In 2011 a security researcher pulled – what I believe – a prank on a well-known org.\u00a0He made them publish a paper with an appendix containing a\u00a0non-sensical data. I reported this to the org in 2012 as soon as I discovered it. I was actually flabbergasted at that time that someone could be that bold to pull the org’s leg this way (risking both author’s and org’s\u00a0credibility),\u00a0but it was still 2 months before\u00a0the infamous Nmap Guide made it to the news and trolling security orgs became a norm.<\/p>\n
I forgot about it for a long time, but recently it came back to me &\u00a0I checked\u00a0the web site of the\u00a0org to see if they pulled the paper\u00a0–\u00a0the paper is still there – 3+ years after I reported it – the goofy appendix is of course there as well.<\/p>\n
I must emphasize that I do not have a proof that it is a prank, but the non-sensical\u00a0information included in the\u00a0paper cannot\u00a0be\u00a0a result of a typo, or an accident; it looks like someone deliberately made stuff up. Of course, if it is just a result of the author’s ignorance or it was the intern who wrote that it would make it\u00a0for even more lulz.<\/p>\n
I don’t want to mention the gore details for many reasons. Thanks for understanding.<\/p>\n
I do want to mention though 2\u00a0interesting side-effects of this paper being published:<\/p>\n
You may be wondering\u00a0why I am posting such a vague info at all.<\/p>\n
It’s simple: question everything you read.<\/p>\n
I personally make tones of mistakes. I sometimes read some of my older posts and I find bugs. Not only typos, but actual logical bugs that make me really ashamed. I don’t like to be wrong, I really don’t, but if I am the only finding out then what about the poor guys who believed it then and believe it now?<\/p>\n
There is a certain responsibility of a writer, a researcher to ensure the quality of the writing is at the appropriate level. But it is impossible if there is no feedback. Especially the critical one.<\/p>\n
To certain extent I can understand frustration of HC<\/a> when he insists on receiving feedback from readers. Seeing people retweeting, but not reading can be certainly disheartening. In my opinion expectations of a blog writer should be very low here, and it keeps me sane writing & babbling anytime I feel like – at certain level I don’t even care – these are more my notes that I feel may be\u00a0interesting\u00a0to share, less my interest or a will to change the world (we all die; I am great at parties \ud83d\ude42 ).<\/p>\n BUT<\/p>\n But if there is one thing that I\u00a0care about is accuracy. If I make a mistake and no one tells me, it really sucks. And the fact is that most of people don’t even bother to read in-depth\u00a0anymore. Everything is\u00a0‘just in time’ – you only read stuff when you need it. I do it all the time. Skimming is a necessity.\u00a0And this is fine, as long as the stuff you read is correct.<\/p>\n But it rarely is 100%.<\/p>\n So if you read this – please read whatever you read with an assumption that what you read may not be 100% right. It is especially important with materials endorsed by orgs. Like everyone who made their hands dirty & sinned by publishing – they sometimes publish bad quality stuff. Only these who don’t do anything make no mistakes at all.<\/p>\n Keep your eyes open.<\/p>\n","protected":false},"excerpt":{"rendered":" In 2011 a security researcher pulled – what I believe – a prank on a well-known org.\u00a0He made them publish a paper with an appendix containing a\u00a0non-sensical data. I reported this to the org in 2012 as soon as I … Continue reading