Delete an_open_letter_to_journalists.md

master
Eloi Vanderbeken 7 years ago
parent a6fee75177
commit 5e2281f411
  1. 137
      an_open_letter_to_journalists.md

@ -1,137 +0,0 @@
It seems that some journalists don't take the time to read my slides, to do some researches or to ask for details.
I don't want to lose more of my time so here is an e-mail exchange with [@R_Chirgwin](https://twitter.com/R_Chirgwin) that resume my feelings/what you should know.
If you have any comment, feel free to fill an issue.
First exchange on twitter:
```
@R_Chirgwin You don't need to reset anything to have a shell... Read this article http://arstechnica.com/security/2014/01/backdoor-in-wireless-dsl-routers-lets-attacker-reset-router-get-admin/ … or this one: http://thehackernews.com/2014/01/hacking-wireless-dsl-routers-via.html …
@elvanderb Thanks, I'll take another look.
@elvanderb Of course, you could always correct me directly by e-mailing me. It's easy to find, and I don't have to rely on third-party info.
@R_Chirgwin didn't find your e-mail.
RT @elvanderb: didn't find your e-mail. rchirgwin at http://sitpub.com and you're the hacker in this conversation and there's Google.
@R_Chirgwin I could have search your e-mail and you could have search mine to ask some precisions. I'm not the one writing articles here.
@elvanderb I'm quite prepared to be civil. You now have my e-mail. Feel free.
@elvanderb Oh, hang on. That bit was identified as my own interpretation - "it seems". Please, happy to be corrected…
@elvanderb …but you couldn't bother to find me to correct me. >sigh<
@R_Chirgwin OK. You don't understand anything. Nevermind. You're ridiculing yourself, please stop.
@elvanderb Suits me. My contacts are easy to find, and you want me to cite other writers instead of yourself. That counts as lazy.
@R_Chirgwin Of course I'm lazy. I'm not paid for this job, YOU are. I was kind enough to report you your errors, I was clearly wrong.
@elvanderb I invited you, with e-mail, to explain. You continued with public insults and complaints. I read the slides. Tell me or STFU.
```
OK, lets mail.
```
Hi,
You are the one insulting me.
You said: "there's google"
I know, I just don't want to lose my time, I've a real job you know? And you could have use it to search some more informations (some tweets where I give more informations or where I correct other journalists, some articles well written) or my e-mail / the github account if you wanted to ask some questions.
You are the one being lazy here, not me.
You said: "Oh, hang on. That bit was identified as my own interpretation - "it seems""
Do you mean I'm unable to read an article?
2 sentences :
- "In particular, the backdoor allowed him to brute-force a factory reset without providing a password – meaning that on his next login, he had access to everything."
- "However, the hack published by Eloi Vanderbeken at github, here, resets devices to factory default, enabling a remote attack without the password."
I don't see a "it seems" in those sentences. They are all wrong. I was blindly trying all the possible commands (13) to find what they did by looking at the output. It happens that one command reset the router back to factory. Others give you a direct shell or the router's complete configuration. All that is documented both in my slides and my PoC.
You said: "but you couldn't bother to find me to correct me. >sigh<"
No. I couldn't. I have a job, and a life. I wasn't paid for this job, YOU are paid to write articles. When I make huge errors in my reports, I do not insult my clients if they report them to me. I say "thank you, I'm sorry" and I fix them.
For the >sigh< part... you don't deserve any response.
You said: "Suits me. My contacts are easy to find, and you want me to cite other writers instead of yourself. That counts as lazy."
I don't want you to cite anybody. I want you to read reports that are well written and that were corrected after I took the time to report some errors (not all the errors though... there is still some VanderbeCken...).
You said: "Tell me or STFU."
wow, so respectful.
Now I'm losing my time - again - to correct you. I'm tired of so called tech journalist that are unable to read reports or write correct articles. You are not the first and probably not the last but you're the only one to be such disrespectful when I take the time to inform you that your article is plain wrong.
Happy new year!
Eloi
```
Answer:
```
Eloi,
1. Is the "factory reset" actually wrong, or is it merely incomplete? If it's wrong, direct me to why. If it's incomplete, fine, I'll take my stripes. Either way I'm happy to correct with the facts.
2. Since you can't find the "it seems" here is the quote:
It seems to The Register that at least this vulnerability doesn't permit a silent attack: if an outsider ran the code against someone's router, the crash and resulting reset to default passwords would at least alert the victim that something had happened
Note that this is labelled ("It seems") as my interpretation. I'm truly happy to be corrected, and I'll be corrected in public. But really, this could have been resolved privately.
And yes: I will stick with the idea that if you can't bother Googling my name, posting a comment in the story, or looking for me - then it seems like you wanted to slap me in public as the first response, rather than seeking a civil correction.
Now: if you'll provide your own text to correct me, rather than pointing to other outlets to instruct me, I'm happy to write up an update to the story.
Richard Chirgwin
The Register
```
/me to Richard:
```
I saw the "it seems" sentence, I'm pointing you two other ones, completely wrong, where there is no "it seems". Do you really think I'm not able to read an article?!
If I wanted to slap you I'll have create a public answer in my github account and I'm seriously envisaging this possibility now. My notice on twitter wasn't aggressive nor disrespectful. You were.
> Now: if you'll provide your own text to correct me, rather than pointing
> to other outlets to instruct me, I'm happy to write up an update to the
> story.
Are you kidding me?!
No, I'll not write your article. The details I gave are sufficient.
Eloi
```
Answer:
```
Eloi,
I'm asking you to tell me, with your details rather than others, where I'm wrong. I'm happy to post your complaint and your refusal to explain. I have asked a question, and you can refuse to answer if you wish.
By the way: your attitude is the exact exemplar of what's wrong with hacker culture. You don't deign to explain to outsiders. I'm an outsider asking for explanation.
RC
```
/me to Richard:
```
The people will decide. I'm going public.
I answer all your questions in my previous e-mails :
"I was blindly trying all the possible commands (13) to find what they did
by looking at the output. It happens that one command reset the router
back to factory. Others give you a direct shell or the router's complete
configuration. All that is documented both in my slides and my PoC."
What else do you need?
> By the way: your attitude is the exact exemplar of what's wrong with
> hacker culture. You don't deign to explain to outsiders. I'm an outsider
> asking for explanation.
I didn't see any asking I didn't already answer. And as I said, people
will decide. """hacker culture""" might no be perfect but at least it is
open :)
```
I didn't want to lose my time writing this but I'm pissed.
Loading…
Cancel
Save