From InfoSecurity, “the number One in Europe”

April 28th, 2009 by Vladimir Katalov

We never thought that our participation would bring such kind of trouble (or at least a disappointment).

Monday early morning we came to prepare our stand and apply our wallpapers (yes, we do it ourselves, sort of team building :) ). Practically, everything went smoothly, except for the fact that the organizers did not fix our company name board, electricity was not there and finally – we have got less space than we ordered (and paid for) because wall panels were not constructed properly. But after all, [almost] everything was fixed. Unfortunately, we have not made any pictures, but here is how it should look like (by design):

Click to enlarge

Next morning (the first day of the exhibition) we came to our booth in advance (about half an hour before the exhibition opens). And what we have seen? Two persons (from Reed Exhibitions, the organizers of this event) removing one of the wall papers from our booth – the one that said that we’re doing PGP password recovery. Moreover, we were not able to get the clear answer why they’re doing that, except the fact that “PGP Corporation complained”. And the reference to some “regulations” we still have not seen. We asked for some official paper (act?) about our “violation”, and still waiting for it. When (if?) we’ll get it, we’ll scan it and publish here.

Fortunately, we had the camera handy, and so made several photos of this “process” (removing our wall paper). Organizers (Reed) did not like that, too, and tried to hide their faces from the camera. But they failed, so you can see them now (and the whole “process”):

Click to enlarge

Click to enlarge

Click to enlarge

Click to enlarge

Click to enlarge

Click to enlarge

Click to enlarge

Click to enlarge

Click to enlarge

Cliick to enlarge

Click to enlarge

So we had to put the following note here (fortunately, on one panel only):

Click to enlarge

Click to enlarge

Only two hours later, they (Reed Exhibitions Group Event Director) came to our booth and asked to remove this note. Oops, sorry: not asked, just removed. Without explanation. Well, the explanation was: we have the right to do anything here.

What are they (PGP) scared about? I don’t have an answer. Do we say that PGP protection/encryption is not secure? No we don’t. But we DO say that PGP passwords can be cracked – if they are not selected carefully. But if PGP people cannot explain that to their clients – this is not our fault.

Update: see What does "The only way to break into PGP" mean?


Tags: , , , , ,

Sign up for free ElcomSoft Password Recovery Software newsletter

29 Responses to “From InfoSecurity, “the number One in Europe””

  1. LeoD says:

    Perhaps the objection was your claim that it is the *only* way to break into PGP, when there are others?

  2. sandro gauci says:

    It scares me that such companies (like Reed) are organizing security conferences when they have no idea of the security industry.

  3. It is not being insecure but the ‘dog and pony show’ of Elcolmsoft which do have good products, but at the peril of using FUD to sell something is not acceptable. Thus I have to agree with PGP. Similar a question ‘Do you still hit your wife?’ the respondent do not have any answer that suffices. Any attack on any product has to be dealt with appropriatly.

  4. I have to agree with Sandro Guaci, companies (like Reed) are in for the ‘dog-and-pony’ show only. Security is a distant second.

  5. P says:

    Maybe it’s because:
    1- you’re not providing a way to break into PGP
    2- anyone can write a script to do password cracking, and lots of people provide such tools, commercially or otherwise (yours might be good, no idea, but it’s in no way “the only”).
    So the panel *was* inaccurate and misleading (and willingly so, I would say). All the rest is about methods, they should probably have told you so that you could remove it by yourself.

  6. Alberto Rivera says:

    Here’s a good article that brings certain things to light:
    http://tech.yahoo.com/news/pcworld/20090429/tc_pcworld/pgpcomplaintforceselcomsofttochangeboothdecor

    The article seems to fairly represent all three sides of the argument (Reed, ElcomSoft & PGP Corp). Reed is just there to make sure everybody is playing nice, I am sure if ElcomSoft had some complaints about PGP “claiming” to defeat ElcomSoft’s attempts on their marketing Reed would no doubt do the same for ElcomSoft as they did for PGP.

    Besides, a lot of people already know ElcomSoft software is a cut above the rest. The only other marketing styles left to promote it are all bad yet hard to ignore. Example: “Would-be Hackers use ElcomSoft to crack through PGP” Now that is newsworthy! ^_^

  7. Adam says:

    Looks to me like:

    1. Deliberate damage to someone else’s property without their consent
    2. Intention to permanently deprive them of that property.

    So that’ll be criminal damage and theft. Ring the Met, or even arrest Malcolm Wells until a constable can arrive.

    Your marketing message is obviously rubbish but that’s no excuse.

  8. Mort says:

    “The one that said that we are doing PGP password recovery” Thats not what the sign said. It said “the only way to break into PGP”. The fact that you can

  9. Mort says:

    “The one that said that we re doing PGP password recovery” Thats not what the sign said. It said “the only way to break into PGP”. The fact that you cant even use the real verbiage in your commentary of the events says volumes.

    Oh and this isnt Rodney King. Harassing some guy with a camera who is just responding to the “controversy” your marketing department elicited is just lame.

    Try acting more like a professional whose company has something to offer the security community and less like a 15 year old who got his iPod taken away.

  10. Alice says:

    Try cracking this…. Good Luck!

    qANQR1DDDQQJAwJ2inKnDh+drpTSZAESpBe96hJ0QthcVYPfYUJUYsxVsbXtdVgs
    YWt5vX5w293cOOFBDZZH1geb+ENKysaMlgeFTUBvFD/adDVJZr3foQBICaEoQsDp
    NqivandPKE8jumTzlKl7roOijCRIV6O1eig=
    =q9/K

  11. Colin says:

    Hey, that’s what you get for false advertising. I wish they would have kicked Elcomsoft out for that. It is false advertising if you really know security products/methods/protocols, otherwise call it ignorance. Unfortunately events like InfoSecurity are conducted by vendors’ employees who typically have no idea what the hell they’re selling (i.e. marketing folks).

  12. carina says:

    You’ve been deliberately inflammatory with both the poster and the article.
    Your behaviour is petty and unprofessional.

  13. Nik says:

    I can se PGP’s point; perhaps if you’d put “The fastest brute force attack on PGP” they might have put up with it, albeit begrudgingly.

    It’s a shame as your other material on your PGP “cracker” has been quite balanced, pointing out that the crypto is secure but identifiying the (genuine) weakness of dumb passphrases and the benefits of a fast tool for auditing it.

  14. Data says:

    The poster reads “The only way to break into PGP(registered)

    This is exactly what you call deceptive marketing. Any password can be cracked if not carefully selected. That is not a problem with PGP, its the problem with choosing passwords.

    >>>>>>>What are they (PGP) scared about? I don

  15. Newt says:

    Highly unprofessional signage — tantamount to false advertising — by Elksoft but the event organizer over-reacted. Are we getting the whole story here? What kind of influence does PGP have, that they precipitate this drastic measure w/o Elksoft being consulted?

  16. GRR says:

    SHAMEFUL!. Let your money do the talking and boycott them next year.

  17. Johnny says:

    there are other slogans like “there is no better way to fly” which arent adviced neither. so why should your slogan be adviced?

    Maybe PGP fears people not to buy there products just because there unable to explain. The smaller the brain, the less they talk….sorry for pgp!

    Great Job here. like to read on!

    Thx

  18. Jenson says:

    Well, looks like the took you serious, anotheer sign of lacking profession: in the security world you simply do not sellby FUDD. So it is obvious that Elcomsoft is not (realy) targeting the professional security market. They sell XLS Crackers and “Windowsian” John the Rippe like Software. Nothing you wont find as freeware or can make your self (like libssh… okay no cuda but thats just another consumer argument -> Copacobana/FCPGA is still far above Cuda…).
    Anyhow PGP seems to have lost the focus as well, you can figure that out by comparing user complaints 5-6 years ago with those recently seen: still the same: no reliable WORKING Outlook Integration, no USERFRIENDY setup, no meaningfull logs but plenty of strange DLL’s interfering with VPN/Netfilter software.. Gee I use PGP, I dont need VPN :-)

    So just a boring story of marketing worriers fighting on the turf of technical nihilism.

    -BR J

  19. boo1999 says:

    In my personal opinion: this is kind of “not right” to tell in public about the issue and do business on it :) What is difference than in compare to the “hackers groups”? Did you do a discussion with the software vendor first? Sorry, but It was not clear from the blog message. However, what was clear that the PGP company have complained about your “initiative”. Is there should be exact “regulations” to do or not to do something for you? :) :):)

  20. Trentf says:

    It looks like PGP spends more money with Reed and someone at PGP threatened to cut back. Organizers will do almost anything to keep big spenders happy.

  21. mrschwarz says:

    The majority of the posts don’t take issue with anything, but the message. If the organizer took down every poster with non-factual advertising, I’m thinking the exhibit hall would look at little empty.

    Unless it’s their job to enforce truth in advertising, whether or not there are other ways to break into PGP are irrelevant.

  22. As much as I detest Elcomsoft’s business, I still think they are absolutely right in both pointing at the ubiquitous weaknesses and in insisting on their right to express their ideas.

  23. John Downey says:

    I have worked in technical marketing and have done so for many years. I’ve done a LOT of these shows.

    Whoever was responsible for the Elcomsoft booth posters should be fired. No ifs, no buts, fired.

  24. Actually, it was me :) . The idea (of the text on the poster) came from our designer, but I confirmed it. Sorry, but I cannot fire myself, as far as I’m co-founder/co-owner of the company ;) . Oh, and CEO as well…

  25. Hey Vlad I was responsible for that as well ;) and I think it was a wonderful experience in terms of everything and marketing too, it’s very close to sky-jumping in the sence that you suddenly realize what everybody is worth… I couldn’t wish myself a better company.

    John Downey, I’m really sorry for you and your many years in marketing :)

  26. Sergey Zak says:

    This incident looks to me like a clash of cultures. There’s just much less control over such stuff in Russia. We still have much more “rebel thing” alive. I wonder what Steve Jobs would say about such slogans…

  27. [...] Europe en Londres hicieron de los anuncios que Elcomsoft colocó en su stand con el eslogan “La única manera de entrar en PGP” y que tenían como objetivo difundir que su producto Elcomsoft Distributed Password Recovery ya [...]

  28. ebay clothes womens

    From InfoSecurity, “the number One in Europe” « Advanced Password Cracking – Insight

Leave a Reply