Attrition is an information security-related website, updated at least weekly by an all-volunteer staff. Until 21 May 2001[1], Attrition maintained the largest mirror of defaced (or cracked) websites available on the World Wide Web. The defacement mirror has since ceased updating.
Often incorrectly described by journalists as a site for hackers, Attrition is actually a privately owned and operated hobby-site operated by Brian Martin with a variety of information available, including movie and music reviews, poetry, and security tips covering topics like forensics, data theft, advisories, and incident response. The "Going Postal" section, some of the more interesting emails the staffers get are posted, sometimes with humorous responses by the staff, often at the expense of the recipients.
Exploiting the ignorance of others is a common theme in attrition.org's dark humor throughout the website. One example of this involved the setup of Todd Shriber, who attempted to "hire" the attrition team to hack into his former university to change his grades. He was sacked from his job as a Republican communications director due to the incident.
The attrition.org website was hacked and defaced itself in 2001; site owner Brian Martin commented that he could not be held accountable to the same standards he held security companies accountable to, since he was not running a security service.[2] The owner has since started offering a security service.
Owner Brian Martin goes by various aliases on his website, including Jared, Jericho, Jared E. Richo, and security curmudgeon.
In 2001 attrition.org was given a cease and desist order by lawyers of MasterCard for supposedly posting distasteful parodies of the now-famous "Priceless" advertising campaign, which violated copyright law. The original parodies have since been removed from the website.
Since updating of the defacement mirror has ceased, the staff has focused on the "Errata" section, which is devoted to pointing out inaccuracies, omissions and other problems with mainstream media related to computer security and hacking. Additionally, staff members publish opinion pieces such as "Security Rants" pointing out problems with the computer security industry.
Attrition will frequently publish pages, or devote entire sections of the site, to topics the staff feel deserve extra attention. Examples include "Cisco: There is no fixed software for this issue," "The Open Source Vulnerability Database," "Security Advisories," "Negation," regarding John Vranesevich and Antionline.com; "Shame," regarding Carolyn Meinel.
Attrition formerly hosted several electronic mailing lists relating to information security, such as InfoSec News. It also maintained the Data Loss Database, which records the data breaches at companies.[3]
In addition to his involvement with DataLossDB.org, attrition.org founder Brian Martin is currently President of the Open Security Foundation, a non profit that seeks to monitor, report, and maintain historical archives of security flaws and incidents.