Re: Sweet Irony: Metasploit Creator a Victim of His Own Creat ion

[security curmudgeon <jericho () attrition org>]

: >I didn't see the correction come across the list. Anyone who read this 
: article and didn't have alarms going off in their head should load up on 
: coffee or coke zero before reading the morning/evening news. =)
: >
: >Corrections: 
: >http://www.pcworld.com/businesscenter/article/149136/dns_attack_writer_a_v
: >ictim_of_his_own_creation.html  
: >
: >HD's response:
: >http://metasploit.com/blog/
: 
: The "corrections" are so trivial as not affect the substance of the 
: original story, and I agree with Paul Vixie (paraphrased):

The overall feel of the article isn't changed, and that is just pure 
shitty journalism. While I have never had personal experience with 
McMillan (that I can recall), it does echo sentiments I have heard from 
several colleagues on his ability to write a proper article, understand 
the technology being written about and generally not be a douche-bag. Many 
of those colleagues refuse to deal with him or PCWorld due to bad pasts 
with their journalists and editors.

The first line of the article still reads "HD Moore has been owned." which 
is false. My reply to you was more to point out that the article is crap 
and that PCWorld is *beginning* to fix some of the mistakes. Short of a 
re-write, I doubt they will care beyond that limited correction, but it 
does show they screwed up at least.

What surprises me is that his editor let this article fly without 
demanding more from McMillan. Posting an article saying a security 
researcher or company 'got owned' and not clarifying the technical aspects 
is pretty libelous I think. While I doubt McMillan did it with any 
malicious intent, I think that pure ignorance is no justification for such 
reporting. McMillan should have been obligated to understand the DNS issue 
or at least find an un-biased 3rd party to explain it to him, so he could 
better cover this story. I guess rushing to sensational headlines trumps 
good old fashioned journalist ethics.

If I wrote an article as poorly as this one, suggesting that PCWorld 
ethics were compromised at a high level and didn't explain what I meant 
(or burried it with a poorly worded description at the bottom of the 
article), I am sure i'd be getting a mail from their lawyers. 
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.