I just can’t seem to avoid controversy lately. This time Billy Hoffman decided to take a stab at something I am still befuddled by. He claimed Jeremiah Grossman and I re-presented a paper from 7 years ago. Wow, I think someone must have missed our talk and/or failed to read the paper completely. We only mentioned timing attacks in passing and in totally different contexts. Further, I’ve never once claimed to come up with the concept of timing attacks. In fact, quite the opposite. If he had read my blog carefully he would have seen that I fully admitted I had first read about the concept of it in Hacking Web Applications Exposed 2. Then in Billy’s best showdown lingo I am given the ultimatum to put up or shut up. Eesh.
So just to cover my basis in the off chance someone can figure out a way I have trampled all over the intellectual rights of any of the aforementioned papers, I hereby cite Paul Kocher and Edward Felton for the concept of timing attacks, and Al Gore and ARPAnet for the concept of the Internet and every other concept my attacks have been based on over the years. Rest assured, unlike some people in this industry I never steal research, and if I do so inadvertantly, I own up to it and publically retract. I’ve done so dozens of times on my blog whenever I find out I am in error, whether I find my error on my own or when it is communicated to me, and that’s not about to change. And if I know that I am getting awfully close to copying someone else’s work, I always find a way to make it clear that that is what I’m doing. For the record I have no problem with SPI Dynamics - as I’ve been meeting more and more of them I’m getting to know and like them, Caleb, Michael and Jeff are all great guys. Even though we’ve had our bumps in regards to who originally came up with JS port scanning, which I am well beyond done arguing about, I actually like some of the stuff coming out of that camp. Anyway, this post probably isn’t interesting to anyone - unless you just happen to be trying to publically disparage our work… or something.