29=B2_Ethics_-_Su?=
	=?iso-8859-15?q?ch_as_They_Are?=
Message-ID: <alpine.LNX.2.00.1107260021310.9906@forced.attrition.org>


https://infosecisland.com/blogview/15450-My-Canons-on-ISC-Ethics-Such-as-They-Are.html

My Canons on (ISC)? Ethics - Such as They Are
Tuesday, July 26, 2011

The International Information Systems Security Certification Consortium, 
Inc., (ISC)?, bills themselves as "the global, not-for-profit leader in 
educating and certifying information security professionals throughout 
their careers."

They are probably most well-known for their CISSP? - Certified Information 
Systems Security Professional. With 5 years of experience, practice in two 
of the ten domains they list and passing a 250 question multiple choice 
test, you can earn this certification.

The (ISC)? Code of Ethics is founded on four canons to guide CISSP 
certification holders. I offer my own canons on the (ISC)? Code of 
Ethics. These should be used to guide you in maintaining a better 
perspective on the absurdity that is (ISC)?.

[..]

From jericho at attrition.org  Wed Jul 27 20:11:27 2011
From: jericho at attrition.org (security curmudgeon)
Date: Wed, 27 Jul 2011 20:11:27 -0500 (CDT)
Subject: [attrition] So you want a "Lazlo" Tshirt...
Message-ID: <alpine.LNX.2.00.1107272011060.1113@forced.attrition.org>


Ok, grab one! And we do mean *one*...

http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=260825648716

From jericho at attrition.org  Thu Jul 28 17:31:42 2011
From: jericho at attrition.org (security curmudgeon)
Date: Thu, 28 Jul 2011 17:31:42 -0500 (CDT)
Subject: [attrition] Attrition.org Defcon19 Contest - Spot the Charlatan
Message-ID: <alpine.LNX.2.00.1107281731150.23339@forced.attrition.org>


http://attrition.org/news/contest/dc-19_spot_the_charlatan.html

Attrition.org Defcon19 Contest - Spot the Charlatan
Thu Jul 28 17:06:16 CDT 2011

Going back to Defcon 2, maybe even the very first, there has been a 
contest that is a tradition: Spot the Fed. The idea is simple; find a 
person who you believe is a fed, drag them to the nearest Defcon Goon and 
proclaim them a fed. If the person is a good sport, they will go up on 
stage and answer questions to confirm or deny he is a 'fed'. Back in the 
day, a 'fed' was meant to be law enforcement (FBI) or a spook (NSA, CIA). 
In time, a fed could be about anyone; USPS, BLM, MMS or IRS, and it didn't 
have to be a full time employee, as a consultant was close enough.

[..]

From jericho at attrition.org  Fri Jul 29 15:53:27 2011
From: jericho at attrition.org (security curmudgeon)
Date: Fri, 29 Jul 2011 15:53:27 -0500 (CDT)
Subject: [attrition] When Hacks Attack: The Computer Security Textbook
 Plagiarism Epidemic
Message-ID: <alpine.LNX.2.00.1107291553131.13359@forced.attrition.org>



---------- Forwarded message ----------
From: InfoSec News <alerts at infosecnews.org>

http://www.fastcompany.com/1769244/plagiarism-professionals

By Adam Penenberg
Fast Company
July 27, 2011

A crusader from Attrition.org has found that an alarmingly high number of 
books written by computer security experts are nearly 100% copied from 
other sources. What does that say about the industry?

Borrowing code is standard operating procedure for those who work with 
software. All modern computer program languages use what is known as an 
"object oriented" model, which means code is designed to be modular--like 
swappable, repeatable, spawning objects. Over time standards have emerged, 
with programs often inheriting code from third-party libraries. Many 
popular open source packages like Drupal or Wordpress are not only 
composed of contributions and "borrowings" of thousands of developers and 
sources, but are architected to be customized by copying parts to be 
"overridden." In other words, copying is required, and there are a variety 
of licenses that specifically allow for it, provided credit is given. Code 
is a bit like a message in a bottle floating in the ocean... it could end 
up anywhere. If someone doesn't want you taking his code, it would be 
cloaked with encryption.

This "information wants to be free," the credo of programmers everywhere, 
is a far cry from American copyright law and tradition, which discourages 
unfettered copying. This difference in ethos may explain why so many 
computer security books appear to be plagiarized. Indeed, entire 
tomes--written by an array of self-proclaimed computer security 
experts--seem to have been copied and pasted from other sources without 
attribution, their authors not even bothering to conjure up a single 
original adverb, as if they were just grabbing code from another website.

I first became aware of this plagiarism-palooza from Brian Martin, a 
computer security professional who, under his handle "Jericho," is a 
founding member of Attrition.org, a popular computer security web site 
that has as its mission (he calls it a "crusade") "to expose industry 
frauds and inform the public about incorrect information in computer 
security articles." He has spent months plugging phrases from these books 
into Google in an attempt to locate the original source material.

The project, he says, was a "nasty side effect" of investigating 
"charlatans"--those who thrive on deceit to promote themselves--when a fan 
pointed out a book review that had found rampant plagiarism in a popular 
computer security book. From there it snowballed, and since many of these 
authors have written multiple books, he has no shortage of material. 
Lately he's noticed more and more plagiarism and copyright violation 
(wholesale scraping of content) in the security world.

[...]