As somebody who works in the industry, I'm hardly surprised by this, although ~99% is pretty crazy. There seems to be a much higher percentage of snake oil/pretend vs. real deal in security than other industries. There are some really, really smart people, and then there's this vast horde of people who've remembered a list of buzzwords and not much else. I guess that's partly because it's so easy to get away with not producing any actual results since they are so hard to quantify--at least when kids with Metasploit and Sqlmap aren't out to get you :)
Bold statement coming from the author: 'All modern computer program languages use what is known as an "object oriented" model, which means code is designed to be modular--like swappable, repeatable, spawning objects.'
None of these authors have been published by any respectable publisher. I doubt any are in use as textbooks. The whole premise of this article is flawed.
It's amazing to see that guy still going. I remember seeing a PDF of his first book which was, if I remember correctly, largely a bunch of pasted unix man pages for various security tools and bits and pieces of guidebooks from the linux documentation project.
This was probably 10+ years ago so I don't want to make any judgements about his work now. If he has carried on as he started it's hard to believe he has managed to make a following for himself.
I guess if you publish enough stuff over a long enough time people come to see that as evidence of credibility.
Should I state the obvious that, when you're looking for textbooks, it's important to choose a reputable publisher? They're suppose to catch stuff like this.
A decent number of the non-self-published ones seem to come from Course Technology PTR, which is moderately respectable. They do have something of a reputation for not being too rigorous or selective, but until now I hadn't thought of them as having a bad reputation, just a bit of a shamelessly commercial one. They rush out large numbers of textbooks on recent technologies, of mixed quality, but some are good. Apparently their reviewing could use some improvement, though.
On a recent contract for writing e-learning materials I had an editor who was herself a subject expert going over the words, references and the actual pedagogic design. Then I had the multimedia team suggesting changes and sequencing the material.
I'd say the original writing was 40% and the response to editing was 60%.
PS have a look at the image they used on the top of the article... I've got an embarrassingly large number of those books...
Hmm, interesting. That level of detail is fairly uncommon for academic publishing from what I know, though I am not too experienced myself. When someone like MIT Press publishes a book, the way I've heard the process described is that three external academic reviewers will give high-level feedback and make publish/don't-publish recommendations, and then one MIT Press editor not necessarily expert in the area will do layout/stylistic/copy/flow editing. But partly that's because they have a line to walk between providing real editing and quality control, but also providing a not-too-filtered platform for authors to put out their own views.
I would hope that extensive plagiarism would be caught by one of the academic reviewers, though.
Though with Course PTR it's probably more just lack of per-book resources. When you're rushing to get out a book that amounts to a manual for XNA 3.1, and you put out dozens of those books a year, there's only so much detailed editing you can give it.
Could you imagine the honesty that could be conveyed by Anonymous authoring such a book?
You would not only get correct info of how to secure a network or server but also such good advice as how to be a good cyber corporate citizen and how by not being a dick corporation pays dividends..okay part of this is sarcastic yes..
I think a lot of people overestimate the capabilities of Anonymous and the like. Surely there are probably a few in there ranks that actually do know what they're doing, but most are going to be script kiddies, or even lower (basically a human powered botnet operating the LOIC).
I think that what Anonymous does teach us is precisely why it is important to be a good cyber citizen, for all the bad media that will come up if you anger the hive. There's actual security lessons too (you actually need to make the effort to try and eliminate the low hanging fruit, to have security in mind from the beginning, to factor in the risks of a large data loss or defacement).
I think that book could be written by many people in the infosec world, as the details are already public and the attacks are not that sophisticated. The thing is that there are already lots of "best practices" that are not being followed that allow a lot of these hacks to happen. It's true that you may never be confident in how secure or insecure you are, but if you aren't doing the basics (using frameworks that help take care of the basics of things like SQLi, XSS, and CSRF vulns), then you're already behind.
