
How Secure Channels Attempted to Intimidate a Critic and Failed Spectacularly - tptacek
http://popehat.com/2015/09/04/how-secure-channels-attempted-to-intimidate-a-critic-and-failed-spectacularly/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Popehat+%28Popehat%29
======
spudlyo
Ms. Murphy's bio page describes her as a "guerilla marketing expert", and
perhaps that is what this is. If leveling ridiculous accusations at your
critics using obviously fake Twitter accounts is "guerilla marketing" than
perhaps I should look into it, because it sounds fun, and I've always wanted
to have a Director level title.

~~~
Piskvorrr
Gorilla marketing perhaps. "You say what gorilla no like, gorilla beat you
up."

------
RickHull
tl;dr - Dee Murphy, Director of Marketing for _Secure Channels_ , created an
anonymous twitter account in order to sling mud at at a prominent _Secure
Channels_ critic. However, one of Ms. Murphy's tweets from the anonymous
account was composed of a screenshot showing her original twitter profile and
a browser tab titled "How to take a screenshot on your Mac".

~~~
mistermumble
In addition, the product which is marketed as "unbreakable" and "unhackable"
technology, appears to be a rebranded version of someone's free product.
Further, it introduces a security flaw (the company hardcodes its gmail
account and password into the software, which is used for password reset).

~~~
jessaustin
Can we call such a clown convention a "company"? It seems they lack a degree
of seriousness that one might expect from a firm in which investors have
invested capital.

~~~
rdtsc
I think you overestimate the rationality of investors. Just because someone
has lots of money doesn't always mean they are clear thinking.

------
mfoy_
That screenshot was so outstandingly bad I almost want to believe that someone
elaborately staged the screenshot to make a Secure Channel exec look
incompetent... but Occam's Razor prevails.

~~~
logfromblammo
Let's not even get into how she tweeted a picture of the text of another
tweet, which is a rather _roundabout_ way of just retweeting something.

~~~
rev_bird
It's usually done to preserve a tweet that could end up getting deleted.

~~~
Nadya
Which is meaningless due to how easily screenshots could be doctored. It's no
better than "this is what they said".

[http://i.imgur.com/jcnkw71.png](http://i.imgur.com/jcnkw71.png)

Having multiple screenshots from multiple sources increases the likelihood of
legitimacy - but doesn't guarantee it. 20 people can easily get together and
doctor the same statement.

~~~
rev_bird
It's no more reliable than "this is what they said," but it adds a step to the
fabrication: I could just type random quotes and attribute them to a Twitter
account, sure, but it would take _effort_ to fake a screenshot.

~~~
eridius
For anyone who's passingly familiar with HTML and the web developer tools
built into modern browsers, it's barely more effort than "this is what they
said". In most cases it's literally right-click, Inspect Element, double-click
the html node and replace it with the contents of your choosing.

------
at-fates-hands
This should really serve as a lesson for startups on how _not_ get your name
out there.

In an industry (infosec) that's built on reputation and experience, you can't
just go into it and start running your company like the "Price is Right" and
offer all kinds of gimmicks to get people to buy into your product.

The way you win is to humbly hand over your source code to the community, have
them pen test it and then graciously accept any advice or flaws they point
out. Then work tirelessly to make it better and prove you take the people and
the other companies in your space seriously.

Infosec is no joke either and you shouldn't treat the people in the industry
like a bunch of idiots. This is a prefect example of a lifelong sales guy,
using worn out sales pitches to try and sell his product like an infomercial.

~~~
cbd1984
Anyone who needed that lesson but still wants to play in infosec is likely too
dumb or arrogant to learn from it.

------
jessaustin
I appreciated the comment on TFA from their former lobbyist. Those creatures
rarely crawl out from under cover, but apparently this one is really pissed
about not getting paid. I want to give NIST the benefit of the doubt on this
one and assume that the "deal" he cites was actually just, "we'll call you,
sometime, we promise!"

------
scrapcode
I almost feel bad for Murphy. This is super embarrassing "icing on the cake"
of a situation that shows incompetence in not just technical ability, which I
would think could be expected from an executive at such a technically focused
startup, but marketing itself- which I would imagine is supposed to be her
expertise.

------
trimtab
"Unbreakable" worked for Oracle Corp, so why not "Secure Channels?" ;-)

------
crashedsnow
Omfg. That Android code sending the email using their gmail account was
unbelievable. I'd hate to think "real" security companies have cruft this bad,
but...

------
sp332
Could a mod get rid of the #wsa-endnote-1 at the end of the URL?

~~~
Sharlin
And the utm_* tracking query parameters...

~~~
Nadya
But then you can't have fun with them!

[http://www.stilldrinking.org/trolling-marketers-for-
profit-a...](http://www.stilldrinking.org/trolling-marketers-for-profit-and-
pleasure)

[https://chrome.google.com/webstore/detail/utm-
mangler/ngddln...](https://chrome.google.com/webstore/detail/utm-
mangler/ngddlnhlmdnjphddadgonpfhccgjhfji?hl=en&gl=US&authuser=1)

(The questionable one mentioned in the article was removed from the add-on.)

------
kelvin0
It's funny how the Titanic was deemed unsinkable. Every time someone calls
their shiney new think 'Un'-something, nature seems to conspire against them
:)

~~~
WalterBright
The Titanic was dubbed unsinkable by the press, not by Harland and Wolff nor
the White Star Line.

Driving a liner full speed into a stationary iceberg is not really the fault
of nature any more than having a tree jump out in front of your car :-)

The Titanic was actually one of the safest designs afloat in her time.

~~~
raverbashing
Well, if it had collided full speed with the iceberg it probably wouldn't have
sank

But yeah, the unsinkable was a good dose of press sensationalization

