The current hot topic in the news at the moment is Mohamed Hassan writing an article for Network World claiming that Samsumg laptops arrive pre-installed with StarLogger. StarLogger records every keystroke made on your computer on every window (including passwords), it captures screen-shots and can email those results to third parties. A couple of days after the publication of the article, it was de-bunked as a false positive from GIF Labs anti-virus application VIPRE. False positives are expected whenever one uses heuristic algorithms to monitor behaviour, so you can’t really blame the anti-virus company for that. The aspect of all this that concerns me is the author of the original article Mohamed Hassan. The top of the original article lists a pretty impressive set of qualifications that Mohamed Hassan has.
MSIA, CISSP, CISA graduated from the Master of Science in Information Assurance (MSIA) program from Norwich University in 2009Let’s take a look at the qualifications: Source: Master of Science in Information Assurance program information from Norwich University website:
The Master of Science in Information Assurance (MSIA) program provides students with a comprehensive exploration of the information security life cycle and its growing importance to an organization in achieving its strategic and tactical objectives. Knowledge and skills students gain from the program will enhance their capability as information security practitioners; will support their growth toward upper management and executive positions such as chief information security officer (CISOs) and chief risk managers; and will enable them to promote best practices through effective communication with C-level executives.Source: International Information Systems Security Certification Consortium, Inc
Certified Information Systems Security Professional If you plan to build a career in information security – one of today’s most visible professions – and if you have at least five full years of experience in information security, then the CISSP® credential should be your next career goal. It’s the credential for professionals who develop policies and procedures in information security. The CISSP was the first credential in the field of information security, accredited by the ANSI (American National Standards Institute) to ISO (International Organization for Standardization) Standard 17024:2003. CISSP certification is not only an objective measure of excellence, but a globally recognized standard of achievement.Source: Wikipedia
Certified Information Systems Auditor (CISA) is a professional certification for information technology audit professionals sponsored by ISACA, formerly the Information Systems Audit and Control Association. Candidates for the certification must meet requirements set by ISACANorwich University (Northfield, Vermont, U.S.A) looks like [from their website] a standard military university established in 1819. Quite impressive! And yet with all these qualifications, he writes an article on what a £29.95 piece of software tells him and nothing else. If he had open the now infamous
c:\windows\SLdirectory he would have seen that it didn’t contain the StarLogger application because any security consultant worth his salts could have identified what that looks like. It’s nice to see that his $50,000 education didn’t go to waste. Samsumg have been very quick to tackle this libel, but mud sticks and they will probably unduly suffer because of this.