[attrition] When Hacks Attack: The Computer Security Textbook Plagiarism Epidemic
jericho at attrition.org
Fri Jul 29 15:53:27 CDT 2011
---------- Forwarded message ----------
From: InfoSec News <alerts at infosecnews.org>
By Adam Penenberg
July 27, 2011
A crusader from Attrition.org has found that an alarmingly high number of
books written by computer security experts are nearly 100% copied from
other sources. What does that say about the industry?
Borrowing code is standard operating procedure for those who work with
software. All modern computer program languages use what is known as an
"object oriented" model, which means code is designed to be modular--like
swappable, repeatable, spawning objects. Over time standards have emerged,
with programs often inheriting code from third-party libraries. Many
popular open source packages like Drupal or Wordpress are not only
composed of contributions and "borrowings" of thousands of developers and
sources, but are architected to be customized by copying parts to be
"overridden." In other words, copying is required, and there are a variety
of licenses that specifically allow for it, provided credit is given. Code
is a bit like a message in a bottle floating in the ocean... it could end
up anywhere. If someone doesn't want you taking his code, it would be
cloaked with encryption.
This "information wants to be free," the credo of programmers everywhere,
is a far cry from American copyright law and tradition, which discourages
unfettered copying. This difference in ethos may explain why so many
computer security books appear to be plagiarized. Indeed, entire
tomes--written by an array of self-proclaimed computer security
experts--seem to have been copied and pasted from other sources without
attribution, their authors not even bothering to conjure up a single
original adverb, as if they were just grabbing code from another website.
I first became aware of this plagiarism-palooza from Brian Martin, a
computer security professional who, under his handle "Jericho," is a
founding member of Attrition.org, a popular computer security web site
that has as its mission (he calls it a "crusade") "to expose industry
frauds and inform the public about incorrect information in computer
security articles." He has spent months plugging phrases from these books
into Google in an attempt to locate the original source material.
The project, he says, was a "nasty side effect" of investigating
"charlatans"--those who thrive on deceit to promote themselves--when a fan
pointed out a book review that had found rampant plagiarism in a popular
computer security book. From there it snowballed, and since many of these
authors have written multiple books, he has no shortage of material.
Lately he's noticed more and more plagiarism and copyright violation
(wholesale scraping of content) in the security world.
More information about the attrition