[LINK] WARNING. I just received this ....

[James Morris]

On Fri, 12 Oct 2001, Adam Todd wrote:

> [snip]

Actually, a serious scam has been recently identified, and I know that we
can rely on Adam to communicate the following warning to as many people as
possible.


MEDIA/ONLINE SCAM WARNING

Issued: 15 October 2001, Link Institute.

NAME

Security Consulting Scam

DESCRIPTION

A person, typically representing himself or herself as a computer
consultant and/or security "expert", makes unsubstantiated and impossible
to disprove claims about a security flaw in a commonly deployed operating
system.

These claims may include an insinuation or "logical deduction" that the
security fault was deliberately implemented by the vendor.

The person may also claim unique knowledge of the flaw, and that he/she
cannot disclose any of this knowledge for a variety of reasons such as "it
is too serious", and "the vendor cannot be trusted".

These reasons may appear valid to some recipents of the scam, especially
those recipients who are not familiar with long standing procedures
established by the online community to deal specifically with such issues.

In some cases, the media may report the claims, adding to the credibility
of the scam, and creating an environment of fear, uncertainty and doubt in
relation to the product and/or vendor at business management levels.

The perpetrator of the scam may utilise confusion and controversy over the
issue to solicit paid consulting work in relation to the claimed security
fault or similar issues.


ENDS