Forbes Takes on AntiOnline 92
infojack writes to us with the the word that Forbes is running a story on AntiOnline.
It's a op-ed piece by Adam Penenberg, talking about the creds of John Vranesevich and some of the PacketStorm flap. What I found most interesting was the outright recognition of how the media operates with "experts", and reporters use of the same people over and over.
Re:Yeah, actually I have tried. (Score:1)
Not necessarily, there a lot of white hats that don't wish to attract corporate attention to themselves because the Companies they work for have security departments who thiink being called a hacker is grounds for termination! Also they tend to be tired of the script kiddies demanding that they give them information (don't kill them cause they won't learn nothing
Ric
Re:Ignorant fool... (Score:1)
2) The only reasons Mitnick's attorney had to ask for the dates to be pushed back is that the prosecutors and FBI kept doing underhanded things to keep Mitnick on the edge and surprise his lawyers. Like when the FBI swore that the damage Mitnick caused was in the hundred million dollar range (which was the cost of development of the software he copied, not the damage done, since he left all that he found as-is and just copied a few things).
3) The prosecutor coerced Mitnick into signing several documents, such as agreeing that the damage he caused was in excess of 10 million dollars, at the threat of being put in the worst part of a maximum security prison for the rest of the several years he was awaiting adjudication.
4) While talking to his lawyer on a phone in max security prison about his mistreatment, a murderer who was impatient about using the phone himself kicked the shit out of Kevin, causing half of his face to be permanently paralyzed.
No one deserves this. The government fucked him over real thoroughly, trampling all his rights. This is a major government screwup, a Ruby Ridge type screwup, a Waco type screwup. The government doesn't care about the rights of the (perhaps unfairly) accused anymore. But Kevin was punished without so much as a fair hearing, much less a trial. He deserves better than your ignorant bitching. FOAD.
Re:Rather thin gruel for this kind of vitriol (Score:1)
Except that Vranesevich positions himself and his website as a site for original data and info. If you, who by the content of your comment, aren't familiar with antionline see if as a clearinghouse rather than a collection of original and uniquely developed bits of data, that doesn't say much for JP's ability as a "Security expert" or the usefulness of his website, now does it?
Any attack on AntiOnline should be made regarding AntiOnline's quality of reporting. Has AntiOnline (rather than Vranesevich) been incorrect? Has it disseminated false information? Have the scoops, such that they are, been important?
Vranesevich is antionline. And if you can believe the things about JP and antionline that have been documented on attrition.org, the answers to those questions are emphatic yes, yes, and only important in that JP and antionline's so-called scoops seem to have been generated originally by JP and antionline for the benefit of JP and antionline seeming to get a "scoop."
Instead, Forbes has taken the easy way out: slam AntiOnline by insisting that Vranesevich has insufficient "street cred" and that he's litigious.
Among "those on the street who know" JP and antionline have no street cred already. Forbes isn't saying anything new, and he is litigious -- witness his attacks on attrition.org and Packetstorm for trying to portray him in a less-than-flattering-but-more-accurate light than he does himself on his own site.
My opinion is that there is not much that can be said about JP and antionline that is too harsh.
Though you have to admit.. (Score:1)
Most "hackers" the media tries to report on really are nothing but adolescent/high school/college dropout types that pick up a few tips over IRC. Most of them can't code, and DO have exceptional difficulty getting their latest exploit of the week to compile on various operating systems. I'll occasionally see people like this on IRC asking each other how they get rid of really trivial compile errors.
Like you, I disagree totally with the generalizations you mention, though most of your "respected" members of the "hacker" and security industry do happen to have degrees, Real Jobs, that sort of thing, but that hardly means people that *have* dropped out or haven't pursued formal education are "bad" or stupid in the least.
Ouch! (Score:1)
"Even shriller" ?!?!? That hurts my eyes!
Sorry, man. (Score:1)
My newspaper is owned by a corporation that owns a grand total of 8 newspapers in Kansas. The Inquirer's a good paper; you guys get the Pulitzers (perhaps because editors set up the release of great stories to concide with awards time.) My paper hasn't won a Pulitzer in 30 years.
And you probably get paid a lot more than I do. But I hope someone at your paper has a different attitude about news. We always give ample opportunity and space to question experts.
J.
In which case, they can do what the l0pht does... (Score:1)
If they're not willing to meet me halfway (and given that their road is a lot tougher travel than mine) I wouldn't want to talk to them anyway. It'd take too long, and I'd have to pry like a mofo, making them uncomfortable and the rest of the story weaker.
That's another tradeoff that reporters have to make. I sympathize with the intelligent hackers who are making a difference, but I can only coddle them so much.
They're the ones who have to bear the cross of working in an in-bred industry, run by the robber barons of our age. My job is to comfort the afflicted and afflict the comfortable, but I can only do so much of both.
The really big story would be about hackers breaking free of this foolishness and being up front and honest about who they are and what they do. But no one could write about it until it happens.
J.
Here's why it took so long. (Score:1)
Further, why should most agents of "the media" even CARE about JP or Antionline? The only reason anyone cares about The Drudge Report is because he had some juicy tidbits about a certain White House attorney before anyone else (though it took a Newsweek reporter several weeks of hard-nose dredging to get some credible sources.)
What does JP have? A lot of libelous crap that no otherwise informed person would believe, sprinkled with obvious facts you can get anywhere.
As another poster rightly put it, JP can be called a "journalist" inasmuch as Rush Limbaugh can appear on "Meet the Press" (and he has.)
The term has become about as maligned as "hacker." While many hackers can't be expected to care about such malignment, I can understand. Journalists don't generally care about you either.
And as the header to this story pointed out, Forbes did not "report" on JP, an editor wrote an OPINION piece showcasing a few provable facts. It even begins with "It's a sad fact."
Real reporters don't start their stories like that. Real reporters tell you what they've been able to find out, and let YOU decide if it's "sad."
J.
Scorecard? (Score:1)
Perhaps people would even be willing to post copies there.
!Reputation (Score:1)
Images of CPM 'leaving' (Score:1)
Images of CPM 'leaving' (Score:1)
http://berk.dhs.org/dc7/
cpm_booted1.jpg
cpm_booted2.jpg
cpm_booted3.jpg
cpm_booted4.jpg
cpm_booted5.jpg
Defcon pictures ? (Score:1)
And nobody took pics when he was "ejected" from defcon ??
--
Why pay for drugs when you can get Linux for free ?
Re:Score (Score:1)
Childish, yet amusing. (Score:1)
Joe: How can I learn to suck cock as well as JP?
Bub: I don't think anyone can learn to suck cock as well as jp.
********************
There you have it. =)
He probably purports this to be AI, or some other advanced juju.
Re:You missed the point. (Score:1)
I understand that what I quoted was a part of a larger statement, BUT it was the only part that was relevant to the issue that I was raising.
>>Of course, I happen to believe that Steve Forbes' politics are based on a sick cult of personality that follows extremely wealthy people around in a nation which values free market economics above all else.
This exactly what I mean. This is just as inane as when people on the right (the same side I'm on) criticize the president's policies because of his personal flaws (he has many) instead of pointing out the flaws in his decisions. It's not fair, it's not right and in the end it only makes you look worst than the one who ou are slamming.
LK
Re:Rather thin gruel for this kind of vitriol (Score:1)
Wingnut? Why because he thinks that we know better how to spend our money than the federal government does?
Since when is it a sin to have a rich father? His merits as a businessman are what matter, he has shown that he has the ability to make money.
I too have problems with him, but if you must attack him (or anyone else) please base those attacks on reality and real issues. Please elevate it to more than "I don't believe what he believes so he's an asshole".
LK
Re:I hacked... (Score:1)
HappyHacker mentality (Score:1)
(this link is referenced by a broken pi icon from
the main page)
http://www.happyhacker.org/pi.htm
Uh, connection attempts are like logged by syslogd, you dont need to trick someone in to thinking you logged it, you really did CM!
Re:Happy Hacker? (Score:1)
funny.
You missed the point. (Score:1)
The author was suggesting that trying to discredit a publication by making personal attacks on the author is inappropriate. The "wingnut" example was used to underscore the hypocracy of that position.
Of course, I happen to believe that Steve Forbes' politics are based on a sick cult of personality that follows extremely wealthy people around in a nation which values free market economics above all else. But those are just political views, and they aren't relevant to the issue of the quality of his magazine. Which was exactly Twit's point.
Is the writing on the wall for JP? (Score:1)
Goodbye antionline, if you weren't so self opinionated, you might have been useful to the community as a whole, not an asshole.
Re:Happy Hacker? (Score:1)
Re:anti-online (Score:1)
-earl
Re:Right on, Forbes, but why did this take so long (Score:1)
-earl
Re:Happy Hacker? (Score:1)
Re:Defcon pictures ? (Score:1)
Good points. (Score:1)
AdamL.
-Sendmail for NT. A bad solution for a deeper problem.
Re:Happy Hacker? (Score:1)
Score (Score:1)
I *hope* this is the first step of the downfall of AntiOnline. It probably won't be, since evil organizations tend to bounce back like herpes, but you gotta hope...
It will be interesting to see JP's reaction to this article. Does he sue? Does he cry? Does he pack his bags? Does he ignore it?
As other people have said, for a biased but informative account of JP's hijinks, go to attrition.org.
CM Getting The Boot (Score:1)
Enjoy.
pic1 [dhs.org]
pic2 [dhs.org]
pic3 [dhs.org]
pic4 [dhs.org]
pic5 [dhs.org]
There are from http://berk.dhs.org/dc7/ [dhs.org]
Re:Defcon pictures ? (Score:1)
Actually, that's been done every year since defcon V (We've made it a tradition). First, it was "Thanks Carolyn for Monitor Port Hacking. -SysFail" (See her happy hacker series for what "Monitor Port Hacking" is), DC VI was a simple sticker we made from duct tape (It really does hold the universe together) but I forget what we wrote, and then this year we had vinyl stickers that sayed "0wn3d" that we stuck to her. Yes, it was the same group of us each year, and every year we take credit for the previous year's and she still doesn't remember us. She really must be smoking crack. Anyway, coincidentally, it was a friend of mine who was interviewing her about "winning" the capture the flag contest (By cheating, no less) when she was kicked out.
It started when, just as the contest was ending, someone challenged her box on the rules. She had a Redhat box up with what she called enhancements. The compiler was broken, libraries were screwed up (You couldn't even run "w"), and what made her box illegal was the fact you couldn't do any remote maintence on the box. No ssh or even telnet. She wasn't kicked out because her box wasn't compliant, she got kicked out because the guy who complained about her box got rather loud, and they started arguing, and both got kicked out. Although they were just looking for a reason to get rid of Carolyn, I'm sure.
Truth in reporting.. (Score:1)
I can only applaud Adam Penenburg because words have failed me. For once someone has had the guts, in a big media publication, to tell the truth about "JP"; he's not what he claims, he's a poser, a fake, and an unreliable source. He is shunned by the real 'hacking'/'cracking' (whichever you prefer) communities. Attrition.org has documents which, at length, detail his many falsifications, lies, abuses, and other attacks. Proof of his paying people to fabricate his 'scoops.' Proof of his gross abuses of venture capital and other funding. I'm certain something he's doing is illegal, it's only a question of when somebody can afford a lawyer and the time to take him on in court before he is exposed for the fraud that he is.
I truly hope John reads this. I hope he threatens lawsuits and the whole deal. Because then he'll have given slashdot a scoop of their own, and just be exposing himself for the vindictive little child that he is.
-RISCy Business | Rabid unix guy, networking guru
Finally a voice of reason!!! (Score:1)
Re:Happy Hacker? (Score:1)
Re:Defense of the Media (Score:1)
Re:Happy Hacker? (Score:1)
Re: Happy Lamer (Score:1)
Good (Score:1)
Re:Is the writing on the wall for JP? (Score:1)
A Senator Joe McCarthy of the 90's (Score:1)
I think that what needs to be done is for him to be simply shown as the fraud he is everywhere possible. I'd truly like to see him sue anyone. I visited antionline.com for the first time a couple months ago. I see nothing; its not the source of anything and I don't see what you guys find interesting about it. All the information that he provides is available publicly and his archive of stuff is simply an archive of files around. Hes no expert, and hes talking at conferences which pisses me off. Real security experts have a hard time building their credentials and studying systems for years. Patches, fixes etc. It truly saddens me to see something like this. I will make it a point to check his credentials and inform you of what I find out. Thanks for listening
dork boy (Score:1)
JP was a little script kiddie who got booted from college for Denials of Service. A sellout who pimped AOL cluebies into believing he had knowledge. Most of his articles are full of slander and are twisted enough to make a pretzel jealous with envy.
As for his staff, well Brad of AntiOnline has taken interest in harrasment for my AntiOffline.com site which is rather funny since he claims he's going to sue me then beat me...
Then again someone at MicroSoft threatened us with the same thing for www.macroshaft.org. What a joke
Someone needs to spank that little hick named JP and give him the parental attention he's looking for.
AntiOffline [antioffline.com]
MacroShaft [macroshaft.org]
JP hits the lecture circuit (Score:1)
"There's a reason why malicious hackers around the world hate Vranesevich, now here's your chance to learn how to make them hate you too."
Sounds like fun. More details about his workshop can be found here [codexdatasystems.com].
The whole affair sounds as useful as Dr. Nick Riviera from The Simpsons lecturing would-be physicians.
I think this has happened before... (Score:1)
Anyone looking for a background to JP, CPM, and AntiOnline in general should check out Attrition.Org. Look under FIN - there is the remenents of Jericho's documentation regarding liabal and erratta coming from these people. At the very least, it's an amusing read.
Re:Is the writing on the wall for JP? (Score:1)
Please moderate this up. (Score:1)
Some stuff on JP's girlfriend (Score:1)
Meinel Errors (Score:1)
Re:Meinel Errors, yup, my error (Score:1)
you're right!
saramago
Re:I think this has happened before... (Score:1)
AntiOnline's response to Forbes/PSS/etc (Score:1)
The following mail was posted to the PSS Support mail list created back when Ken first ran into problems. It is interesting to note that JP mailed this to PSS, and *apparently* not to Forbes. I was also told by fairly reliable sources that Carolyn Meinel called Adam Penenberg and threatened to "ruin his career" over the last piece. Anyway, this was sent anonymously to many people, including the PSS list, myself, and at least one
=-=
Greetings:
When Kroll-O'Gara acquired PacketStorm, it was my belief,and hope, that they would manage it in a professional, and corporate manner.
Now, low and behold, I visit the site today, only to find the type of slanderous remarks that one would expect from a site run by a young teenage hacker, not be a large corporation.
Packet Storm.
The World's Largest Internet Security Resource.
Check out this excellent article by Penenburg
in Forbes Magazine on the real story behind JP,
AntiOnline and PSS. Also read the thread
on slashdot.org
Just so that I have the record straight in my own mind, is it going to be Kroll-O'Gara's intention to attempt to defame myself or my company in the months to come? Because if it is, I would like to know in advance, so I have the opportunity to
prepare myself.
I hope that the current administration of PacketStorm will behave in a more mature manner in the future, and not in one which appears to be designed to cause conflict between our two
organizations.
Yours In CyberSpace,
John Vranesevich
Founder, AntiOnline
Re:Ignorant fool... (Score:1)
Not yet...but it's coming... (Score:1)
Re:Try HackerNews.com, talk to Space Rogue (Score:2)
I read HNN every day. Wouldn't miss it for the world.
Re:Defcon pictures ? (Score:2)
Bombay Atomic Research Centre... (Score:2)
"B'Hadvah Atomic Research Center." When Koch corrected him, JP
admitted it must have been India."
Actually, it's called the Bhabha Atomic Research Centre. (after Homi Bhabha, nuclear physicist).
So phonetically JP was closer to the mark than Koch, though
of course he got the country wrong.
When does someone become a public figure? (Score:2)
Ryan
A few points. (Score:2)
I can understand how difficult it is to find experts if you're not familiar with the field, especially in hacking. However, I think it is safer not to purport someone as an 'expert' if you're really not sure. The motivation of the press in this case is clearly to make an attractive story first, and to worry about the accuracy second (if possible).
While the press may not know who the experts are, I think some application of common sense and experience can derive the truth for the most part. The press cerrtainly could have done a better job investigating JPs credentials. His story simply doesn't compute. Futhermore, if you talk to virtually any sysadmin or ex-hacker(whitehat) familiar with the art that is worth his salt, they'll tell you JP is a joke.
I, for one, happen to have known JP since his early days on undernet (IRC) in #cha0s and #hack*. About two years ago I spoke with Javes Glave of wired magazine on IRC, I gave the run down (my opinion) on both Analyzer (the stupid israeli hacker) and JP. Whie I can't argue that he lied per se, he should have known better. He published JP as if it were the gospel, and published only snippets of my comments which served to give his story a little spice.
JP has nothing in the way of technical skills, any examination of will reveal this. At most one could argue that he is 'connected' to the hacker scene. In reality, JP is just a media conduit for the latest script kiddy who _wishes_ a little media play. The problem is that JP doesn't just relay; he distorts everything in a self-serving fashion.
let's ask *the* authority on hackers - AskBub.com (Score:2)
Hey kw, I am Bub.
Feel free to ask me anything related to computer security, privacy, information warfare, or hackers. I'll do my best to answer your questions.
Please keep in mind that I am learning new things about security all the time, so check back often. If you think your company may be interested in helping teach me, see our affiliates page. Or, if you'd like to add me to your website, visit this page.
kw:
Is John Vranesevich a security expert?
Bub:
John Vranesevich is the founder and General Partner of AntiOnline.
He left the University of Pittsburgh after his freshman year to devote his full energies to AntiOnline. He considers himself an "information security enthusiast" who likes to help educate others about the importance of security, privacy, and responsiblity as it relates to computers and the internet. John has been quoted thousands of times on a variety of topics including by such organizations as: The New York Times, The CBS Evening News, The British Broadcasting Corporation, The Washington Post, The Boston Herald, National Public Radio, Wired News, and the San Francisco Chronicle.
He can be reached by sending an e-mail to jp@antionline.com.
kw:
What is an information security enthusiast?
Bub:
Just like with any other system, router's aren't bullet-proof. Take a look at AntiCode's Router Archive for examples of exploits which have effected these devices.
kw:
Bub, what is security?
Bub:
Just like with any other system, router's aren't bullet-proof. Take a look at AntiCode's Router Archive for examples of exploits which have effected these devices.
kw:
Are hackers inherently evil?
Bub:
Social Engineering isn't as romantic as it sounds. It basically involves the hacker lying to a user, in order for them to obtain information, in many cases, your password. AntiOnline's Figh-Back! section has more information about social engineering, and even gives a sample conversation between a hacker and a victim user.
kw:
Are your answers more accurate and enlightening than those provided by a magic eight ball?
Bub:
Yes!
--
Respectfully,
Ken Williams
Someone in the media gets a clue! (Score:2)
Course, now that he's finally been publicly discredited, like all good net kooks, he'll get even shriller and more annoying.
An epidemic of expertise... (Score:2)
So what's the answer? Switch to a new 'expert,' and watch them go down in flames? This goes beyond JP's megalomaniacal campaign since 'experts' get quoted all the time in the news. Experts who dictate the laws government will pass on violence in movies/games/TV and the like.
Re:Rather thin gruel for this kind of vitriol (Score:2)
Personally, I can't testify whether the charges are valid or not - I'm not a security expert, more of a security dabbler. I do know that they were nowhere to be found in the Forbes article.
Consider that this kind of attack has been made before, to great outrage from the
When you let journalists get away with this kind of shoddy reporting, you're just encouraging laziness and intellectual dishonesty. When it goes along, even without the applause it's been getting on
--
attrition (Score:2)
Re:Good sources are hard to find all around. (Score:2)
Usually the people who are looking to sources just want the spotlight and will say anyhting ot get it.
The best sources are usually too involved with their field to be noticed/bothered. They have to be tracked down through phone calls and friends of friends, etc. And with that, the person tracked down may not even want to talk. It can be easier to just settle with the first available.
Journalism, like society is getting lazy, and looking for the quick and easy. If there is someone standing at the front door when you leave to go looking then that person probably gets quoted. The ever increasing demands for more and faster of whatever helps drive this.
Happy Hacker? (Score:2)
Pardon my afterglow, but... (Score:3)
For instance, Packetstorm was always a better, more informative place than the JP Fan Club that is AntiOnline, yet Packetstorm got booted for smearing JP and Carolyn no more harshly than AntiOnline smears Packetstorm, Kevin Mitnick, Slashdot (remember when they were denying refers from Slashdot, because "The site you have just come from is a haven for hackers"), and everyone worth respecting in the geek/hacker/tech community. Now, I'm no hacker, I wouldn't know the difference between a Perl script and a pearl onion, but I'm savvy enough to know that JP is a condescending b-tch and that I'll take Slashdot over his a-- any day.
Not to mention what he's said about Kevin Mitnick. I don't care if Kevin were Stalin, you don't put people behind bars without trial or even a fair prelim hearing for years and years, this is America and if AntiOnline were at all respectable they'd be pointing that out instead of trying to capitalize on Kevin's unconstitutional misfortune. JP should be ashamed of himself. Instead of siding with the Constitution, AntiOnline and its cyber-jackbooted-thugs have obviously sided with Big Brother and the FBI Domestic Police State Unit.
AntiOnline's JP and Carolyn are the same sort of semi-illiterates who'd outlaw reverse engineering to protect the profits of the status-quo--just look at all the "tech news" on their website, it's obviously geared towards not-so-computer-literate corporate suits, for the purposes of JP's own aggrandizement. I know little about the fundamental internal processes involved in computing, and my Linux-Mandrake 6.0 CD is still sitting here (til I get a 2nd drive) uninstalled because I'd rather have my four.five gigs of pr0n. Yet even I feel the articles at AntiOnline are below my own level of literacy. Despite its claims, then, AntiOnline is not at all about computer security--Packetstorm is, Slashdot sometimes is, even 2600 is more so than AntiOnline. So if it's not about computer security, the only conclusion I can come up with is that it's about JP sucking up to corporate suits, period. Just my 2 cents.
--Taylor, whose login was eaten by the Slashmonster
Yeah, actually I have tried. (Score:3)
Sure, "black hat" crackers aren't going to want to be found, but the "white hats" generally WANT the press (though if you make a mistake, they make you regret it.)
It's hard to gain their trust, but it should be. A lot of the time with hacker sources, the easier it is to talk to them, the less credible they are. Case in point: John P.
If you ever doubt the ability of a hacker, just look for his or her work. "Show me the code" shouldn't just be the cry of an open-source consumer. If you can't read code (like me), get a good working relationship with a non-flaky programmer (like I have.)
Anyone in the l0pht, in particular mudge, I would consider credible. You send them an e-mail, they reply. www.hackernews.com is surprisingly on the level, as is Simple Nomad of www.nmrc.org.
In addition, many large IT firms or IT departments of large corporations employ hackers. If all else fails, take up a hobby of reading some oddball Usenet group. Surprisingly enough, many hackers are also authors of goony prose.
J.
Re:Happy Hacker? (Score:3)
-mike kania
Re:They forgot scientific american... (Score:3)
The sad thing is that no one knows everything about every topic, and sometimes we just take the short-cut of believing what we're told, if it's far from our expertise.
That used to work just about fine. I read Scientific American (and still do) and find parts of it fascinating, especially when they're talking about stuff I don't understand. ;-) But when they run garbage about stuff that I do know about, it really makes me wonder what other garbage is in there on topics that I don't know about.
Bad reporting doesn't just do a disservice to the readers; it also damage the credibility of the publication. Some Scientific American editor should have checked up on Meinel and then dragged her article to the shredder icon. It's disillusioning to see a beloved magazine that I grew up with, suddenly tainted in my eyes. I can't fscking believe Meniel's been in the same publication as Hofstadter... *sigh*
---
Have a Sloppy day!
Re:They forgot scientific american... (Score:3)
The stereotypes that I remember:
The subtext:
Honestly, I took it for more MS Astroturf(TM) at the time.
JP/Cha0s (Score:3)
You should think of him and his web site as one big social engineering hack on the media. That's all it is.
Rather thin gruel for this kind of vitriol (Score:3)
Any reader of Brill's Content will note that most journalists aren't formally or practically educated in the fields which they cover. Whether this should be so is grounds for another post, of course, but I'd think that Vranesevich, as operator/publisher/editor of AntiOnline would qualify as a journalist. Not a great one, either, but still.
Any attack on AntiOnline should be made regarding AntiOnline's quality of reporting. Has AntiOnline (rather than Vranesevich) been incorrect? Has it disseminated false information? Have the scoops, such that they are, been important? And so on, and so forth. Instead, Forbes has taken the easy way out: slam AntiOnline by insisting that Vranesevich has insufficient "street cred" and that he's litigious.
No doubt Forbes would shy away from the same argument, applied to themselves: since Steve Forbes is a trust-funded, socially conservative wingnut, Forbes Magazine is obviously a rag.
Well, it is a rag, but that's not why.
--
Defense of the Media (Score:4)
Really, you've got to take what people tell you and try to disseminate it into an article about a field you're usually not an expert in. It's not as easy as it looks, but when the editor says "hop" you'd better already know how high.
Contrary to popular /.'er belief, the media (even Jesse Berst) isn't out to distort facts or intentionally get things wrong. It's just a matter of not getting good enough quality information from sources.
If someone can talk to the media and make themselves understood (and seem to know of whence they speak), they're a good source until proven otherwise.
That said, I'm glad that egomaniac JP is getting his at long last -- that Packet Storm thing POed me something royal.
----
Adam Penenburg seems to be cool (Score:4)
--
Right on, Forbes, but why did this take so long? (Score:4)
Once Vranisevich got himself quoted in the New York Times, all the rest of us media people saw him every time we ran a Nexis-Lexis (newspaper database) search on a tech issue. Since the New York Times is the PAPER OF RECORD, and never gets anything wrong, Vranisevich was now a Trusted Source.
But as anyone who reads their weekly Circuits section knows, the Times is no expert on tech issues. They get things wrong all the time--mostly little details that don't seem so important unless you are a rarefied expert in the field, but they do get them wrong.
And they, and the Washington Post, and a few others, really misjudged little Jon Vranisevich.
What is odd is that so few tech reporters seem to really follow the online scene closely. Antionline has been dismissed as a fraud by the hacker/security community at large at least since last year (lots of others thought he was full of it before that, I am sure, and yet the mainstream press kept quoting him.
Forbes has probably done us all a huge service here. Even if the NYT/WashPost/WSJ don't pay attention to Attrition/L0pht/Slashdot enough (yet), they do read Forbes.
I beg to differ. (Score:4)
Because unfortunately, most of the stories your paper runs from outside the local area are probably from one source (the AP collective). And because, like it or not, if the NYT or the WSJ or the Washington Post prints it, most reporters think something is true. And because if a newspaper prints it, the TeeVee drones dutifully put it on the air, minus 99 percent of the content and analysis. And because most of the media [thenation.com] (probably including yours) is owned by gigantic evil mega-corporations obsessed with increasing shareholder value at the expense of their viewers'/readers' minds.
More importantly, though, your average local reporter knows a little about a lot, but a lot about only a little, of what she or he covers. That means we rely on experts, and I think too often, we anoint experts without really knowing too much about how much they actually know.
And I think using the Nexis-Lexis database to find experts is just about the WORST thing a reporter can do. Because that leads to the kinds of vicious spirals that turn idiots like Vranesevich into spokesmen for things they know little or nothing about. We should spend a little extra time and find our own experts by researching the field we report on, talking to the relevant players, and figuring out who they respect.
This is an interesting discussion, so don't be offended by my self righteous tone. I sometimes rely on these anointed experts too, but I wish I didn't.
[ps-this was already posted once, but somehow ended up in a completely different article]
They forgot scientific american... (Score:4)
It's a shame that they didn't react, 2 months later one could read the article in the foreign "brother" newspapers of scientific american. I wrote an angry letter to them, but they insisted mrs. meinel had a good reputation in security circles.
I wonder why I have NEVER seen ANY information of her or her affiliates on bugtrag/ntbugtaq/comp.security.* . Argh, perhaps I'm just to idealistic to think there have to be some journalists who bother to get any information, but this makes me really angry.
Have you ever tried to find a good hacker source? (Score:5)
Before I start, a bit of a mea culpa: I used JP on my site, even did a profile on him back in March or April of '98. And back then, quite frankly, he wasn't a bad source. He had some good stuff, decent contacts, and was still interested in reporting on the hacker scene.
Then, early this year, he re-launched his site and adopted a new editorial policy. And I stopped calling him -- not because of his opinions, because he can do his site however he wants -- but in covering hacking, I need sources that will help me contact and understand the hacking community, not bash it. I want to leave the value judgements to the readers. Thus, I want to have actual hackers as sources, as well as real-world big-time security experts on the other side. Without slamming him one way or another, it's safe to say that JP is neither.
Covering hackers is hard. With a few exceptions, most hackers don't want to be found, and those willing to talk to media usually want a slew of protections. And of course, we in the media have to try to determine whether these folks are bonafide hackers, or just guys who hang out on IRC and play with downloads from last year's B.O. release. It's a tough call, and there are many of us who dropped the ball at one point or another.
As for this column, this was probably the safest way to cover the questions surrounding JP, PacketStorm, and the other controversies. Many journalists have looked into this at one time or another, but there just aren't enough people willing to go on the record to make it a straight news story. But a columnist, as someone writing an opinion piece, has a little more leeway. He must still write factually, but can put forth theories more readily that someone writing straight news stories. I'm glad someone was able to figure out how to report this.
And I wouldn't worry too much about the lawsuits. One could easily argue that by speaking to the media -- indeed, by seeking out news coverage -- JP has made himself into somewhat of a public figure when it comes to the hacking community. If someone slammed JP because of his personal life, then that would be grounds for a suit. But since he's putting himself out there as the expert, questioning that expertise in a public forum is more than appropriate. Of course, I'm not a lawyer...!
That's it. Hope the perspective helps. As usual, this is my opinion, not that of ABCNEWS.com, ABC, Infoseek, Disney, the Mouse, etc., et. al.