Tag Archives: KMGI

Snake Oil? Public Service? KMGI Responds

Yesterday I wrote about the odd press release from the Internet Security Foundation and the apparent conflict of interest between a foundation pointing out flaws in software (in this case, Windows) while at the same time promoting its own related software.

Today I received a response from the founder of the company that registered the site, Alex Konanykhin of KMGI. Konanykhin may be familiar to some readers as the Russian entrepreneur and former banker who fled his homeland and has since faced a long legal battle in the U.S. over extradition on embezzlement charges. Konanykhin subsequently set up KMGI to sell web advertising services and software. Earlier this year the National Republican Congressional Committee chose him as their New York Businessman of the Year.

Konanykhin, in response to my posting and a request for comment, says he erred in not making clear KMGI’s relationship with the foundation:

After reading your reaction to our news release in your blog posting, I realized that it was a mistake to limit our Internet Security Foundation site to the discussion of the password vulnerability and not include a page on what compelled me to establish the Foundation.

He says his motives for setting up the foundation were entirely motivated by realisation that users did not understand their passwords in Windows remained vulnerable even if they were concealed by asterisks:

We researched this issue further and found that 86% of Internet users believed that the passwords hidden behind the asterisks are securely protected. As we opined in our press release, this false perception may result in criminals and terrorists unlawfully obtaining passwords of unsuspecting Internet users, gaining access to bank records, and other private information such as bank accounts. So, I urged Microsoft to fix this security hole (even thought it would kill our revenues from sales of SeePassword), but Microsoft refused to do it.

I was surprised by Microsoft’s position which leaves hundreds of millions of Windows users at risk of identity theft. So, I felt compelled to fight on – and founded the Internet Security Foundation. I allocated a significant portion of our proceeds from sales of SeePassword to informing computer users about the grave but largely unknown risk they are facing. The press release you received was the first step of this campaign which, I hope, will minimize the risks to the Internet users.

After reading Konanykhin’s response to my earlier posting, I’m persuaded that he did not intend to mislead the public or conceal his company’s relationship to the foundation. I think this is more a case of someone inexperienced in the importance of ensuring all interests are plainly visible to the public. That said, I think Konanykhin needs to move quickly to implement his promise to add a page of explanation to the ISF homepage, something that has yet to happen at the time of writing.

In matters of Internet security and privacy, there are enough snake-oil salesmen, piles of skewed or self-serving ‘research’ and bad guys masquerading as good guys for users to be understandably suspicious about the motives of anyone raising alarm bells while simultaneously offering solutions.

Well-Meaning Pressure Group Or Sleazy Promotional Gimmick?

Maybe I’m getting too wary, but when I received a press release from something called the Internet Security Foundation, I wasn’t convinced. And I’m still not.

The email was provocative enough: The headline ran “Microsoft’s Policy Leaves Millions Open to Identity Theft; Internet Security Foundation Releases Free Protection Tool”. An explanation followed that users were vulnerable because they erroneously believed that their stored passwords in Windows were safe because they appeared in asterisks. “The truth is,” the release said, “that such passwords are not normally protected in Microsoft Windows and can be easily reviewed by using software like SeePassword (www.SeePassword.com).”

This is true. And a good point. But who is the Internet Security Foundation? The email suggested that I visit their website for more information about the foundation. I did, and all I found was one page, which was a virtual re-run of the press release. No ‘About’ page or anything, at least when I visited it. The only couple of links led to a download file, and to SeePassword, the software mentioned in the release and an external webpage which didn’t load at the time of visiting. So who are these guys, and is this for real?

I checked their whois data, which will at least tell me who registered the site. It was KMGI Corp., a New York-based advertising agency whose website design bears uses distinctive fonts — indeed the same fonts as the Internet Security Foundation. KMGI, I read elsewhere, is also a software company (although no mention is made on their website) and are the guys behind SeePassword, the software the ISF website suggests I use — “If you first need to look up any forgotten passwords, you can use SeePassword software available at www.SeePassword.com“. SeePassword, according to the PCMag article, costs $20.

Now I’m suspicious. Has KMGI set up a spurious foundation to try to sell a product? The only online references to the Internet Security Foundation I can find are in the NYT. But if you look closely at the story, there’s a correction at the bottom which corrects the reference to the organisation. “The group is the Information Security Foundation, not the Internet Security Foundation.” (If you do a Google search, such references are all to the NYT article.) So now I’m getting very suspicious. What is going on?

I tried calling the public relations number on the press release and left a message. If I get any clarification I’ll post it. But my feeling is: If this ISF is kosher, it should make clear who it is and its interest, if any, in a company that sells a product it recommends. And while pointing out the asterisk security issue is a good one, it’s not exactly a new problem. To me the whole thing smacks of promotional gimmick, rather than a clean and well-intentioned issue-raiser. But maybe I’m getting too wary.