

High number of infosec textbooks almost 100% copied, according to attrition.org - pvarangot
http://www.fastcompany.com/1769244/plagiarism-professionals

======
thirsteh
As somebody who works in the industry, I'm hardly surprised by this, although
~99% is pretty crazy. There seems to be a much higher percentage of snake
oil/pretend vs. real deal in security than other industries. There are some
really, really smart people, and then there's this vast horde of people who've
remembered a list of buzzwords and not much else. I guess that's partly
because it's so easy to get away with not producing any actual results since
they are so hard to quantify--at least when kids with Metasploit and Sqlmap
aren't out to get you :)

------
bobbywilson0
Bold statement coming from the author: 'All modern computer program languages
use what is known as an "object oriented" model, which means code is designed
to be modular--like swappable, repeatable, spawning objects.'

~~~
codedivine
The first paragraph of the article is painful to read.

~~~
astrodust
Maybe it was copied from another source and slapped in there to sound
educated.

------
armored
None of these authors have been published by any respectable publisher. I
doubt any are in use as textbooks. The whole premise of this article is
flawed.

------
sagarun
More about Ankit fadia <http://en.wikipedia.org/wiki/Ankit_Fadia> .He appears
on MTV india and does a show called "What the hack".

~~~
djm
It's amazing to see that guy still going. I remember seeing a PDF of his first
book which was, if I remember correctly, largely a bunch of pasted unix man
pages for various security tools and bits and pieces of guidebooks from the
linux documentation project.

This was probably 10+ years ago so I don't want to make any judgements about
his work now. If he has carried on as he started it's hard to believe he has
managed to make a following for himself.

I guess if you publish enough stuff over a long enough time people come to see
that as evidence of credibility.

------
lytfyre
Anyone else notice that the photo is of Cory Doctorow?

~~~
jleader
There's a photo credit at the bottom that links to the picture on flickr,
where it has a _ton_ of annotations, by Doctorow and others.

------
lurker19
Wait to see what attribution.org has to say about all this.

------
aklein
Should I state the obvious that, when you're looking for textbooks, it's
important to choose a reputable publisher? They're suppose to catch stuff like
this.

~~~
_delirium
A decent number of the non-self-published ones seem to come from Course
Technology PTR, which is moderately respectable. They do have something of a
reputation for not being too rigorous or selective, but until now I hadn't
thought of them as having a _bad_ reputation, just a bit of a shamelessly
commercial one. They rush out large numbers of textbooks on recent
technologies, of mixed quality, but some are good. Apparently their reviewing
could use some improvement, though.

~~~
keithpeter
I think it could!

On a recent contract for writing e-learning materials I had an editor who was
herself a subject expert going over the words, references and the actual
pedagogic design. Then I had the multimedia team suggesting changes and
sequencing the material.

I'd say the original writing was 40% and the response to editing was 60%.

PS have a look at the image they used on the top of the article... I've got an
embarrassingly large number of those books...

~~~
_delirium
Hmm, interesting. That level of detail is fairly uncommon for academic
publishing from what I know, though I am not too experienced myself. When
someone like MIT Press publishes a book, the way I've heard the process
described is that three external academic reviewers will give high-level
feedback and make publish/don't-publish recommendations, and then one MIT
Press editor not necessarily expert in the area will do
layout/stylistic/copy/flow editing. But partly that's because they have a line
to walk between providing real editing and quality control, but also providing
a not-too-filtered platform for authors to put out their own views.

I would _hope_ that extensive plagiarism would be caught by one of the
academic reviewers, though.

Though with Course PTR it's probably more just lack of per-book resources.
When you're rushing to get out a book that amounts to a manual for XNA 3.1,
and you put out dozens of those books a year, there's only so much detailed
editing you can give it.

------
shareme
Could you imagine the honesty that could be conveyed by Anonymous authoring
such a book?

You would not only get correct info of how to secure a network or server but
also such good advice as how to be a good cyber corporate citizen and how by
not being a dick corporation pays dividends..okay part of this is sarcastic
yes..

~~~
colonelxc
I think a lot of people overestimate the capabilities of Anonymous and the
like. Surely there are probably a few in there ranks that actually do know
what they're doing, but most are going to be script kiddies, or even lower
(basically a human powered botnet operating the LOIC).

I think that what Anonymous does teach us is precisely why it is important to
be a good cyber citizen, for all the bad media that will come up if you anger
the hive. There's actual security lessons too (you actually need to make the
effort to try and eliminate the low hanging fruit, to have security in mind
from the beginning, to factor in the risks of a large data loss or
defacement).

I think that book could be written by many people in the infosec world, as the
details are already public and the attacks are not that sophisticated. The
thing is that there are already lots of "best practices" that are not being
followed that allow a lot of these hacks to happen. It's true that you may
never be confident in how secure or insecure you are, but if you aren't doing
the basics (using frameworks that help take care of the basics of things like
SQLi, XSS, and CSRF vulns), then you're already behind.

