Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

Category Archives: General Life

On Hiatus

Plagiarism: The death of open information sharing?

Warning: What follows is my uneducated rant on plagiarism and the effects I think it’s having on information exchange within the InfoSec community. I don’t claim to have all the answers, but I do have questions! Take it as you will…


[pley-juh-riz-uhm, -jee-uh-riz-]


1. the unauthorized use or close imitation of the language and thoughts of another author
     and the representation of themas one’s own original work.
2. something used and represented in this manner.
source: dictionary.com

Maybe it’s just me, but over the last year or so I’ve seen more websites, blogs and news articles talking about plagiarism than ever before! We’ve seen everything from sites being scraped and content reproduced in it’s entirety, through to information sources plundered for content for low quality books… and copied word for word, without thought or care!

In an age were we’re already seeing a serious decline in active blogs in favour of short 140 character tweets, we can hardly afford to be killing off the enthusiasm of those bloggers we do have left! The InfoSec community has always been built on open information sharing. In this industry we live and die by the information we have to hand. Wether that’s something we research ourselves, or something shared in-kind. For every piece of research somebody shares, there were hundreds more they could rely upon being made freely available. This unspoken information sharing pact has made the InfoSec community what it is, and helped to make the most of the researchers time, skills and dedication.

Staff and student perceptions of plagiarism by jobadge

(CC BY-NC 2.0) by jobadge

Not everybody can reverse engineer the latest Zeus Trojan, but you always knew somewhere, somebody would, because that’s what they did! However that information sharing is lessening as the people really doing the research have their hard-earned work stolen out from under them, and posted on one of a myriad of copy sites… without permission.

Those behind the plagiarism, at least those that have a shred of decency (few and far between), talk a lot about giving credit. What they don’t seem to understand is that regardless, taking someone’s hard work, without their permission, and using it for your own uses is plagiarism, full stop. The problem comes when trying to prove these issues in an Internet, and therefore global, context. As an English citizen, living in Austria, with hosting based in the US… who’s laws (if any) are broken when a third-party takes your content? I’m not a lawyer, so I have no idea. All I know is, I didn’t give you permission…

The Internet is a wonderful thing, filled with great information and sources… copying other people’s hard work, research and abusing their dedication to this community is beyond low.

Resources on plagiarism .:

Note .:

Although I’ve occasionally been the target of plagiarism in the form of copied blog posts from these pages, I’m not writing this rant for that reason. There’s no point. I really see this issue as one of the biggest threats to the InfoSec community currently, and it needs to stop. The only problem is… those who are plagiarizing have no respect for the InfoSec community. They’re just out to make a buck, or ten, on the backs of the hard work done by others… History repeating itself in the digital age! Who’d have thought!


Feel free to plagiarise this blog post.. it serves to prove the point!

Note 2 .:

After a spirited discussion on Twitter about this post, a friend of mine, @krypt3ia, was nice enough to propose a logo to show your disgust at the increase in Plagiarism… I think it’s a good starting point, so include it here for your use! spread the word!

Out of office


Yes, yes I know… I’ve been a slacker. The FIRST conference and running the BSidesVienna conference really took a lot out of me (far more than I’d thought possible).

Still, I’m starting to get back on track with things now. slowly 😉

I should have recovered just in time to once again ruin my liver at Blackhat/BSidesLV/Defcon… some would call that good timing. I can almost hear my liver groaning!

Closing 2010… and opening 2011

Nobody could claim 2010 was an uneventful year for me… It’s been a year of highs and lows, that’s kept me on my toes. It’s not all been a bed of roses, but what doesn’t kill us makes us stronger. If this is the worst thing that happens to me in my life, then I’m still better off then most!

I’ve shied away from doing a predictions type posts, because most are nothing but rubbish from start to end. Filled with buzzwords from the last few months, with no real substance, and very little point to them. Right now we don’t have the solutions… just a whole heap of problems. So how can anything change? Everything will stay just about the same… companies will fail to secure themselves and the bad guys will keep in winning. Sad but true!

Anyway, as I sit and look back on last year and what I want this year to be, I want 2011 to be a year of firsts for me, as 2010 was in many ways.

2010 (Ghost of Christmas past)

  • I began to finally look at Python scripting
    • About darned time! How did I ever cope without scripting things?
  • My first Python tool was released (UA-Tester)
    • Followed by a few simple Python PoC scripts…
  • I gave a lightning talk dressed as a pimp
    • A moment not to be forgotten easily 😉
  • Eurotrash Security Podcast reached it’s 1st Birthday and is going strong
  • The blog reached the 3 year mark
    • What more is there to say!

2011 (Going boldly….)

It’s hard to say what the industry will do in 2011… I couldn’t tell you what the latest buzz words will be by the time DefCon rolls around, but I can at least say what I intend to achieve… or at least try to achieve!

  • Have my first Metasploit module accepted into SVN
    • A number of SAP modules are already waiting for the final go!
  • Reply to the CFP for at least 1 conference
  • Give at least 2 more lightning/fire talks in various subjects
  • Put the LIGATT issue to bed
    • I’m tired of it, you’re tired of it… time to put a nail in that coffin
  • Teach developers about security through workshops
    • Already in the works with 1 company, and hopefully more to come!

Here’s to a near year and new challenge… If there’s no challenge anymore, then it’s time to move on!