Slashdot Mirror
Forbes Takes on AntiOnline
infojack writes to us with the the word that Forbes is running a story on AntiOnline.
It's a op-ed piece by Adam Penenberg, talking about the creds of John Vranesevich and some of the PacketStorm flap. What I found most interesting was the outright recognition of how the media operates with "experts", and reporters use of the same people over and over.
I've just had a major mental orgasm. I have had this rational, not irrational mind you, *rational*, hatred of Vranesevich for so long that I've been waiting for a mainstream outlet to expose him. This isn't a flame, it's just that when people behave as badly, arrogantly, rudely, and ignorantly as JP and that troll Carolyn, and yet get *venerated* by the media and even some IT people for it, it makes you question your sense of reality, morality, and the whole of Western Civilization. This is a major relief, that finally this point of view is shared by people outside of 2600 and Slashdot...
For instance, Packetstorm was always a better, more informative place than the JP Fan Club that is AntiOnline, yet Packetstorm got booted for smearing JP and Carolyn no more harshly than AntiOnline smears Packetstorm, Kevin Mitnick, Slashdot (remember when they were denying refers from Slashdot, because "The site you have just come from is a haven for hackers"), and everyone worth respecting in the geek/hacker/tech community. Now, I'm no hacker, I wouldn't know the difference between a Perl script and a pearl onion, but I'm savvy enough to know that JP is a condescending b-tch and that I'll take Slashdot over his a-- any day.
Not to mention what he's said about Kevin Mitnick. I don't care if Kevin were Stalin, you don't put people behind bars without trial or even a fair prelim hearing for years and years, this is America and if AntiOnline were at all respectable they'd be pointing that out instead of trying to capitalize on Kevin's unconstitutional misfortune. JP should be ashamed of himself. Instead of siding with the Constitution, AntiOnline and its cyber-jackbooted-thugs have obviously sided with Big Brother and the FBI Domestic Police State Unit.
AntiOnline's JP and Carolyn are the same sort of semi-illiterates who'd outlaw reverse engineering to protect the profits of the status-quo--just look at all the "tech news" on their website, it's obviously geared towards not-so-computer-literate corporate suits, for the purposes of JP's own aggrandizement. I know little about the fundamental internal processes involved in computing, and my Linux-Mandrake 6.0 CD is still sitting here (til I get a 2nd drive) uninstalled because I'd rather have my four.five gigs of pr0n. Yet even I feel the articles at AntiOnline are below my own level of literacy. Despite its claims, then, AntiOnline is not at all about computer security--Packetstorm is, Slashdot sometimes is, even 2600 is more so than AntiOnline. So if it's not about computer security, the only conclusion I can come up with is that it's about JP sucking up to corporate suits, period. Just my 2 cents.
--Taylor, whose login was eaten by the Slashmonster
This is all stuff I assume you know already. I'm just being indignant because I can.
Sure, "black hat" crackers aren't going to want to be found, but the "white hats" generally WANT the press (though if you make a mistake, they make you regret it.)
It's hard to gain their trust, but it should be. A lot of the time with hacker sources, the easier it is to talk to them, the less credible they are. Case in point: John P.
If you ever doubt the ability of a hacker, just look for his or her work. "Show me the code" shouldn't just be the cry of an open-source consumer. If you can't read code (like me), get a good working relationship with a non-flaky programmer (like I have.)
Anyone in the l0pht, in particular mudge, I would consider credible. You send them an e-mail, they reply. www.hackernews.com is surprisingly on the level, as is Simple Nomad of www.nmrc.org.
In addition, many large IT firms or IT departments of large corporations employ hackers. If all else fails, take up a hobby of reading some oddball Usenet group. Surprisingly enough, many hackers are also authors of goony prose.
J.
damned vulpine http://sb.drtwister.com/
Although it's a (relatively) biased view, you can check out attrition.org, specifically this for info on attrition's thoughts on JP & antionline. As far as the happy hacker series goes, check here. Over at attrition they really don't like JP & Carolyn Meinel, though, so take what you read with a grain of salt :)
-mike kania
The sad thing is that no one knows everything about every topic, and sometimes we just take the short-cut of believing what we're told, if it's far from our expertise.
That used to work just about fine. I read Scientific American (and still do) and find parts of it fascinating, especially when they're talking about stuff I don't understand. ;-) But when they run garbage about stuff that I do know about, it really makes me wonder what other garbage is in there on topics that I don't know about.
Bad reporting doesn't just do a disservice to the readers; it also damage the credibility of the publication. Some Scientific American editor should have checked up on Meinel and then dragged her article to the shredder icon. It's disillusioning to see a beloved magazine that I grew up with, suddenly tainted in my eyes. I can't fscking believe Meniel's been in the same publication as Hofstadter... *sigh*
---
Have a Sloppy day!
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
The stereotypes that I remember:
The subtext:
Honestly, I took it for more MS Astroturf(TM) at the time.
Sheesh, evil *and* a jerk. -- Jade
I used to have run-ins on IRC with "JP" when he ran with the Cha0s, Inc "hacker" group. That was when he was still in high-school, committing daily ping-flood attacks and generally being obnoxious. When he went to college and got his dormatory ethernet connection and put up his first "security" web site I just laughed. But I never expected anyone to take him seriously.
You should think of him and his web site as one big social engineering hack on the media. That's all it is.
The times I've visited AntiOnline (and that not often, but still), it has struck me as being much more of an information clearing house than a source for original content, which Forbes seems to be insinuating. Visiting today, it really still is. Which isn't a bad thing, either (look at /.)
Any reader of Brill's Content will note that most journalists aren't formally or practically educated in the fields which they cover. Whether this should be so is grounds for another post, of course, but I'd think that Vranesevich, as operator/publisher/editor of AntiOnline would qualify as a journalist. Not a great one, either, but still.
Any attack on AntiOnline should be made regarding AntiOnline's quality of reporting. Has AntiOnline (rather than Vranesevich) been incorrect? Has it disseminated false information? Have the scoops, such that they are, been important? And so on, and so forth. Instead, Forbes has taken the easy way out: slam AntiOnline by insisting that Vranesevich has insufficient "street cred" and that he's litigious.
No doubt Forbes would shy away from the same argument, applied to themselves: since Steve Forbes is a trust-funded, socially conservative wingnut, Forbes Magazine is obviously a rag.
Well, it is a rag, but that's not why.
--
--
There is no premature anti-fascism. -Ernest Hemingway
Really, you've got to take what people tell you and try to disseminate it into an article about a field you're usually not an expert in. It's not as easy as it looks, but when the editor says "hop" you'd better already know how high.
Contrary to popular /.'er belief, the media (even Jesse Berst) isn't out to distort facts or intentionally get things wrong. It's just a matter of not getting good enough quality information from sources.
If someone can talk to the media and make themselves understood (and seem to know of whence they speak), they're a good source until proven otherwise.
That said, I'm glad that egomaniac JP is getting his at long last -- that Packet Storm thing POed me something royal.
----
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
Do a Google search on Adam Penenburg; find his email address and write to him to congratulate him on this article, before going on to read some of his other stuff, including an enlightenting mea culpa on being taken in by bogus hackers himself, echoing Mike@ABC's comments: writing accurate hacker stories is hard. Sadly, staying credulous makes your stories sound better ("hackers hold up banks with crypto") and no-one seems to notice the difference. Thanks for trying to stay honest.
--
Xenu loves you!
It's surprising how long it took for the print media to catch on to the fact that Antionline is full of it.
Once Vranisevich got himself quoted in the New York Times, all the rest of us media people saw him every time we ran a Nexis-Lexis (newspaper database) search on a tech issue. Since the New York Times is the PAPER OF RECORD, and never gets anything wrong, Vranisevich was now a Trusted Source.
But as anyone who reads their weekly Circuits section knows, the Times is no expert on tech issues. They get things wrong all the time--mostly little details that don't seem so important unless you are a rarefied expert in the field, but they do get them wrong.
And they, and the Washington Post, and a few others, really misjudged little Jon Vranisevich.
What is odd is that so few tech reporters seem to really follow the online scene closely. Antionline has been dismissed as a fraud by the hacker/security community at large at least since last year (lots of others thought he was full of it before that, I am sure, and yet the mainstream press kept quoting him.
Forbes has probably done us all a huge service here. Even if the NYT/WashPost/WSJ don't pay attention to Attrition/L0pht/Slashdot enough (yet), they do read Forbes.
\
Because unfortunately, most of the stories your paper runs from outside the local area are probably from one source (the AP collective). And because, like it or not, if the NYT or the WSJ or the Washington Post prints it, most reporters think something is true. And because if a newspaper prints it, the TeeVee drones dutifully put it on the air, minus 99 percent of the content and analysis. And because most of the media (probably including yours) is owned by gigantic evil mega-corporations obsessed with increasing shareholder value at the expense of their viewers'/readers' minds.
More importantly, though, your average local reporter knows a little about a lot, but a lot about only a little, of what she or he covers. That means we rely on experts, and I think too often, we anoint experts without really knowing too much about how much they actually know.
And I think using the Nexis-Lexis database to find experts is just about the WORST thing a reporter can do. Because that leads to the kinds of vicious spirals that turn idiots like Vranesevich into spokesmen for things they know little or nothing about. We should spend a little extra time and find our own experts by researching the field we report on, talking to the relevant players, and figuring out who they respect.
This is an interesting discussion, so don't be offended by my self righteous tone. I sometimes rely on these anointed experts too, but I wish I didn't.
[ps-this was already posted once, but somehow ended up in a completely different article]
\
Believe the people from attrition or don't belive them. But here's a text from fyodor, the creator of nmap. He reacts to the publishing of a Carolyn Meinel article in SCIENTIFIC AMERICAN. My god!!!
It's a shame that they didn't react, 2 months later one could read the article in the foreign "brother" newspapers of scientific american. I wrote an angry letter to them, but they insisted mrs. meinel had a good reputation in security circles.
I wonder why I have NEVER seen ANY information of her or her affiliates on bugtrag/ntbugtaq/comp.security.* . Argh, perhaps I'm just to idealistic to think there have to be some journalists who bother to get any information, but this makes me really angry.
Posted by Mike@ABC:
Before I start, a bit of a mea culpa: I used JP on my site, even did a profile on him back in March or April of '98. And back then, quite frankly, he wasn't a bad source. He had some good stuff, decent contacts, and was still interested in reporting on the hacker scene.
Then, early this year, he re-launched his site and adopted a new editorial policy. And I stopped calling him -- not because of his opinions, because he can do his site however he wants -- but in covering hacking, I need sources that will help me contact and understand the hacking community, not bash it. I want to leave the value judgements to the readers. Thus, I want to have actual hackers as sources, as well as real-world big-time security experts on the other side. Without slamming him one way or another, it's safe to say that JP is neither.
Covering hackers is hard. With a few exceptions, most hackers don't want to be found, and those willing to talk to media usually want a slew of protections. And of course, we in the media have to try to determine whether these folks are bonafide hackers, or just guys who hang out on IRC and play with downloads from last year's B.O. release. It's a tough call, and there are many of us who dropped the ball at one point or another.
As for this column, this was probably the safest way to cover the questions surrounding JP, PacketStorm, and the other controversies. Many journalists have looked into this at one time or another, but there just aren't enough people willing to go on the record to make it a straight news story. But a columnist, as someone writing an opinion piece, has a little more leeway. He must still write factually, but can put forth theories more readily that someone writing straight news stories. I'm glad someone was able to figure out how to report this.
And I wouldn't worry too much about the lawsuits. One could easily argue that by speaking to the media -- indeed, by seeking out news coverage -- JP has made himself into somewhat of a public figure when it comes to the hacking community. If someone slammed JP because of his personal life, then that would be grounds for a suit. But since he's putting himself out there as the expert, questioning that expertise in a public forum is more than appropriate. Of course, I'm not a lawyer...!
That's it. Hope the perspective helps. As usual, this is my opinion, not that of ABCNEWS.com, ABC, Infoseek, Disney, the Mouse, etc., et. al.