Daniel Weis has been in the I.T. industry for 10 .. err wait, 13 years? Two days before this article, the about page on his blog read "... I have been in the I.T industry for over 10 Years ...". Writing the article today, I reloaded the page only to find that he magically gained 3 years of experience in 48 hours! Given that his first blog was April 21, 2011, this is not a case of him forgetting to update for three years.
His 'about' page says that he has recently moved "into the Security Realm, in particular Penetration Testing / Ethical Hacking". Obviously, the 'ethical' bit of his profession is in question given the material below. As with many people who appear on the Errata pages, he has plenty of certifications to back his extensive time-bending experience: A+, N+, Linux+, MCP, MCTS (4), MCITP Enterprise Administrator, Security+, CEH (v7), ECSA, LPT, VCP (4 in version 3,4 & 5), & VTSP. In addition, he has just "been accepted as an EC-Council Licensed Penetration Tester."
We were directed to his blog via a Tweet, in which someone pointed out that he lifted an entire blog from FishNet Security and posted it on his own blog. While Weis does include a small "source" attribution at the very bottom, it is important to note that he went out of his way to doctor the post to hide the original creditee. In fact, the two comments on his blog thank Daniel for the work, making it clear that attribution was not obvious or visible. Weis makes no effort to correct his readers either.
His first edit can be found in the first sentence. The original and Daniel's edits:
I (Tim Medin) do a good number of internal penetration tests...
I do a good number of internal penetration tests...
Weis strips out the original credit, where Medin used his name to clarify which member of the FishNet Security team was sharing his experience. Medin's entire signature at the end of the blog is also removed, replaced with a single word "source" that links to the original. This is intentional and misleading, and constitutes plagiarism. Even if you wish to debate the definition of plagiarism and fall back to the "source" link, then it is copyright infringement. Either way, Weis' actions are unethical and irresponsible.
This blog is one of many that have been lifted in full, only to be credited through the single word "source" link. In a few minutes, we found additional blogs that were taken in full and not credited properly:
|Weis' Blog||Original Source|
|Retrieving Clear Text Wireless Keys From Compromised Systems||PaulDotCom|
|Nmap Scripting Engine - Basic Usage||Penetration Testing Lab|
|Disabling Local Administrators through GPO on Server 2008||SecManiac / Dave Kennedy|