Tuesday, March 25, 2008

"Hacker Proof" Update 1

I thought I'd update my readers on the progress of the invitation I've extended to the folks over at Comodo (the "HackerProof" logo people). As of tonight, I've gotten no reply.

I'm going to try and contact them directly via phone/email tomorrow, since those folks obviously don't Google themselves much. Perhaps it's arrogant to think that a company has resources which research scour the web to find things being posted or written about their company (particularly on my blog) - but, it's been 5 days and I figured that by now someone would have responded. I mean, heck, even the ScanAlert CEO replied relatively quickly, even if his reply didn't defend his company ... at all.

Anyway - invitation's still open folks. I want to hear from you so I can report it to these fine readers! Look for emails/calls from me in the coming days.

Oh, as a sidebar, you can pop this quickie into your browser to find blog postings for these guys:


Anonymous said...

Hi Rafael,
great posting on this interesting topic! I researched this very case a few months back, and came to the same conclusion as you. I actually thought I had put a summary on my blog (and now I have spent 30 mins looking for it...gone by the wind, it seems). No loss for the rest of the world, though.
My research showed that, as you suspect, Comodo is simply scamming website owners. There is no security measurements, no proofing what so ever in their solution. This is nothing but a scam.
And as usual, who ends up paying for it? The Jane and Jon Doe's out there...

Anonymous said...

My name is Judy Shapiro responsible for corporate outreach. We do "scour" the online world -- your post though did not percolate into the Google-o-sphere until today (hmm -- something for you chew on :).

So, I will take you up on your offer to explain our strategy and philosophy and why the HackerProof is not a “scam”.

You kinda missed the fundamental difference between Comodo and ScanAlert that makes all the difference in the world. Unlike ScanAlert, Comodo is a Certification Authority. This is not just a “type of company” but goes to the heart of the matter. Our core business is all about online verification – of business identity, content and online shoppers. Our authentication infrastructure fully authenticates the identity of the business applying for HackerProof service. So we do not give the seal to any business who requests one. Rather, we use Web Trust authentication standards to ensure the identity of the business requesting the seal. In fact, our security business practices are audited every 4 months by KPMG to ensure compliance.

Therefore, the HackerProof is not a mere graphic device that may not mean much. Our HackerProof seal confirms; 1) the site is safe from vulnerabilities that hackers can exploit b) the identity of the business has been authenticated and verified and 3) that the site is worthy of a seal issued by a brand that over 100 people associate with security (this brand recognition is driven by our desktop security solutions used by millions of people worldwide).

ScanAlert does not have either authentication infrastructure or brand recognition of Comodo. And the differences don’t stop there. As you observed, online merchants have to be willing to risk money to see if the ScanAlert solution works to increase conversion. HackerProof gives you the seal for no cost (assuming you pass the verification and security audting process) until you see a 5% or more improvement in conversion. This is executed via an A/B split test model (also for free) whereby until the test cell with the seal outperforms the other test cell by 5% or more – the customer pays nothing. NADA. The only risk here is the time to set up the solution.

Comodo is all about creating trust online – for online merchants that means we enable them to create trust using different types of tactics, (e.g. a green indicator with EV SSL and/ or HackerProof), so online visitors will convert to customers. For consumers, we offer award winning desktop security solutions so they know they are safe from all the fraudsters out there.

In the end, Comodo is working on creating a Trusted Internet that works for both consumers and online merchants. We are not a one trick sales pony – but our vision allows us to be more practical and multi-layered to help business deal with the challenges of converting traffic into trusted transactions. ScanAlert is a narrow play that does not deal with whole internet ecosystem – online businesses and online visitors.

So take us up on our HackerProof offer and let your site results inform your opinion. In fact, if your site does well, I will happy to publicize it for you. Just drop me a line.

I welcome a dialogue as that is how we all help create a Trusted Internet for all.

Judy Shapiro