« Quick defcon/blackhat preparation list | Main | Five pieces of advice for those new to the infosec industry »

Security Industry Plagiarism: Finding 3 examples in 5 minutes with Google

UPDATE: One of the authors has posted two responses including an apology (accepted).

I was taught in grade school that if you plan on writing something, never plagiarize. If you want to republish portions of existing content ensure you properly quote/reference them, and never represent this content as your own original work. Unfortunately it seems that this wasn't taught to at least 3 people who I have discovered to have ripped off my own authored works.

After reading some of the fine work by the attritionorg folks in the errata section I was inspired to start Google searching my own works to see where they may popup. I don't consider myself to be an accomplished writer by any means, but figured I'd spend 5 minutes for the hell of it. First I started using web search and almost immediately came across an online magazine by Fanatic Media who blatantly ripped off some of my content from my other website QASec.com. When I discovered this I wasn't mad, but it got me thinking 'what other content has this media organization ripped off?' . I decided to send the link off to the plagiarism crime-fighting team over at attrition.org who live for exposing plagiarism within the industry. Shortly after they published a write up of the example I gave them, and to my surprise the entire article was copy/paste from 5 other works. Attrition also exposed other articles by the same 'author' comprising of another half dozen or so articles.

I continued my search on google book search and again almost immediately discovered 2 suspect books. The first book "Vulnerability Analysis and Defense for the Internet" by Springer had copied/pasted portions of my XSS FAQ and had substituted a couple of words. Again I was curious what other works may be plagiarized so I sent it along to the attrition folks. They spent about a week then published a detailed writeup exposing these authors of plagiarizing a minimum of 6 other works (they stopped reviewing the book after 2 chapters due to sheer volume...).

The second book "The IT Regulatory and Standards Compliance Handbook: How to Survive Information Systems Audit and Assessment" by Syngress also ripped off portions of my XSS FAQ. Again the attrition folks went digging and published another write up exposing 6+ other ripped off works. The amusing thing about this example was that they copied/pasted a hex encoded XSS payload and forgot to substitute my domain name (details in attrition's write up).

My main motivation for this post is to encourage others to spend a few moments reviewing their own work to see where it might show up. The attrition folks have a decent write up outlining approaches for finding content at http://attrition.org/errata/plagiarism/detecting_plagiarism.html that I would advise checking out. In the age of Google and book search it is very easy to uncover instances of plagiarism, and depending on what you're lifting the consequences could lead to serious repercussions. A friend of mine Rafal Los bumped into this situation last month and has a decent write up of his experience.


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!