Yes, we should be skeptical of all news sources, but from my experience, traditional newspapers tend to consistently misreport information security news.
I personally only trust security blogs and Twitters operated by certain security experts when it comes to news about security. I have a list of about 30 or so experts I trust.
I know that's not really practical advice for a typical person, though.
I think the Guardian handled the retraction and apology as best they could, and they deserve props for that, but it seems the hit-miss ratio for infosec stories is very poor for most "mainstream" sources out there (as much as I despise the "MSM" term).
As an ordinary guy for whom IT security is just one of many topics in which I'm interested, what do you suggest? I can't follow 1000s of blogs that cover all my interests.
And how do I choose reputable blogs in the first place? Do I trust reputation on HN and Reddit?
In the end, sure some articles will get some things wrong. But I would like to see evidence that they get it wrong more often than any other general source of news.
A few of these can occasionally be biased when there's a political edge to something, but some others I trust: Moxie Marlinspike, Daniel Bernstein, Dan Kaminsky, Rob Graham, Thomas Ptacek, Michał Zalewski, @SwiftOnSecurity (semi-parody account, but trustworthy info), Tavis Ormandy
>An investigation by the FBI has concluded that Russian hackers were responsible for sending out fake messages from the Qatari government, sparking the Gulf’s biggest diplomatic crisis in decades.
>It is believed that the Russian government was not involved in the hacks; instead, freelance hackers were paid to undertake the work on behalf of some other state or individual.
They could've easily made the headline "FBI: Qatar hackers of Russian nationality". By making the first 2 words of the headline "Russian hackers", they're obviously trying to take advantage of the recent surge in reports over Russian state-sponsored hacking. Most readers who see that headline are going to assume they meant "Russian state hackers", until they read the second paragraph.
That said, I don't see any factual errors in the article itself.
I personally only trust security blogs and Twitters operated by certain security experts when it comes to news about security. I have a list of about 30 or so experts I trust.
I know that's not really practical advice for a typical person, though.
I think the Guardian handled the retraction and apology as best they could, and they deserve props for that, but it seems the hit-miss ratio for infosec stories is very poor for most "mainstream" sources out there (as much as I despise the "MSM" term).