How Not to Start an Encryption Company

[InfoSec News <alerts () infosecnews org>]

http://krebsonsecurity.com/2015/08/how-not-to-start-an-encryption-company/

By Brian Krebs
Krebs on Security
August 18, 2015

Probably the quickest way for a security company to prompt an 
overwhelmingly hostile response from the security research community is to 
claim that its products and services are “unbreakable” by hackers. The 
second-fastest way to achieve that outcome is to have that statement come 
from an encryption company CEO who served several years in federal prison 
for his role in running a $210 million Ponzi scheme. Here’s the story of a 
company that managed to accomplish both at the same time and is now trying 
to learn from (and survive) the experience.

Thanks to some aggressive marketing, Irvine, Calif. based security firm 
Secure Channels Inc. (SCI) and its CEO Richard Blech have been in the news 
quite a bit lately — mainly Blech being quoted in major publications such 
as NBC News, Politico and USA Today — talking about how his firm’s 
“unbreakable” encryption technology might have prevented some of the 
larger consumer data breaches that have come to light in recent months.

Blech’s company, founded in 2014 and with his money, has been challenging 
the security community to test its unbreakable claim in a cleverly 
unwinnable series of contests: At the Black Hat Security conference in Las 
Vegas last year, the company offered a new BMW to anyone who could unlock 
a digital file that was encrypted with its “patented” technology.

At the RSA Security Conference this year in San Francisco, SCI offered a 
$50,000 bounty to anyone who could prove the feat. When no one showed up 
to claim the prizes, SCI issued press releases crowing about a victory for 
its products.

[...]

--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/