We don’t think too highly of the security industry, as among other issues, you have lots of people that don’t have the expertise required to be properly understand the security products/services they are providing and others that seem to have no problem engaging unethical behavior.  One of the problems that first issue causes is that you often have people simply repeating claims made by others, without knowing if what they are repeating is true (or seeming to care either). Often the original claim was made someone else that fits into at least the first of those two categories and not surprisingly the claim isn’t true. On top of that, as we have found in trying to correct misconceptions that are brought up to us when dealing with security issues on websites, this creates an echo chamber where the claims are more likely to believed because they are repeated over and over, despite being repeated by people that don’t have any idea if they are true.

While looking in to something recently, we came across a blog post by a company named Malware Expert from January 7, common.php (Object Injection Vulnerability in Backup & Restore Dropbox). When we went to make sure we had the vulnerability in our data set, we found that we did, but we also noticed that most of the ostensibly original content from the post (much of content is code from the plugin) was simply copied from our post on the vulnerability from December 15.  The content isn’t in quotes and there isn’t any mention of us in the post. At the very least this company doesn’t have a qualm about passing others content as their own, but it also raises questions as to if they have the expertise needed to understand what they are dealing with. Below is the version of relevant the text from Malware Expert’s post and then the original from our post. [Read more]