.

Infosec Institute plagiarized course material from Corelan.be

<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Sun Oct 30, 2011 1:07 pm

Infosec Institute plagiarized course material from Corelan.be

CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
<<

p0et

User avatar

Full Member
Full Member

Posts: 197

Joined: Thu Nov 02, 2006 4:38 pm

Location: Victoria, Canada

Post Sun Oct 30, 2011 1:25 pm

Re: Infosec Institute plagiarized course material from Corelan.be

Whoa!  That's horrible.  It sucks that because of this, Corelan hasn't published any tutorials in the last year.  We're all suffering here... I'd love Corelan to get publishing more tutorials soon.  :)
GCIH, Security+, Network+, A+, MCP, DCSE
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 570

Joined: Sat Apr 17, 2010 12:12 pm

Post Sun Oct 30, 2011 1:29 pm

Re: Infosec Institute plagiarized course material from Corelan.be

Very concerning. Especially since they offer a nice bounty if their material is found to have been stolen....

Anyone think it would be worth anything for me to contact them?

(And FYI, ive never heard of Corelan, who are they?)
sectestanalysis.blogspot.com/‎
<<

pseud0

User avatar

Recruiters
Recruiters

Posts: 210

Joined: Sat Nov 17, 2007 8:26 pm

Location: Detroit, Michigan

Post Sun Oct 30, 2011 2:09 pm

Re: Infosec Institute plagiarized course material from Corelan.be

Just... ouch.  It always sucks to see an organization with a relatively good reputation pull something like that.  It's like finding out Santa isn't real.
CISSP, CISM, CISA, GCIH, GREM, CEH, HMFIC, KTHXBIROFLCOPTER
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Sun Oct 30, 2011 2:25 pm

Re: Infosec Institute plagiarized course material from Corelan.be

There's more here as well: https://www.corelan.be/index.php/2011/1 ... s-a-crime/

I sent a small donation, because they (the company that stole the content) should've at least asked for permission to use the tutorials on the Corelan website, as it's pretty much copyright protected.

SephStorm wrote:Anyone think it would be worth anything for me to contact them?

(And FYI, ive never heard of Corelan, who are they?)


If you have evidence, information, etc., then it will always be worth contacting them. All of their members are very friendly, and also very knowledgeable.

Corelan is a team of enthusiasts and professionals, where most if not all of them are very good with Exploit Development, and for instance, mona.py is one of the greatest addons for Immunity Debugger that they've made. (And that is just a small portion of all the work they've done for the community.)

They've been around for quite some time, and a lot of their members also participates in other projects, some are even in the Exploit-DB team, so if you've been around an offsec domain, then you've somewhat met a Corelan member too, at least in some sense that may sound strange  :)

Without Corelan, there wouldn't be a natural, reliable and good source of exploit development tutorials, and of course a lot more. The amount of content and value they've added to the community is enormous, so of course they must protect their copyright  :)
I'm an InterN0T'er
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 570

Joined: Sat Apr 17, 2010 12:12 pm

Post Sun Oct 30, 2011 2:36 pm

Re: Infosec Institute plagiarized course material from Corelan.be

Thanks for the info, I meant contacting ISI... ;)

Realistically, the word probably hasnt gotten around in the US, hence the resources section is still available here. And I know for a fact that the CEPT class is still available, I dont know if they are using those materials. (Also a good test would be for someone to take the CEPT, see if that copyrighted material is still in there.)

In any case, if I call to express my concern over purchasing products from a company that willfully engages in infringement, and isnt willing to reimburse the individual who was wronged... and of course, it would be my duty to inform others of this...

Thoughts?
sectestanalysis.blogspot.com/‎
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Sun Oct 30, 2011 3:33 pm

Re: Infosec Institute plagiarized course material from Corelan.be

SephStorm wrote:In any case, if I call to express my concern over purchasing products from a company that willfully engages in infringement, and isnt willing to reimburse the individual who was wronged... and of course, it would be my duty to inform others of this...

Thoughts?


I think it's up to you, but I'm unsure how much good it would do, except making them aware that their customers are worried about this, which lowers their public relations image.

If they have stocks and it becomes a general issue I'm sure they will drop though  :o But the best thing to do, would be to find out if they're still actively stealing content or not, and then report it to the rightful owner(s).
I'm an InterN0T'er
<<

r2s

User avatar

Newbie
Newbie

Posts: 49

Joined: Thu Sep 16, 2010 6:14 pm

Location: USA

Post Sun Oct 30, 2011 4:18 pm

Re: Infosec Institute plagiarized course material from Corelan.be

What a shame  :(
In progress: OSCP & GXPN (June)
"Silence enables the sound to be" - Eckhart Toll
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Sun Oct 30, 2011 11:40 pm

Re: Infosec Institute plagiarized course material from Corelan.be

Wow. I was about a hair away from starting to write for them in support of their portal revamp. Glad I decided to drop by before bed. Sent an email off telling them thanks, but no thanks, and a few more to warn off some other folks that I know. Plagiarism != cool.  >:(
<<

infoseci

Newbie
Newbie

Posts: 18

Joined: Tue Nov 02, 2010 4:12 pm

Post Mon Oct 31, 2011 9:52 am

Re: Infosec Institute plagiarized course material from Corelan.be

Hey guys, this is a totally ridiculous slander and defamation of our company. We have the upmost respect for copyright law and would never wish to harm another member of the information security community. 

Let's review the facts as they really are:

1. We hired a contractor to create some courseware for us for this course. Part of our contract, a very important part, is that we require totally original works, and do not allow for copyright violations. Any such violation is cause for termination of the contract and any associated damages. Unfortunately, this contractor basically copied all of the information from that site.

2. When we found out about this situation, we refunded everyone that took that class or offered them full credit towards another class. We also terminated the contractor and looked into legal options for suing for damages. We chose not to sue, as the cost and time spent doing this seemed to outweigh the benefits. We would rather concentrate on delivering great training instead of suing people.

3. When we were alerted via the various legal notices, we offered to issue a public apology as well as pay $5000 to the offended parties. Even though it was not us, but one of our contractors that did the infringement!! They rejected this.

4. We invite a lawsuit or to settle this in the courts, as we have a signed agreement that shows we did not do the infringement, and made a really good effort to make this right (via a public apology and paying $5000).

In short, yes, this is a bad situation. In hindsight, we should have checked to make sure this work was not copyrighted. But, we made a mistake, as everyone does in life, and the important thing is we tried to the right thing here. We offered to make a public apology and pay $5000 but they rejected it.

If there is anything we should be doing differently here, I would be open to suggestions.
<<

pseud0

User avatar

Recruiters
Recruiters

Posts: 210

Joined: Sat Nov 17, 2007 8:26 pm

Location: Detroit, Michigan

Post Mon Oct 31, 2011 1:43 pm

Re: Infosec Institute plagiarized course material from Corelan.be

infoseci,
  Out of curiosity, where have these details been posted besides this forum? I'm not trying to nit-pick, I'm honestly asking because I haven't seen any of these details released to the public yet.  If there is an official method your organization is using to respond to these allegations please pass along those notes so we know where to go and get your side of the story.  If there is no such platform yet, then maybe you should reconsider wagging your finger at the community for not understanding your point of view.  At the moment this is a matter of perception that is being weighed in the court of public opinion, and because of the (apparently) blatant facts that have been released in the last few days it can't be much of a surprise that the current opinion of the community is running against you.  If the Infosec Institute means to manage the message on this issue, then they should get a coherent, complete, and reasonable explanation out in a hurry.  You asked for recommendations so, off the top of my head:

-Peter has gone out of his way to document his communications with you, grievances, and legal proof of his allegations.  He then made these publicly available.  You could do the same.  Currently it seems like your organization went incommunicado on the issue, and that vacuum isn't helping perceptions.  If you've actively been working through this then show it.

-The "it was a contractor's fault" response is going to be a rough road if you decide to take it.  You might find some legal coverage by playing that card depending on your contracting and the skill of your lawyers, but within the security community I'd expect more blowback than forgiveness.  You don't just trip and accidentally copy an entire (massive) work from a well known individual, do a crtl-f find/replace for names, and build an entire course around the material without someone within your organization noticing.  That just doesn't pass the scratch and sniff test.  For many of this it sounds a lot like one Mr. Gregory Evans. (http://www.amazon.com/How-Become-Worlds ... 0982609108)  Please explain how this made it through all of the expected reviews/planning/etc that would go with building a course without someone in your company realizing what was going on.  Otherwise, are you stating that you simply bought, without any review, the product of a contractor and immediately started selling/teaching the material?  Do you do this with all of your materials? Have you initiated a review of all of your other course materials to make sure this isn't systemic?

-A quick check of your website shows that the CEPT certification course is still being offered. It also shows that the course includes "9 domains". Are these the same 9 domains that were in the course previously?  Meaning, are you still offering the same course with the same material that is the source of these allegations?  Your posting seems to imply a significant amount of due diligence was performed after you were informed of the plagiarism... did that not include removing the course from your site? Are you still making money from Peter's material in any way?  If not, then explicitly state the current status of the course and material.

Again, this is just a response to your request for suggestions.  If you've already answered these points in some other format then please let us know where.  A quick review of your website doesn't seem to show anything.
CISSP, CISM, CISA, GCIH, GREM, CEH, HMFIC, KTHXBIROFLCOPTER
<<

Ignatius

Jr. Member
Jr. Member

Posts: 91

Joined: Sun Mar 22, 2009 9:51 am

Post Mon Oct 31, 2011 2:58 pm

Re: Infosec Institute plagiarized course material from Corelan.be

I'll preface this with "I am not a lawyer" ..

1.  Peter's legal representatives in Belgium and the US have sent letters to Infosec Institute but there is no indication of any response from them, hence his indication that he might wish to escalate matters.

2.  As there was a third party contractor who was responsible for creating the handbook, I am not sure who would be responsible in the event of legal action in view of an alleged infringement of copyright.  My "gut" feeling is that Infosec Institute will be the target of any action and I suspect that they, in turn, could take action against the contractor.

3.  Peter's papers are well known.  I am surprised that the material was not recognised by those responsible at Infosec Institute for delivering the material on the course.  I assume that they are/were instructor-led, rather than self-directed learning.
<<

infoseci

Newbie
Newbie

Posts: 18

Joined: Tue Nov 02, 2010 4:12 pm

Post Mon Oct 31, 2011 3:36 pm

Re: Infosec Institute plagiarized course material from Corelan.be

Thanks guys for the advice! Here is a response we have put officially on our blog:

http://resources.infosecinstitute.com/t ... ery-story/

To clarify here, this website material was used ONCE for ONE run of the exploit writing class. Not our advanced/cept class. The class had 7 students in it, and all were refunded and credited. Those guys have spent the last two years trying to contact people in our other classes all the time to find other times it was used, and you can bet if they did they would be writing it all over the place.

Even though it is not "legally" our fault, we have offered to make a public apology as well as pay $5000 to peter. I think this is a fair response, but we will take what you have said to heart.

Seriously, all these guys want is blood. Nothing else.
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 570

Joined: Sat Apr 17, 2010 12:12 pm

Post Mon Oct 31, 2011 7:53 pm

Re: Infosec Institute plagiarized course material from Corelan.be

At this point, I dont see any negative or bad party in this. As I suggested, my though is that ISI and the Copyright Holder need to reach a settlement. period. Once communication has been established, then we should step aside and let the process go forth.

(I do think it is excellent that we were able to get some action on this. I wish the best for both parties concerned.)
sectestanalysis.blogspot.com/‎
<<

WCNA

User avatar

Full Member
Full Member

Posts: 187

Joined: Wed Mar 02, 2011 8:05 am

Location: Florida

Post Tue Nov 01, 2011 8:20 am

Re: Infosec Institute plagiarized course material from Corelan.be

Just a thought- When you stick you're name on something and sell it, you are responsible. If I slap some stickers on a book over the authors name and start selling it as my own, I am responsible.

The simplest solution is just pay Peter's lawyer costs and give him access to review your current course. You've already apologized. Then go after the original culprit for the losses. That case is a slam dunk. If he has any sense (which is doubtful considering his past actions), he'll settle . If not, his check will be garnished for quite a while.

The damage to your company's reputation grows by the day and it would behoove you to nip it in the bud.
ISC2 Associate, WCNA, CWNA, OSCP, Network+
Next

Return to General Certification

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software