Feeds

Experts troll 'biggest security mag in the world' with DICKish submission

Researchers SICK OF SPAM submit ridiculous piece to Hakin9

Secure remote control for conventional and virtual desktops

Updated Security researchers have taken revenge on a publishing outlet that spams them with requests to write unpaid articles – by using a bogus submission to satirise the outlet's low editorial standards.

Hakin9 rather grandly bills itself as the "biggest IT security magazine in the world", published for 10 years, and claims to have a database of 100,000 IT security specialists. Many of these security specialists are regularly spammed with requests to submit articles, without receiving any payment in return.

Rather than binning another of its periodic requests, a group of researchers responded with a nonsensical article entitled DARPA Inference Checking Kludge Scanning, which Warsaw-based Hakin9 published in full, apparently without checking. The gobbledygook treatment appeared as the first chapter in a recent eBook edition of the magazine about Nmap, the popular security scanner.

In reality there's no such thing as DARPA Inference Checking Kludge Scanning (or DICKS, for short) and the submission was a wind-up. Nonetheless an article entitled Nmap: The Internet Considered Harmful - DARPA Inference Checking Kludge Scanning appeared as the lead chapter in recent eBook guide on Nmap by Hakin9.

This content is normally only available to paid subscribers. However the rib-tickling chapter can still be found here (PDF), perhaps for a limited time only.

"Maybe they were sick of Hakin9's constant please-write-an-unpaid-article-for-us spam and decided to submit some well-crafted gibberish in response," security researcher Gordon Lyon (Fyodor) wrote in a post to the popular seclists mailing list last week. "They clearly chose that title so just so they could refer to it as DICKS throughout the paper. There is even an ASCII penis in the 'sample output' section, but apparently none of this raised any flags from Hakin9's 'review board'."

The nine-page article includes references to "the 10th-percentile latency of NMAP, as a function of popularity of IPv7". While the writers cite 27 references, including seminal journal articles like "Towards the Synthesis of Vacuum Tubes" and "Decoupling 802.11 Mesh Networks From Hierarchical Databases in DNS".

All, of course, complete cobblers from the authors, credited as Jon Oberheide, Nico Waisman, Matthieu Suiche, Chris Valasek, Yarochkin Fyodor, the Grugq, Jonathan Brossard and Mark Dowd.

"All credit for the Hakin9 article belongs to @endrazine [Jonathan Brossard] http://seclists.org/nmap-dev/2012/q3/1050 Hopefully the end result will be less Hakin9 spam in your inbox," said Jon Oberheide, in a Twitter update.

Lyon - the original developer of Nmap - reckons the authors used the Automatic CS Paper Generator as a starting point but this remains unconfirmed.

Amusingly, Hakin9 is now threatening unspecified legal action unless Lyon pulls the guide and his initial post ridiculing the publication of the nonsensical article.

"I guess they expected the security community to be impressed by their DICKS, but instead they faced scorn and ridicule," Lyon writes in a follow-up post to seclists. "Now they're so embarrassed by everyone mocking their DICKS that they had their lawyer send me a removal demand."

Despite these quasi-legal threats, Lyon (along with several other security researchers) still received a request to submit an article to Hakin9 on Wednesday. "Anyone have good ideas for what I should submit? Maybe a paper on the Continuously Updating Nmap Technology System," Lyon suggested.

The incident prompted one advertiser to withdraw support from Hakin9. "We have officially withdrawn any advertisement investment from HAKIN9 in response to the nmap guide fiasco," eLearnSecurity said.

The whole episode recalls the so-called Sokal hoax. Alan Sokal, a physics professor at New York University, submitted a nonsensical article to Social Text, an academic journal of postmodern cultural studies in 1996. The submission was designed to test whether the journal would publish an article "liberally salted with nonsense if it (a) sounded good and (b) flattered the editors' ideological preconceptions," as Sokal explains.

Social Text, much like Hakin9, fell for the ruse.

In a statement, Hakin9 admitted to El Reg that it was at fault for publishing the DICKS paper and promised to do better in future.

A mistake has been made on our part, which has led to a vast amount of criticism towards Hakin9. This situation has influenced us to reflect on our past choices and policies. We want to assure you that from now on we will be working even harder to bring you the best material on IT security out there. We also wanted to take this time to thank all of you for staying by our side; with special thanks to our authors, beta-testers, proofreaders and partners. Thank you all.®

The essential guide to IT transformation

More from The Register

next story
Assange™: Hey world, I'M STILL HERE, ignore that Snowden guy
Press conference: ME ME ME ME ME ME ME (cont'd pg 94)
Premier League wants to PURGE ALL FOOTIE GIFs from social media
Not paying Murdoch? You're gonna get a right LEGALLING - thanks to automated software
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
Ballmer quits Microsoft board to spend more time with his b-balls
From Clippy to Clippers: Hi, I see you're running an NBA team now ...
Online tat bazaar eBay coughs to YET ANOTHER outage
Web-based flea market struck dumb by size and scale of fail
Kate Bush: Don't make me HAVE CONTACT with your iPHONE
Can't face sea of wobbling fondle implements. What happened to lighters, eh?
Amazon takes swipe at PayPal, Square with card reader for mobes
Etailer plans to undercut rivals with low transaction fee offer
Call of Duty daddy considers launching own movie studio
Activision Blizzard might like quality control of a CoD film
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.