Writing is hard – I get it. Tech writing is hard – I get it. Tech journalism is hard, especially when you need to translate complex technological issues into prose that the common reader (depending on your demographic) can understand. Writing about security for TidBITS and Macworld for the past 6 or so years has been an amazing educational experience as I have had to learn exactly how to walk this tightrope and explain things like memory parsing vulnerabilities and ASLR to consumers.

So it’s hard. But that isn’t an excuse for irresponsible shoddiness or laziness.

Then I saw this on Twitter today:

Don Reisinger at CNet published an article today that essentially accuses one of the stalwarts of the security industry of engaging in illegal activity. Gordon Lyon, also known as Fyodor, wrote nmap (among other accomplishments). He reposted an older Full Disclosure email by some researchers who created a botnet out of over 400,000 Internet connected devices.

Reisinger? He read that post, assumed Fyodor did the work, wrote an article about it without fact checking or interviewing anyone, and in that article stated that Gordon hacked those devices for “benign research”.

But that would be very illegal. And Fyodor had nothing to do with it. Reisinger wrote his article based completely on a repost of an email to Full Disclosure.

That’s lazy, shoddy, and irresponsible. Don might be a good guy, and might mean well, but he needs to learn that this sort of ‘journalism’ isn’t acceptable. CNet needs to require at least some semblance of responsibility from their writers. Look, we know half the stuff posted on most tech sites today is rewritten press releases or single-sourced ‘interpretations’ of someone else’s blog post or article (without any additional analysis, which could make it fine). But an article like this actually meets the legal definition of libel (rough guess on my part).

I work with some amazing online writers. I have seen inside publications, and know how the editing process works. You can do better CNet, and plenty of other organizations manage to do so while remaining profitable.

Update: Fyodor posted a response to the article with a perfect quote:

Since he found the full-disclosure post on my mailing list archive site, clearly I must be the hacker :). This has got to be the most bone-headed CNET move since they released the trojan Nmap installer on CNET Download.com.