Maybe I’m getting too wary, but when I received a press release from something called the Internet Security Foundation, I wasn’t convinced. And I’m still not.
The email was provocative enough: The headline ran “Microsoft’s Policy Leaves Millions Open to Identity Theft; Internet Security Foundation Releases Free Protection Tool”. An explanation followed that users were vulnerable because they erroneously believed that their stored passwords in Windows were safe because they appeared in asterisks. “The truth is,” the release said, “that such passwords are not normally protected in Microsoft Windows and can be easily reviewed by using software like SeePassword (www.SeePassword.com).”
This is true. And a good point. But who is the Internet Security Foundation? The email suggested that I visit their website for more information about the foundation. I did, and all I found was one page, which was a virtual re-run of the press release. No ‘About’ page or anything, at least when I visited it. The only couple of links led to a download file, and to SeePassword, the software mentioned in the release and an external webpage which didn’t load at the time of visiting. So who are these guys, and is this for real?
I checked their whois data, which will at least tell me who registered the site. It was KMGI Corp., a New York-based advertising agency whose website design bears uses distinctive fonts — indeed the same fonts as the Internet Security Foundation. KMGI, I read elsewhere, is also a software company (although no mention is made on their website) and are the guys behind SeePassword, the software the ISF website suggests I use — “If you first need to look up any forgotten passwords, you can use SeePassword software available at www.SeePassword.com“. SeePassword, according to the PCMag article, costs $20.
Now I’m suspicious. Has KMGI set up a spurious foundation to try to sell a product? The only online references to the Internet Security Foundation I can find are in the NYT. But if you look closely at the story, there’s a correction at the bottom which corrects the reference to the organisation. “The group is the Information Security Foundation, not the Internet Security Foundation.” (If you do a Google search, such references are all to the NYT article.) So now I’m getting very suspicious. What is going on?
I tried calling the public relations number on the press release and left a message. If I get any clarification I’ll post it. But my feeling is: If this ISF is kosher, it should make clear who it is and its interest, if any, in a company that sells a product it recommends. And while pointing out the asterisk security issue is a good one, it’s not exactly a new problem. To me the whole thing smacks of promotional gimmick, rather than a clean and well-intentioned issue-raiser. But maybe I’m getting too wary.