May 28 2009

French expert gets duped, goes “nutty professor,” spouts hysteria…

McAfee dufus fails the test of logic (and fails to do his research) in a really bad way
No Gravatar

Let’s begin with a straightforward statement. McAfee expert Francois Paget got duped by a YouTube video, he went “nutty professor,” and he wrote a hysterical blog about it on McAfee’s official website (archived here).

And then, just for good measure, Paget touted a new McAfee product that can protect you from being duped— protect you from the hysteria he— protect you from the threat he concocted— oh, never mind.

It disturbs me that Francois Paget got duped so easily. Memo to Paget: click here.

Wired pundit Kevin Poulsen exposed Paget’s stupidity in a rather blistering story. Poulsen reveals a German “viral video” production firm conceived the “Blair Witch” script to promote (get this!) a conference for video gamers.

It disturbs me that Paget got duped so easily. A quick glance at the video stats reveal it’s been watched more than a million times in just the last half-year. Clue, anyone?

If this was a genuine SCADA attack, all the SCADA hype-meisters out there would have pounced on this video the very day it came out. Why, then, would Paget be the first expert to label it a SCADA attack a half-year later? How could he not realize this?

Did Paget do basic research to learn where this SCADA attack took place? No. Did Paget do basic research to learn which hacking group took credit for this SCADA attack? No. Did Paget do basic research to learn how this hacking group pulled off their SCADA attack? No. Did Paget do basic research to learn…

Hey, you know what I just did? I did some basic research on Paget for this column. “Basic research, Rob? That’s amazing!” Thanks for the facetiousness but, really, it was nothing. Anyway, I came across Paget’s LinkedIn profile (or at least a cleverly disguised hoax profile which, according to Paget, is as good as the original.) He’s worked at McAfee since at least 1993 when he—

—waitaminit, I just got an email from the Frenchman. It reads:

“Dear Rob, I heard that you work for the CIA. Can you give me some details on how NCIS agent Timothy McGee hacked into your CIA network so easily? TIA! All my love, Francois.”

Even worse for Paget’s stupidity level — you can watch the YouTube video in high def. That’s what we call “a subtle clue.” Al Qaeda’s movie studio couldn’t possibly match Hollywood’s infinite resources to produce HD video. Heck, you can’t even watch this staged remote-control diesel engine attack in high def.

(Hmmm. You know, I couldn’t have bashed Paget so easily if he’d used the diesel engine attack video. Lucky me.)

The production company calls it a “viral video.” Sadly, Paget got infected. And McAfee spread the virus through their official blog. Much to the production company’s delight, I’m sure.


Let’s run with this absurdity, shall we? Let’s pretend Paget got duped by the trailer for the new movie “Pontypool“:

Last week, I discovered a video posted on YouTube. We can see an entire town getting infected by a virus that spreads via the English language. Two guys having a conversation can spread the virus! I have some doubts about the technical aspects of a virus spreading through the spoken word. But fake or not, the video confirms that terrorists have got their eyes on lexicon viruses. Perhaps the first demo was just for fun, but the others will have less juvenile goals. An attack can involve nationwide damage, a terrible effect on the public’s morale, and huge financial losses. Modern language is more vulnerable than ever…

Or hey, what if Paget got duped by the movie “Eagle Eye“? Or what if he got duped by this episode of “Fringe“? Or what if he got duped by the movie “Fatal Error“?

It’s a “viral video.” Sadly, Paget got infected. And McAfee spread the virus through their official blog…

Or — good grief, what if Paget got duped by the new “Land of the Lost” comedy? “I have some doubts about the technical aspects of using tachyons to travel instantly through time and relative dimensions in space. But fake or not, this movie trailer confirms that terrorists have got their eyes on TARDIS machines…”

(“Uh, Rob. You mixed up ‘Land of the Lost’ with ‘Dr. Who.’” I did? Crud. I should have done basic research before I wrote that last paragraph. But no matter! Paget will agree with me that the Enterprise is the same as the Jupiter II and Joey from “Friends” was as good a starship driver as Sulu was in “Galaxy Quest.”)

Run with it, folks! Make up a parody of Paget’s blog and post it as a comment to this column. Or post it on your own blog and throw me a pingback. Let’s tear a pound of flesh out of this hysteria-monger.


If we follow Paget’s {ahem} “logic,” then the solution to our woes is simple. We just need to get McAfee to sponsor these horrific viral videos.

Seriously! If you’re a fan of the TV show “24,” then you know Cisco firewalls stand strong while everything else of a cyber nature collapses as part of a diabolical Hollywood plot line. The only reason Cisco firewalls are impenetrable is because Cisco sponsors the show.

So. By Paget’s {ahem} logic, if McAfee sponsored every SCADA attack video, then our problems would be solved!

“I have some doubts about the technical aspects of a firewall standing up to a SCADA attack just because McAfee sponsored the video production. But fake or not, those videos will confirm that terrorists cannot get past the security of McAfee software…”

You know what’s really sad about all this? Every absurdity in this column passes muster if we follow Paget’s {ahem} logic.

Folks, something bad is happening at McAfee. First David Milam goes insane; now Francois Paget. And I finally understand why.

Last week, you see, I discovered a video posted on YouTube. It shows how an entire company can get infected by a disease that spreads via the act of breathing. Two guys breathing the same air can spread the disease! I have some doubts about the technical aspects of a disease spreading this way. But fake or not, the video confirms that terrorists have got their eyes on making us suffer this disease…

Share
  • By FPagetNo Gravatar, 19 June 2009 @ 1:25 am

    After writing this blog, I discovered it is very difficult for a non native English guy to write a humorous post in another language than French.
    Yes, when I discovered this video, I found it was really very funny. The video remembered me an old post I never published, a post speaking about SCADA risks, but introduced by a flying soccer story.
    I decided to mix the both. I did not explain I do not believe an UFO is able to light off a part of a city, and I imagined the sentence “I have some doubts about the technical aspects of these light-show “attacks” on unprepared buildings” was sufficient to demonstrate I was not fooled.
    Reading your post (and some others) I made a mistake and I will stay more serious in the future.
    Francois

  • By Rob RosenbergerNo Gravatar, 19 June 2009 @ 7:08 pm

    Humor deserves a place in even the most serious corporate security blogs, Francois. But you’ve got to make it obvious in your case. Your column doesn’t even say “humor” or “parody” in your categories & tags. I encourage you to add those keywords. My very best to you!

Other Links to this Post