From lyger at attrition.org Mon Mar 7 11:06:22 2011 From: lyger at attrition.org (lyger) Date: Mon, 7 Mar 2011 11:06:22 -0600 (CST) Subject: [attrition] postal: you can put on makeup, but you can't hide crazy Message-ID: http://attrition.org/postal/p0021.html so, we weren't kidding... a different type of "interior design" leg humping our type of help desk you disclaim, we disclaim halliburton fascists lawyers, spammers.. difficult concept to grasp it doesn't happen often the cluestick missed [...] From jericho at attrition.org Tue Mar 8 04:52:51 2011 From: jericho at attrition.org (security curmudgeon) Date: Tue, 8 Mar 2011 04:52:51 -0600 (CST) Subject: [attrition] New Errata Page - Security Industry Plagiarism Message-ID: http://attrition.org/errata/plagiarism.html Security Industry Plagiarism According to dictionary.com, "Plagiarism" is "the unauthorized use or close imitation of the language and thoughts of another author and the representation of them as one's own original work." This appears to be a simple explanation of the act of plagiarizing, but it is not. According to the U.S. Copyright Office, "there is no specific number of words, lines, or notes that may safely be taken without permission. Acknowledging the source of the copyrighted material does not substitute for obtaining permission." Title 17 > Chapter 1 > ? 107 of the U.S. Code covers Limitations on exclusive rights: Fair use but does not outline a specific amount of text or occurrences that define plagiarism. Despite the law not giving a clear line between fair use and plagiarism, most professionals understand the nature of the law and adhere to a level of moral behavior that avoids plagiarism. By quoting small portions of text, properly citing the original source and ensuring their work is done in good faith, it is generally easy to avoid plagiarizing. The NYU Journalism Handbook for Students contains a section on Research Materials & Copyright that gives a good list of real world examples of what constitutes plagiarism. Plagiarism.org offers a summary answer to the question What is Plagiarism? The law offices of Morse Barnes-Brown Pendleton published an article in Writer's Digest in 2001 explaining A Writers' Guide to Fair Use. These resources should give a good guideline of what is acceptable, and what is not. Attrition.org uses the resources above to guide us in determining if a piece of work contains plagiarized material. The types of plagiarism as outlined by Plagiarism.org serve as a starting point. Instances where a sentence or two are copied every so often are lazy, but not necessarily plagiarism. We consider the amount of copied text versus the amount of original work and weigh it against the expectation of original work. When we find material that has a significant percentage of copied material, or demonstrates signs that the author did not present original material (e.g., building large blocks of text by copying single lines from multiple sources), we consider it to be plagiarized. [..] From jericho at attrition.org Fri Mar 11 17:55:07 2011 From: jericho at attrition.org (security curmudgeon) Date: Fri, 11 Mar 2011 17:55:07 -0600 (CST) Subject: [attrition] Errata: Wish List & Support Message-ID: http://attrition.org/errata/wish_list.html Errata: Wish List & Support With the recent discovery of a wide variety of plagiarism in security books, the Attrition Errata project has begun to spend money to enhance our coverage of the issue and continue to expose more charlatans and plagiarists. While most books are cheap in and of themselves, they begin to add up. This page serves two purposes. First, a general call for assistance to the project and information on how you can help. Second, a public ledger or expenses related to this project. With us harping about integrity and honesty, we are publishing the ledger as a simple way to maintain transparency behind the financial resources that go into this. On the flip side, we do not keep track of every expenditure related to attrition.org (e.g., bandwidth, hardware) that is an underlying operational expense. Any financial donations to attrition.org and the Errata Project may be used for such expenses or additional books to review. We also cannot guarantee that every single donated cent will go strictly to books, but we do our best. [..] From jericho at attrition.org Sat Mar 19 20:29:01 2011 From: jericho at attrition.org (security curmudgeon) Date: Sat, 19 Mar 2011 20:29:01 -0500 (CDT) Subject: [attrition] Crowd Sourcing the New Errata Section, 'Prediction Fail' Message-ID: http://attrition.org/news/content/11-03-19.001.html Crowd Sourcing the New Errata Section, 'Prediction Fail' Sat Mar 19 20:05:35 CDT 2011 errata[at]attrition.org One of the 'to-do' list items for Errata is the creation of a 'Prediction Fail' page. The idea is to catalog the amusing (sad?) instances of security experts or companies predicting how things will change down the road, after time has passed. Grand claims, absurd predictions or pipe dreams tend to creep in with the more reasonable and down-to-earth predictions. For example, did you know that Microsoft and Brightmail Inc. (now owned by Symantec) predicted there would be an "end to computer spam" back in 2004? Or that Websense Security Labs claimed "the end of e-mail viruses is nigh"? Companies can make these absurd predictions safely, because the speed of news drowns them in a matter of weeks. Rarely do we look back months or years to see what was said about our ever-changing industry. It is time to start keeping these companies honest. With the upcoming 'Prediction Fail' Errata section, we will give you the cluebat you need to virtually smack these companies and demand for less hype, less FUD and more sanity. We're looking for YOUR help! Send in your favorite predictions! All we need is a link to the news article or press release, and we'll take it from there. Send them to errata[at]attrition.org please. From jericho at attrition.org Sat Mar 26 03:50:20 2011 From: jericho at attrition.org (security curmudgeon) Date: Sat, 26 Mar 2011 03:50:20 -0500 (CDT) Subject: [attrition] Sahil Khan - "Hackers and Crackers" 99.35% Plagiarized Message-ID: http://attrition.org/errata/charlatan/watch_list/sahil_khan/hackers_and_crackers.html Sahil Khan - "Hackers and Crackers" 99.35% Plagiarized Sat Mar 26 03:22:29 CDT 2011 "Hackers and Crackers" by Sahil Khan is yet another book on "hacking" by an "Indian whiz kid". Khan has been described as "the youngest ethical hacker and writer in world" (sic) and nicknamed "Indian Einstein". Syed Sujeel Ahmed of Islam Online said "What's even more amazing is the fact that this whiz kid is self taught and has never taken a computer class.". Despite the glowing reviews of his intelligence, Khan's first book has been entirely plagiarized from public sources and other books. The four sentences he includes as conclusions in a few places are hardly worth counting. Worse, Khan is not able to recognize the difference between ASCII art depicting a computer chip and a segment of programming code. This demonstrates a fundamental lack of understanding about computers and hacking. In the chapter on networking, he pastes from multiple sources injecting material specific to NetBSD without explanation. In some areas he removes the original copyright and replaces it with his name. Hackers and Crackers Sahil Khan ISBN: 81-288-1793-0 Publisher: Diamond Pocket Books (P) Ltd. Contact: sales at dpb.in / www.dpb.in Edition: 2008 Sahil Khan contact: sahilkhan at thevoiceofindia.5u.com & sahilkhan14 at gmail.com The Plagiarism The following table details the portions of the book that were taken from other sources, making up % of the material. Information is included to distinguish not only plagiarized material, but also what was done in an attempt to obscure the original source (e.g., removing text or credit). This shows willful infringement of copyright and inexcusable plagiarism. [..] From jericho at attrition.org Thu Mar 31 14:48:14 2011 From: jericho at attrition.org (security curmudgeon) Date: Thu, 31 Mar 2011 14:48:14 -0500 (CDT) Subject: [attrition] [Dataloss] The DataLossDB project welcomes Dissent! (fwd) Message-ID: ---------- Forwarded message ---------- From: Jake Kouns To: dataloss at datalossdb.org, dataloss-discuss at datalossdb.org Date: Thu, 31 Mar 2011 00:28:31 -0400 Subject: [Dataloss] The DataLossDB project welcomes Dissent! http://datalossdb.org/incident_highlights/51-the-datalossdb-project-welcomes-dissent The Open Security Foundation is pleased to announce that Dissent, the publisher and maintainer of DataBreaches.net and PHIprivacy.net has now joined DataLossDB as a curator for the project. OSF has worked with Dissent over the years and she is already known to us a DataLoss Archaeologist, as she took third place in our ?Oldest Incident? contest. She found the 1984 TRW incident, where computer hackers gained access to a system holding credit histories of some 90 million people which happens to be the 3rd largest breaches of all time in DataLossDB. Her more active involvement with the project on a day-to-day basis will help us remain the most complete archive of dataloss incidents world-wide and will enhance our ability to keep current on more breaches in a timely manner. Dissent will continue to maintain her own web sites as a resource on breach news and issues. For those who do not know Dissent, she's a practicing health care professional with a special concern for health care sector breaches, and we expect to see increased coverage of medical sector breaches in the database in months to come. As Dissent notes, "With recent changes to federal laws making more information available to us about health care sector breaches, we are now beginning to get some sense of how common these breaches are and the common breach types. Including these incidents in the database will enable analyses that would not have been possible or meaningful just a few years ago." Open Security Foundation?s CEO, Jake Kouns says, ?Dissent has been a supporter of DataLossDB from the very beginning and is an extremely dedicated and thorough researcher.? ?We are extremely fortunate to have her as part of the DataLossDB team and look forward to working more closely with her.? Welcome Dissent, our newest curator and resident research queen! _______________________________________________ Dataloss Mailing List (dataloss at datalossdb.org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/