Writing original material is hard…

It is a little ironic that I am basing this blog post off of another blog post but I am willing to admit that I rarely come up with a good ideas of my own.

Over the weekend we saw lots of Twitter activity about a blog post over at McGrew Security.  While I applaud the effort in pointing out this complete scam job of a book I do feel that perhaps the “authors” (can we even call them that?) are getting off a bit too easy.  Or at least one of them.

Before I rant and make fun of them let me first state that I too have written books.  I have even written books for Syngress.  While I am biased and honestly have not been paying attention, I have not seen a Syngress book worth purchasing since the Hack Proofing Your Network series — this includes my own material. 

I have worked with other publishers and this is my take on Syngress as a book publisher.  They went from being pretty cool and easy to work with during the Hack Proofing days to simply an outfit that attempts to churn out as many books as possible as quickly and as cheaply as they can.  Apparently, if you can cut and paste from Wikipedia, you are now a Syngress author.  Syngress pays the lowest amount they can negotiate with you and then rushes you through the fastest possible timeline to get your work in and published.  Quality is not the goal here – quantity is.  Flood the market with enough cheaply made books and you eventually make money on a few of them.

Back when I wrote for Syngress they did recommend that we run various tools to insure that we don’t plagiarise anyone’s material and they did do *some* technical editing but my most recent experience resulted in a book being released with next to no oversight.  Hell, I know for a fact that the majority of my last Syngress book was a.) written from the bottom of a bottle and b.) not reviewed very closely by anyone.  I am honestly embarassed about that one.

So do we point a finger at the so called authors?  Or is this a failure in the Syngress editing process and quality management?  I say both.  Jumping back to the blog post over at McGrew we see this explanation from one of the authors:

Edit: Dustin L. Fritz (of The CND Group) has left the following comment regarding plagiarism in this book:

This was an honest mistake and I sincerely apologize for any miscommunication. I hope that the correct and proper citations can be added soon and that all questions regarding copyright and plagiarism issues can be resolved. I hope the book can still be enjoyed as a valuable contribution to the information security community and I hope it will go on to fulfill its objective in reaching anyone who desires to learn more about hacking and security. I want to specifically apologize to Jayson, Kent, Syngress, Rachel, Angelina, all the readers, reviewers, and others who have taken offense. I want to fix this and I sincerely appreciate everyone’s positive support!

Wait, “honest mistake”?  Really?  Let me jump back and steal more of Mcgrew’s content;

If you have a copy of this book that you bought or received for review, I encourage you to take a look at these pages and source URLs to see what I’m talking about:

page topic original source length
135 OSI Model http://en.wikipedia.org/wiki/OSI_model 2 paragraphs and a table
141 Maltego Old description from paterva.com 1 sentence
146 DNSPREDICT Many sources (likely original tool site) Entire description
149 Kismet http://en.wikipedia.org/wiki/Kismet_(software) Entire description
151 Netstumbler http://en.wikipedia.org/wiki/NetStumbler Entire description
153 SuperScan http://en.wikipedia.org/wiki/Superscan Entire description
154 Nmap http://en.wikipedia.org/wiki/Nmap Entire description
155 Paratrace http://linux.die.net/man/1/paratrace Entire description
156 Scanrand http://linux.die.net/man/1/scanrand Entire description
157 Amap http://freeworld.thc.org/thc-amap/ Entire description (short)
161 Plug-in http://en.wikipedia.org/wiki/Plug-in_(computing) Paragraph description
164 Vulnerability Scanner http://en.wikipedia.org/wiki/Vulnerability_scanner Entire description
164 IBM Internet Security Systems http://en.wikipedia.org/wiki/IBM_Internet_Security_Systems Entire description & history
165 Nessus http://en.wikipedia.org/wiki/Nessus_(software) Entire description
166 Nessus Goes Closed License http://en.wikipedia.org/wiki/Nessus_(software)#History quoted
167 Tenable NeWT Pro 2.0 Press release? http://www.highbeam.com/doc/1G1-115844766.html Entire description
168 Rapid7 http://en.wikipedia.org/w/index.php?title=Rapid7&oldid=301929477 Entire description
169 Microsoft Baseline Security Analyzer http://en.wikipedia.org/w/index.php?title=Microsoft_Baseline_Security_Analyzer&oldid=225194910 Entire description
170 eEye Retina http://en.wikipedia.org/wiki/Retina_Vulnerability_Assessment_Scanner Entire description
177 Exploits http://en.wikipedia.org/wiki/Exploit_(computer_security) Entire description (full page of text)
179 Buffer Overflows http://en.wikipedia.org/wiki/Buffer_overflow Entire description
180 SubSeven and Stopping SubSeven http://en.wikipedia.org/w/index.php?title=Sub7&oldid=299155522 Entire description
186 Metasploit http://en.wikipedia.org/wiki/Metasploit Entire description
187 Core Impact http://en.wikipedia.org/w/index.php?title=Core_Impact&oldid=295444915 Entire description
193 Registry Keys http://en.wikipedia.org/wiki/Windows_registry Entire description
194 Securing your logs http://codeidol.com/sql/network-security-hack/Windows-Host-Security/Secure-Your-Event-Logs Entire how-to
195 Event Viewer and HOW TO: Event Log Types http://support.microsoft.com/kb/308427 Entire description
197-200 Last User Logged in http://www.technixupdate.com/change-or-hide-the-last-username-logged-on-username-dialog-box/ Entire how-to copied
201 Last True Login Tool Many – Likely old description from website Entire description
202-204 Last logoff script http://dovestones.com/active-directory/true-last-logon/last-logoff.html Entire how-to
205-208 Windows Security Log http://en.wikipedia.org/wiki/Windows_Security_Log Entire article
223 Description of NIST http://en.wikipedia.org/wiki/National_Institute_of_Standards_and_Technology Two paragraphs
233-235 CompTIA http://en.wikipedia.org/wiki/CompTIA Entire description
236 EC-Council http://en.wikipedia.org/wiki/EC-Council Entire description
236-237 (ISC)2 http://en.wikipedia.org/wiki/ISC2 Entire description
244 One-time Passwords http://en.wikipedia.org/w/index.php?title=One-time_password&oldid=306538660 Paragraph and list
246 Honey Pot http://en.wikipedia.org/wiki/Honeypot_(computing) Paragraph
253 Firewall http://en.wikipedia.org/wiki/Firewall Paragraph
255-256 Full-Disk Encryption http://en.wikipedia.org/wiki/Full_disk_encryption Three sections
257-258 Snort http://en.wikipedia.org/w/index.php?title=Snort_(software)&oldid=273431896 Entire description
258-264 IPS http://en.wikipedia.org/wiki/Intrusion_prevention_system The entire wikipedia article copied over multiple pages!
278 Wireshark http://en.wikipedia.org/wiki/Wireshark Several sentences from the article
279 PGP http://en.wikipedia.org/w/index.php?title=Pretty_Good_Privacy&oldid=304558754 Two paragraphs of description
281 Personal firewalls http://en.wikipedia.org/wiki/Personal_firewall Short description
285 Perl http://en.wikipedia.org/wiki/Perl Entire description
292 Bluesnarf http://en.wikipedia.org/wiki/Bluesnarfing Entire description
299 Bleeding edge technology http://en.wikipedia.org/wiki/Bleeding_edge description and list
303-305 ECHELON http://en.wikipedia.org/wiki/Echelon_(signals_intelligence) Entire description + photo
310 Ghost Rat http://en.wikipedia.org/wiki/Ghost_Rat Two paragraphs
332 2600 Magazine http://en.wikipedia.org/wiki/2600:_The_Hacker_Quarterly Entire description
333-334 Gary McKinnon http://en.wikipedia.org/wiki/Gary_Mckinnon Entire description
336 PSP Hack http://www.dcemu.co.uk/vbulletin/showthread.php?t=33928 Tutorial
396 World of Warcraft http://en.wikipedia.org/wiki/World_of_warcraft Large paragraph
399-400 Infragard http://en.wikipedia.org/wiki/Infragard Entire description
404 Bump Keys http://en.wikipedia.org/wiki/Bump_key Entire description


That is no honest mistake.  The mistake here was that this so called “author” thought he could get away with cutting and pasting from online resources.  There is zero honesty in this mistake.  What is even funnier (at least to me) that Syngress didn’t even catch this in their so called edits and reviews. 

Miscommunication?  Really?  What part of cutting and pasting from a website results in a miscommunication? 

To quote someone who will remane nameless because they said this in private:  “honesty and quality are not priorities for Syngress.”

Apparently, honesty and quality was not a priority for at least one of the authors of this book.  Mistake?  Yes.  Honest?  Thats hard to believe.

For my next book I think Iwill just cut and paste directly from Twitter.

What a complete joke.


One Response to “Writing original material is hard…”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: