mailing list archives
Re: Can't trust COMODO - An Update
From: Gunter Ollmann <gunter () ngssoftware com>
Date: Mon, 09 May 2005 18:02:00 +0100
An Update on progress with Comodo.
Firstly thanks to all of you who emailed directly with advice and
disbelief on the way Comodo plagiarised/copied my work. I could only
reply to a few of you at the time because the volume of replies was
amazing (it would appear that many of you were disgusted at the audacity
To date it would appear that Comodo have made some progress in removing
copies of their "Identity Assurance in a Virtual World" whitepaper from
multiple locations on the web and have said that this would be achieved
in another week. Unfortunately the same could not be said for receipt
of an apology - public or otherwise.
I still fail to see how an international security company that bases
their services and offerings on trust and integrity could think they
could pull a stunt like that.
I have asked for a public apology, and strongly recommended that they
make a similar apology to the security community. A copy of the email
to Steve Roylance (and Comodo) is below.
Anyhow, thanks for all the support thus far, and I'll update you all
should there be any further progress on this.
Email dated: 04/05/05 17:06 London
I have now had a response from my legal advisor concerning your
unauthorised inclusion of copyright material from my paper entitled "The
Phishing Guide" and publicly released in September 2004.
The offending paper, "Identity Assurance in a Virtual World" appears to
be dated 21/02/05 and contains extensive copy/paste sections that have
been stolen from my paper. This paper of yours, copyright 2005 Comodo
Inc.', appears to have been uploaded to multiple Internet whitepaper
repositories/sites in addition to the instance hosted on the Comodo
Given the effort and original research that was required to develop "The
Phishing Guide" content, I find it offensive and thoroughly
unprofessional that you and your organisation would seek steal this
material - not only failing to quote and reference the original source
of the material, but carte blanche copy/paste of great sections of the
In our very brief conversation yesterday, you agreed to remove all
instances of the offending paper from public Internet areas within the
next two weeks. From my perspective this includes all other
repositories to which the offending paper has been submitted, and to
take corrective actions that prevent it from being posted to any further
sites in the future. As stated yesterday, no authorisation has been (or
will be) given to incorporate content from my whitepaper(s) into any
Given the thoroughly unprofessional, unethical and illegal actions taken
by Comodo, I expect a full formal - and public - apology. In addition,
given the volume of personal responses from the security community that
I have already received (ranging from offers to prosecute, existing
Comodo clients wishing to express their displeasure, through to advice
from Comodo employees), I would like to see you also post an apology to
bugtraq () securityfocus com for what Comodo has done and reassure the
community that this episode will not be repeated. I see no reason why
these apologies cannot be made before the end of this week.
I would also advise you and your company to carefully review the content
of any other whitepapers Comodo have produced in the past to ensure that
other illegally copied material hasn't also found it's way into them -
particularly if the same authors have been involved in their publication.
Awaiting your apologies,
----- Original Message ----- From: "Gunter Ollmann (NGS)"
<gunter () ngssoftware com>
To: <bugtraq () securityfocus com>
For a company that supposedly provides "Anti-fraud protection" and
assurance" - why do they clearly plagiarise someone else's copyright
whitepaper material and present it as their own work? So much for a
"security company" you can trust.
As many of you are aware, I produced a whitepaper mid-2004 called "The
Phishing Guide" (http://www.ngssoftware.com/papers/NISR-WP-Phishing.pdf)
that covered in detail the phishing threat and reviewed some
would now appear that COMODO (http://www.comodogroup.com/) in their
wisdom think they can repackage the paper as their own work by calling it
"Identity Assurance in a Virtual World"
(http://www.vengine.com/pdfs/identity_assurance.pdf - dated 21/02/2005).
I can assure you that I never gave permission for their recycling of my
material. In fact I'd never heard of them until someone researching
Phishing pointed out that COMODO illegally copied my paper.
The paper appears to have been "written" by Steve Roylance - Technical
Marketing Director (and the PDF details also refer to him).
Has anyone on the list had similar experience with them?
What should the next step be?
- Can't trust COMODO Gunter Ollmann (NGS) (May 02)
- Message not available
- Re: Can't trust COMODO - An Update Gunter Ollmann (May 09)