Yesterday I wrote about the odd press release from the Internet Security Foundation and the apparent conflict of interest between a foundation pointing out flaws in software (in this case, Windows) while at the same time promoting its own related software.
Today I received a response from the founder of the company that registered the site, Alex Konanykhin of KMGI. Konanykhin may be familiar to some readers as the Russian entrepreneur and former banker who fled his homeland and has since faced a long legal battle in the U.S. over extradition on embezzlement charges. Konanykhin subsequently set up KMGI to sell web advertising services and software. Earlier this year the National Republican Congressional Committee chose him as their New York Businessman of the Year.
After reading your reaction to our news release in your blog posting, I realized that it was a mistake to limit our Internet Security Foundation site to the discussion of the password vulnerability and not include a page on what compelled me to establish the Foundation.
He says his motives for setting up the foundation were entirely motivated by realisation that users did not understand their passwords in Windows remained vulnerable even if they were concealed by asterisks:
We researched this issue further and found that 86% of Internet users believed that the passwords hidden behind the asterisks are securely protected. As we opined in our press release, this false perception may result in criminals and terrorists unlawfully obtaining passwords of unsuspecting Internet users, gaining access to bank records, and other private information such as bank accounts. So, I urged Microsoft to fix this security hole (even thought it would kill our revenues from sales of SeePassword), but Microsoft refused to do it.
I was surprised by Microsoft’s position which leaves hundreds of millions of Windows users at risk of identity theft. So, I felt compelled to fight on – and founded the Internet Security Foundation. I allocated a significant portion of our proceeds from sales of SeePassword to informing computer users about the grave but largely unknown risk they are facing. The press release you received was the first step of this campaign which, I hope, will minimize the risks to the Internet users.
After reading Konanykhin’s response to my earlier posting, I’m persuaded that he did not intend to mislead the public or conceal his company’s relationship to the foundation. I think this is more a case of someone inexperienced in the importance of ensuring all interests are plainly visible to the public. That said, I think Konanykhin needs to move quickly to implement his promise to add a page of explanation to the ISF homepage, something that has yet to happen at the time of writing.
In matters of Internet security and privacy, there are enough snake-oil salesmen, piles of skewed or self-serving ‘research’ and bad guys masquerading as good guys for users to be understandably suspicious about the motives of anyone raising alarm bells while simultaneously offering solutions.