Feeds

Experts troll 'biggest security mag in the world' with DICKish submission

Researchers SICK OF SPAM submit ridiculous piece to Hakin9

Beginner's guide to SSL certificates

Updated Security researchers have taken revenge on a publishing outlet that spams them with requests to write unpaid articles – by using a bogus submission to satirise the outlet's low editorial standards.

Hakin9 rather grandly bills itself as the "biggest IT security magazine in the world", published for 10 years, and claims to have a database of 100,000 IT security specialists. Many of these security specialists are regularly spammed with requests to submit articles, without receiving any payment in return.

Rather than binning another of its periodic requests, a group of researchers responded with a nonsensical article entitled DARPA Inference Checking Kludge Scanning, which Warsaw-based Hakin9 published in full, apparently without checking. The gobbledygook treatment appeared as the first chapter in a recent eBook edition of the magazine about Nmap, the popular security scanner.

In reality there's no such thing as DARPA Inference Checking Kludge Scanning (or DICKS, for short) and the submission was a wind-up. Nonetheless an article entitled Nmap: The Internet Considered Harmful - DARPA Inference Checking Kludge Scanning appeared as the lead chapter in recent eBook guide on Nmap by Hakin9.

This content is normally only available to paid subscribers. However the rib-tickling chapter can still be found here (PDF), perhaps for a limited time only.

"Maybe they were sick of Hakin9's constant please-write-an-unpaid-article-for-us spam and decided to submit some well-crafted gibberish in response," security researcher Gordon Lyon (Fyodor) wrote in a post to the popular seclists mailing list last week. "They clearly chose that title so just so they could refer to it as DICKS throughout the paper. There is even an ASCII penis in the 'sample output' section, but apparently none of this raised any flags from Hakin9's 'review board'."

The nine-page article includes references to "the 10th-percentile latency of NMAP, as a function of popularity of IPv7". While the writers cite 27 references, including seminal journal articles like "Towards the Synthesis of Vacuum Tubes" and "Decoupling 802.11 Mesh Networks From Hierarchical Databases in DNS".

All, of course, complete cobblers from the authors, credited as Jon Oberheide, Nico Waisman, Matthieu Suiche, Chris Valasek, Yarochkin Fyodor, the Grugq, Jonathan Brossard and Mark Dowd.

"All credit for the Hakin9 article belongs to @endrazine [Jonathan Brossard] http://seclists.org/nmap-dev/2012/q3/1050 Hopefully the end result will be less Hakin9 spam in your inbox," said Jon Oberheide, in a Twitter update.

Lyon - the original developer of Nmap - reckons the authors used the Automatic CS Paper Generator as a starting point but this remains unconfirmed.

Amusingly, Hakin9 is now threatening unspecified legal action unless Lyon pulls the guide and his initial post ridiculing the publication of the nonsensical article.

"I guess they expected the security community to be impressed by their DICKS, but instead they faced scorn and ridicule," Lyon writes in a follow-up post to seclists. "Now they're so embarrassed by everyone mocking their DICKS that they had their lawyer send me a removal demand."

Despite these quasi-legal threats, Lyon (along with several other security researchers) still received a request to submit an article to Hakin9 on Wednesday. "Anyone have good ideas for what I should submit? Maybe a paper on the Continuously Updating Nmap Technology System," Lyon suggested.

The incident prompted one advertiser to withdraw support from Hakin9. "We have officially withdrawn any advertisement investment from HAKIN9 in response to the nmap guide fiasco," eLearnSecurity said.

The whole episode recalls the so-called Sokal hoax. Alan Sokal, a physics professor at New York University, submitted a nonsensical article to Social Text, an academic journal of postmodern cultural studies in 1996. The submission was designed to test whether the journal would publish an article "liberally salted with nonsense if it (a) sounded good and (b) flattered the editors' ideological preconceptions," as Sokal explains.

Social Text, much like Hakin9, fell for the ruse.

In a statement, Hakin9 admitted to El Reg that it was at fault for publishing the DICKS paper and promised to do better in future.

A mistake has been made on our part, which has led to a vast amount of criticism towards Hakin9. This situation has influenced us to reflect on our past choices and policies. We want to assure you that from now on we will be working even harder to bring you the best material on IT security out there. We also wanted to take this time to thank all of you for staying by our side; with special thanks to our authors, beta-testers, proofreaders and partners. Thank you all.®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Special pleading against mass surveillance won't help anyone
Protecting journalists alone won't protect their sources
Big Content Australia just blew a big hole in its credibility
AHEDA's research on average content prices did not expose methodology, so appears less than rigourous
Vodafone to buy 140 Phones 4u stores from stricken retailer
887 jobs 'preserved' in the process, says administrator PwC
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.