Your Fly Is Open

Netmenaces and Other Internet Stupidity

Steppin' In It

2021-04-18 4 min read hypocrites

For the most part, the target of this blog is security professionals.

I talk about all kinds of things… but, generally speaking, pretty much all of this stuff is, at the very least, security adjacent.

For some time now, I’ve been going on about the Associated Press. I’m deeply dismayed that the AP is selling legitimacy (via the AP brand) to organizations whose products are, shall we say, the tiniest bit questionable. For a fee, the Associated Press ("Since 1846, AP has done more than any organization in the world to expand the reach of factual reporting", according to AP President and CEO Gary Pruitt) will place a press release on their site that says… well… as far as I can tell, pretty much whatever you want it to say.

You read that right: it seems if some PR flack tosses it to the AP, they print it - editorial oversight, facts, and journalistic ethics be damned.

How else can you explain the cavalcade of skeevy, questionable advertisements masquerading as press releases that populate the AP’s website? There are psychics. There are herbal supplements targeted to treat everything from herpes to tinnitus - some even claiming to providing male enhancement. There are Canadian pharmacies. Finally, there are - my personal favorites - the essay / research paper writing services. (You know… Plagiarism ᴙ Us)

Personally, I’m outraged. Unfortunately, I seem to be the only one… This issue seems to be failing to gain much traction with my audience.

That’s my fault.

Psychics, term papers, and dietary supplements designed to fix those nasty herpes breakouts may be a bit outré for this crowd. I needed to find something to bring this story home, something that would make this concept relevant for the security folks who read this blog.

Oh man… did I find it.

Even if you can’t bring yourself to whip up a little righteous indignation over the Associated Press auctioning its reputation to skeevy term paper peddlers, maybe you’ll still find this a little triggering:

The Associated Press, “always committed to the highest standards of objective, accurate journalism”, winner of 54 Pulitzer Prizes (okay, a lot of those are for takin' pictures, but still…) is hosting paid content for Crown Sterling.

[So… let’s play a little game: only one of the links in the following paragraph is not a paid press release on the Associated Press website. Without hovering over them and checking, can you guess which one is an actual news article?]

Crown Sterling is a company that sells “the world’s first dynamic ‘non-factor’ based quantum AI encryption software”, “[u]tilizing multi-dimensional encryption technology, including time, music’s infinite variability, artificial intelligence, and most notably mathematical constancies to generate entangled key pairs." They know they’ve got something special. So special, in fact, that when they were roundly heckled during their Black Hat presentation (even though they believe they totally made the case for how special they are) they attempted to sue the people the people who booed them and the venue at which they were booed.

[Did you guess correctly?]

So, what’s it going to take? Crown Sterling is consistently derided by those in the security community. Seriously. The problem is, they talk a good game and throw around enough techno/crypto terms to fill your buzzword bingo card in one go.

That’s where the Associated Press and other folks willingly taking cash to publish whatever chum Crown Sterling’s PR machine spews out comes into play.

Selling technology, especially cryptography, should be based on technical merit. It’s far too easy for non-technical folks to fall for Crown Sterling’s schtick. Having their buzzword-dense press releases given credence by placement on the website of a company who claims “170 years [of commitment] to the highest standards of objective, accurate journalism” is a huge problem. Especially when, after 170 years, that company seems unwilling to exercise any editorial control over the press releases they get paid to publish.

-TL
Tom Liston
Owner, Principal Consultant
Bad Wolf Security, LLC
and
Senior Technical Engineer
Counter Hack
Twitter: @tliston
April 19, 2021