You have linked the word “hacker” to an instance of what most people would call normal security testing based on an unsourced article that’s otherwise uninteresting irrelevant to a blog about hackers.

Don’t get me wrong, in general I laud the idea of reporting chinese hacker news in english. I just don’t think this was chinese hacker news.

You exhaust me.

1) Show me one factual error in my summary of the article.

2) I find it really weird that you think it is impossible a Chinese company perfomed a security drill to test its defenses against hacker intrusion.

3) I do believe the article. Not because I have total faith in any reporting but it was reported widely enough to have credibility. Let’s reverse this bizarre little game, you prove the article is false. Do so and I will gladly remove it.

4) What the hell is this about pointing fingers at reputable software vendors? If your rant is about Sybase, I never said anything or implied anything about them. They happen to have a small blurb in their press release that gave some details about China’s information security infrastructure…that is all. There was never ANYTHING in the article (my summary or the Chinese) that said anyone had done ANYTHING wrong. Where in the world did that come from? Because the word hacker was used?

5) You seem to be the one who wants to editorialize this pretty insignificant post. You are the one who has made up entire meanings that have never been uttered.

6) Breath in through the nose and exhale slowly.

There is a fine line to be walked between informing the uneducated public and poking fun at what infosec veterans already know. The space between is where hatred of people without fault is bred, and that is what I beg you to prevent.

Half the new links are reproductions published after the NengYuan.net article and none of the others give sources, quotes, names of power company management, details about when it occurred, how it occurred, what the result was, or anything else that lends credibility to the 2/26 article you quote here to be interpreted as fact by your readers (if by no other virtue than the implied credibility of a 20 year army linquistics veteran who must certainly know the truth of this article).

I challenge you to print on what basis you trust the NengYuan article enough to point fingers at reputable software vendors in the same context, knowing full well the degree of State media control on such delicate matters as national infrastructure.

Yes, the title was sensationalized but that is what I wanted. You must have really hated my title for the seven-year-old wizz kid story.

Thought my summary of the article, NOT editorialized, pretty much made it clear this was internal testing. I guess rather than saying, “The personnel playing the parts of the hackers…” should have been “The Yili Power Plant personnel playing the parts of the hackers…”. Still, I don’t think it was that vague.

Sorry if you somehow came to the conclusion I was TWISTING the artcle to imply, “China invited anyone and everyone to ‘go for it’…”.

If you want more refs for this story, take your choice:

http://alertword.com/news/10304399/
http://www.sp.com.cn/xxhzl/xxhdt/200802290003.htm
http://www.clinux.org/node/41912
http://www.sgnews.com.cn/dwxw/xx/t20080228_51944.shtml
http://www.cnwep.com/ypnew_view.asp?id=45193
http://safe.zol.com.cn/83/831316.html
http://www.zhdl.net/n61645c130.aspx

Given that the majority of your readers are not likely to take the time to follow your link into China or to translate the article and read it for themselves, they have only your highly editorialized rendition from which to make a judgment about it’s accuracy.

The implication from your article is that China invited anyone and everyone to “go for it” on their data center servers, when in point of fact, the Nengyuan.net report is so vague, the “pen testing” contest could instead have been between ameri-euro security companies, not individuals, (and which frankly is what I would expect, given a highly reputable US-Sino company like Sybase smack in the middle of their infrastructure, and given current and previous contracts between China and France for securing the Olympic data centers, as an example.)

No supporting documentation, links, references, nothing, in the Nengyuan.net article. For all the reported facts, it is nothing more than heresay.

Here is the link for the 2006 CCW research you quoted, so people can learn more about the SG186 project than just a
press release from one (probably among many) vendors involved in it.

http://www.ccwresearch.com.cn/store/article_content.asp?articleId=7956&Columnid=215&view=#

Look guys, I know there’s a dire need to get Chinese infosec news into the English-speaking world, but let’s not add unnecessary drama to the mix, mmkay?

I endorsed this blog because of it’s reporting, not its editorialism. Prove it to me that this occurred! Give me documented facts, links, interviews with people who were there!

Disclaimer: I am a former infosec employee of Sybase, Inc. This commentary and any/all opinions of the author do not represent the opinions or business dealings of Sybase, Inc.

Wie gestern von The Dark Visitor berichtet wurde testen die Chinesen ihre eigenen Elektro-Kraftwerke auf Schwachstellen in Netzwerken und allem was dazugehört. Bilde sich jeder seine eigene Meinung, ich jedenfalls zweifle an das man mit nem 5 Jahrespl…