Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Can't trust COMODO - An Update
From: Gunter Ollmann <gunter () ngssoftware com>
Date: Mon, 09 May 2005 18:02:00 +0100

Hi List,

An Update on progress with Comodo.

Firstly thanks to all of you who emailed directly with advice and disbelief on the way Comodo plagiarised/copied my work. I could only reply to a few of you at the time because the volume of replies was amazing (it would appear that many of you were disgusted at the audacity of Comodo).

To date it would appear that Comodo have made some progress in removing copies of their "Identity Assurance in a Virtual World" whitepaper from multiple locations on the web and have said that this would be achieved in another week. Unfortunately the same could not be said for receipt of an apology - public or otherwise.

I still fail to see how an international security company that bases their services and offerings on trust and integrity could think they could pull a stunt like that.

I have asked for a public apology, and strongly recommended that they make a similar apology to the security community. A copy of the email to Steve Roylance (and Comodo) is below.

Anyhow, thanks for all the support thus far, and I'll update you all should there be any further progress on this.



Email dated: 04/05/05 17:06 London
Hi Steve,

I have now had a response from my legal advisor concerning your unauthorised inclusion of copyright material from my paper entitled "The Phishing Guide" and publicly released in September 2004.

The offending paper, "Identity Assurance in a Virtual World" appears to be dated 21/02/05 and contains extensive copy/paste sections that have been stolen from my paper. This paper of yours, copyright 2005 Comodo Inc.', appears to have been uploaded to multiple Internet whitepaper repositories/sites in addition to the instance hosted on the Comodo www.vengine.com website.

Given the effort and original research that was required to develop "The Phishing Guide" content, I find it offensive and thoroughly unprofessional that you and your organisation would seek steal this material - not only failing to quote and reference the original source of the material, but carte blanche copy/paste of great sections of the paper.

In our very brief conversation yesterday, you agreed to remove all instances of the offending paper from public Internet areas within the next two weeks. From my perspective this includes all other repositories to which the offending paper has been submitted, and to take corrective actions that prevent it from being posted to any further sites in the future. As stated yesterday, no authorisation has been (or will be) given to incorporate content from my whitepaper(s) into any Comodo whitepaper.

Given the thoroughly unprofessional, unethical and illegal actions taken by Comodo, I expect a full formal - and public - apology. In addition, given the volume of personal responses from the security community that I have already received (ranging from offers to prosecute, existing Comodo clients wishing to express their displeasure, through to advice from Comodo employees), I would like to see you also post an apology to bugtraq () securityfocus com for what Comodo has done and reassure the community that this episode will not be repeated. I see no reason why these apologies cannot be made before the end of this week.

I would also advise you and your company to carefully review the content of any other whitepapers Comodo have produced in the past to ensure that other illegally copied material hasn't also found it's way into them - particularly if the same authors have been involved in their publication.

Awaiting your apologies,

Gunter Ollmann

----- Original Message ----- From: "Gunter Ollmann (NGS)" <gunter () ngssoftware com>
To: <bugtraq () securityfocus com>

Hey List,

For a company that supposedly provides "Anti-fraud protection" and "identity
assurance" - why do they clearly plagiarise someone else's copyright
whitepaper material and present it as their own work?  So much for a
"security company" you can trust.

As many of you are aware, I produced a whitepaper mid-2004 called "The
Phishing Guide" (http://www.ngssoftware.com/papers/NISR-WP-Phishing.pdf)
that covered in detail the phishing threat and reviewed some defences. It would now appear that COMODO (http://www.comodogroup.com/) in their infinite
wisdom think they can repackage the paper as their own work by calling it
"Identity Assurance in a Virtual World"
(http://www.vengine.com/pdfs/identity_assurance.pdf - dated 21/02/2005).

I can assure you that I never gave permission for their recycling of my
material.  In fact I'd never heard of them until someone researching
Phishing pointed out that COMODO illegally copied my paper.

The paper appears to have been "written" by Steve Roylance - Technical
Marketing Director (and the PDF details also refer to him).

Has anyone on the list had similar experience with them?

What should the next step be?

  By Date           By Thread  

Current thread:
  • Can't trust COMODO Gunter Ollmann (NGS) (May 02)
    • Message not available
      • Re: Can't trust COMODO - An Update Gunter Ollmann (May 09)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]