Vmyths.com



Hoaxes, myths,
urban legends

Columnists

Newsletter
signup


Addictive
Update
Model

False
Authority
Syndrome


About us

Computer
security
humor

Truth about computer security hysteria
Truth About Computer Security Hysteria

It's official: mi2g has no sense of humor

Rob Rosenberger, Vmyths co-founder
Sunday, 25 July 2004 Rob Rosenberger CAN YOU TELL the difference between a parody and a hoax? One computer security firm can't.
An un­known per­son wrote a parody of an mi2g alert. Every­body got the humor — except for the folks at mi2g. The CEO labeled it an out­right hoax.
Our longtime readers know about a firm called "mi2g" (correct spelling). Vmyths has exposed their many shenanigans dating back to 1999. Our website tops the list if you Google for "mi2g criticism" and we're #3 if you Google for "mi2g humor." mi2g has threatened to sue Vmyths for libel but has not yet made good on its threat. An unknown person parodied an mi2g alert with the headline "Wendy's drive-up order system information disclosure." I'll call it "the mi2g parody" for short. It's a straightforward parody — yet the folks at mi2g went ballistic over it. CEO & founder D.K. Matai (incorrect spelling) labeled it an outright hoax in a bizarre press release dated 20 July. It's not a hoax. It's a parody. PAIR-OH-DEE. Merriam-Webster's online dictionary explains the difference:
parody: a literary or musical work in which the style of an author or work is closely imitated for comic effect or in ridicule   hoax: 1: an act intended to trick or dupe
The key to a hoax lies in the word "dupe." The hoaxster wants to trick you into believing the story he weaves. The key to a parody lies in the word "comic." The comedian wants you to laugh at an absurdity. Just for the fun of it, I want you to read a story with the headline "Exxon perfects new method for turning seawater into fuel." Hoax or parody? Now read "Giant flashbulb to help Hubble telescope see even farther." Hoax or parody? Finally, read "Rumsfeld, Bush Sr. arrested for past ties to Saddam." Hoax or parody? When I saw the mi2g parody, I immediately recognized it as such. Vmyths cohorts Lew Koch and George C. Smith recognized it as a parody, too. InfoSec News moderator William Knowles tagged it as a parody when he forwarded it to his mailing list. "Real mi2g, fake mi2g, whatever, it had me in stitches!" Pete Simpson (ClearSwift) exclaimed "that is the best belly laugh I've had in the last decade." Everybody got the humor — except for the folks at mi2g. "It is clear that there is no purpose to it other than to smear reputation and cause damage," they huffed in a supposed "news alert." mi2g went on to slam a number of security sites by name, claiming "they did not control the content which they published, even when it was blatantly evident that the posting they were purveying was an obvious obnoxious hoax."
mi2g's anger ironi­cally adds humor to the parody. Read it first, then read mi2g's press re­lease. You'll laugh like a hyena.
A hoax? A hoax?!? Yeah, yeah, tell it to Exxon. Or tell it to Enron. Or tell it to ValuJet. Or heck, tell it to anyone I've parodied over the years.
I'VE GOT A number of parodies under my belt, you know. This mi2g parody is just like the one I wrote about raw sockets. It's just like the one I wrote about Symantec & McAfee. It's just like the one I wrote about OpenSSH. It's just like the one I wrote about cyber-terrorists. It's just like the one I recorded for the Department of Homeland Security. This mi2g parody is just like the dozens of headlines we carry from the folks at BBspot. (I love that DHS parody, by the way. Arguably one of my best audio efforts.) Just for the record: I didn't write the mi2g parody. Nor did George C. Smith. Nor did Lew Koch. Just for the record: none of us knows who wrote it and none of us has communicated with the author. Frankly, we want to know why the comedian didn't ask Vmyths to publish it. It is right up our alley, you know. mi2g's anger ironically adds humor to the parody. Seriously, folks — read the parody, then read mi2g's press release about it. You'll laugh like a hyena. Matai has a penchant for over-the-top rhetoric and he wailed in the press release in his trademark style. "These developments mean that any person or corporation can quite easily decide to launch a clandestine smear campaign against any brand in the world by bombarding appropriate bulletin boards and trusted forums with false information through free email accounts." (As opposed to Vmyths, which launches overt smear campaigns by bombarding the world with true information through commercial mailing list software. But let's not digress.)
Such hubris, from the same firm that got duped by the "Slammer jihad" hoax. {sniff} I love the smell of irony.
I almost blew a gasket when Matai said "these developments" prove you can dupe the masses with a free email account. "These developments"? Bah. He makes it sound like the idea just came to light when in fact we've known about it for years. In 1997, for example, a computer security magazine published my theories on how to panic the stock markets with an Internet hoax. Then Pairgain Technologies learned it the hard way in 1999. Then Emulex learned it the hard way in 2000. The hoax against Pairgain convinced them to disconnect from the Internet for over a month. The hoax against Emulex slashed more than $2 billion from their market value before stock trading was halted. What happened to mi2g as a result of a straightforward parody? They issued a bizarre press release. "Boo hoo!" Pairgain's hoaxster received a $93,000 fine and five years probation. Emulex's hoaxster received a 44-month prison sentence. What will happen to the author of the mi2g parody if he {ahem} gets caught? Absolutely nothing. "Boo hoo!" Matai makes it sound as if mi2g suffered like Pairgain and Emulex. "Boo hoo!" I swear, you can almost hear the violins weeping over mi2g's horrifying catastrophe. Ladies & gentlemen, the "Pairgain announcement" was a malicious hoax. The "Emulex announcement" was a malicious hoax. The "mi2g alert" is just a parody. PAIR-OH-DEE. As in "a literary or musical work in which the style of an author or work is closely imitated for comic effect or in ridicule." Clearly, mi2g cannot distinguish a hoax from a parody. {sigh} Did Matai fire spokesmodel Louise Selley? She had a sense of humor, I can tell you that.
MI2G CLAIMS THEY lodged complaints with "so-called 'security' forums" such as SecurityFocus, Insecure, Neohapsis, NetSys, C4I, and VulnWatch. "[These] sites have simply passed the buck by stating that they did not control the content which they published, even when it was blatantly evident that the posting they were purveying was an obvious obnoxious hoax." Such hubris, from the same firm that got duped by the "Slammer jihad" hoax. {sniff} I love the smell of irony. mi2g can't tell a parody from a hoax — and they innocently slandered a number of security sites as a result.
For the record: I didn't write the mi2g parody and I don't know who did.
Of course, when I say "innocently slandered," I mean mi2g defamed their "so-called" colleagues without evil intent. If mi2g had understood the concept of a parody, I honestly don't think they would have defamed security sites by name. I think they would've focused their anger at the anonymous author of the parody. Innocent slander happens all the time, folks. It happens here at Vmyths. Heck, I still wince at a very embarrassing event where I innocently slandered the folks at McAfee. I apologized out the wazoo for that one. An honest apology goes a long way in most cases and Vmyths goes out of its way to apologize for its errors. I wish mi2g would follow our lead with a public apolog-- Waitaminit, did I say "innocent slander"? I think I used the wrong word. Let's go back to Merriam-Webster's online dictionary:
slander: 1: the utterance of false charges or misrepresentations which defame and damage another's reputation 2: a false and defamatory oral statement about a person   libel: 1a: a written statement in which a plaintiff in certain courts sets forth the cause of action or the relief sought 2a: a written or oral defamatory statement or representation that conveys an unjustly unfavorable impression 2b(1): a statement or representation published without just cause and tending to expose another to public contempt
Richard Forno (InfoWarrior.org)
"How can [mi2g] credibly fore­cast billions of dollars lost from cyber­attacks, espe­cially from 'covert' ones the vic­tim doesn't know have oc­curred? One won­ders how much mathe­ma­tical mas­tur­ba­tion takes place when analyzing and gener­ating these numbers."
Aha! The key to slander lies in the word "oral." The key to libel lies in the word "written." mi2g published a press release, hence they committed innocent libel. My bad! Then again, I like the phrase "innocent slander" more than I like "innocent libel." If mi2g can use the wrong words interchangeably, then why can't I? I'll stick with "slander" if you don't mind. Time to place your bets. Do you think mi2g will take the high road with a public apology of any sort? History suggests they won't. To quote Sir Elton John, "sorry seems to be the hardest word" all throughout the computer security world. Now, I could point out incidents where Symantec, McAfee, and other computer security firms never apologized for their errors. But I won't. I'll just limit myself to mi2g — and I'll limit myself to errors in their 20 July press release.

[Continued in part 2]