Login

Tag Archives: Dan Goodin

16 Dec 2024

Ars Technica’s Dan Goodin Doesn’t Do Journalism and Instead Makes Up Override Mechanism Existing for WordPress Plugin Directory

As far as we are aware, Ars Technica is considered a reliable news outlet. That is despite having someone covering security, Dan Goodin, who has a long track record of making things up, and generally not doing journal aims. Unlike other “security journalists” who appear to have no academic background, according to his bio he has a Masters of Journalism from UC Berkeley.

In a recent story on a hacking campaign that involves a known problem with the WordPress Plugin Directory, he made this claim: [Read more]

9 Jan 2024

Password Strength Doesn’t Matter if a Hacker Knows The Password Because It Was Compromised Through Malware

This past week there was a spate of security stories claiming a high-profile attack had occurred because of a weak password. Take the headline of an Ars Technica story by Dan Goodin, ‘A “ridiculously weak” password causes disaster for Spain’s No. 2 mobile carrier.’ When it comes to WordPress websites, as well as other systems, weak passwords are a real threat, as attackers are trying to login using common passwords, also known as dictionary attacks. But password strength only matters if someone is trying to guess a password. Which isn’t what happened in that attack.

If you read through to the fourth paragraph of the story, you find out that it is claimed that the password wasn’t guessed, instead, it was compromised through malware: [Read more]

6 Apr 2023

Security Journalists Baselessly Claim Millions of WordPress Sites at Risk From Recent Vulnerability

Last week, a story about a recent fixed vulnerability in Elementor Pro from the news outlet Bleeping Computer was headlined with the claim that the plugin had 11 million installs, “Hackers exploit bug in Elementor Pro WordPress plugin with 11M installs”. In the body of the story, the author Bill Toulas claimed that the plugin is “used by over eleven million websites”. No source was given for the claim and a comment asking what the source went unanswered.

Contradicting that, an Ars Technica story from Dan Goodin claimed it is “running on more than 12 million sites”. The headline of the story also emphasized millions of websites, “Hackers exploit WordPress plugin flaw that gives full control of millions of sites”. Again, no source was provided for the claim. [Read more]

30 May 2019

Why Do Security Journalists Think That 47 WordPress Websites Being Exploited is Newsworthy?

We have a Google News alert set up to inform of us coverage of vulnerabilities in WordPress plugins to help us make sure we can provide customers of our service the best information on vulnerabilities in WordPress plugins. Mostly though this just reminds us of how poor most of the security journalism done is. Take something that came up today, security journalist covering 47 WordPress websites being hacked. No that isn’t a typo, that really is something that they are covering.

Help Net Security was fairly upfront about that, as near the lead of their story they stated this: [Read more]

15 Apr 2019

Ars Technica and Dan Goodin’s Idea of Good Faith (or You Can Find a Much Better Security Reporter Ars Technica)

While the news outlet Ars Technica seems to do good journalism in general, when it comes to security, at least with their writer Dan Goodin, you get the kind of poor excuse for journalism that is so much of security journalism. Five years ago over at our main business we happened to look at one of his articles  “Ancient Linux servers: The blighted slum houses of the Internet” and found that the basic premise of the article was false, as the hacked websites were not even all running Linux. That led to someone leaving a comment on the story that ended:

Step up your security report Ars. Or stop it altogether. The choice is yours. Or our choice should be not to read your security reporting. [Read more]