To be fair, Mohamed Hassan did contact Samsung support and they didn't clear up the issue. In fact, I believe they may have even confirmed that there was a key logger installed! At that point his due dilligence has been done and he has confirmation. He doesn't need to do anything further than that. Shame on Samsung support for such a pathetic showing.
He did not fulfill his due diligence. Not if they're going to add this to the article:
"Mohamed Hassan, MSIA, CISSP, CISA is the founder of NetSec Consulting Corp, a firm that specializes in information security consulting services. He is a senior IT Security consultant and an adjunct professor of Information Systems in the School of Business at the University of Phoenix."
If they're going to pass him off as an expert, then he better be doing analysis that a normal lay-man can't do. If he has the credentials, then why is he basing his claim off of a conversation with low-level customer support?
They have experienced difficulty regarding the rates at which students receiving Federal Financial Aid graduate - i.e. their issues are based on low graduation rates and not based on being a diploma mill.
They have also received criticism for the large number of loan defaults, and lobbying to change how the loan default statistics are calculated to make their numbers look better (at least according to Frontline). Same program also mentioned private for-profit schools account for a quarter of all student aid in the country, a disproportionally high number since they are not a quarter of our schools.
Public universities have large numbers of lobbyists serving their interests as well.
UoP had about 400,000 students at the time the Frontline piece was produced - that's seven Ohio State Columbus's [http://www.osu.edu/osutoday/stuinfo.php] so number of schools is not perhaps the best measure.
Rightly or wrongly, because UoP has open enrollment they admit more students who are eligible for Federal Financial Aid than most schools because of the population they enroll.
And nothing in the Frontline piece accused UoP of being a diploma mill as was implied by the prior comment to which I responded. A criticism of their business model is a different indictment altogether.
Not sham degrees, exactly. They require the absolute minimum level of educational achievement necessary to edge over the fuzzy line between a diploma mill and legitimate education. Students go to UoP to get a piece of paper that helps their career and that they would generally be incapable of acquiring at a real university, while in exchange UoP is there to milk the students for every federally-guaranteed loan they can qualify for.
Students go to UoP to get a piece of paper that helps their career ... while in exchange UoP is there to milk the students for every federally-guaranteed loan they can qualify for.
However, using Hassan's affiliation with UoP as a means of questioning his qualifications is a bit of a stretch. Given the rate at which bricks and mortar universities churn out graduates with advanced degrees for which there is little employment opportunity on physical campuses, online schools like UoP wind up as the best available option for new MS's and PHD's with an interest in teaching such as Hassan particularly those with one foot in the commercial world.
It's worse than that. The whole article was a fluff piece rambling about his awesome credentials and comparing the discovery to the discovery of Sony's rootkit and was written to create hype rather than show concrete evidence. And why needlessly break the article into two parts except to garner page hits?
The money quote:
>The findings are false-positive proof since I have used the tool that discovered it for six years now and I am yet to see it misidentify an item throughout the years.
It boggles the mind how a founder of security consulting company can be so clueless. But most of HN and the tech news site like Slashdot fell for this with completely knee-jerk reactions, so I guess I am not surprised and the people behind his fiasco got the publicity they wanted. And remember HB Gary?
I am sure this hoopla would've cost Samsung some real damage in sales and they might be considering legal action. As Churchill said:
"A lie gets halfway around the world before the truth has a chance to get its pants on."
But yet they said yes... I wonder if I call them up and ask, "hey, Samsung CS, did you guys install a flurb-yulb-gumbler on my new laptop?", will they say, "yes, we use those to violate your privacy."
It was still incredibly disingenuous and dishonest. There is no way any person of reasonable IT knowledge would go to tech support for information on engineering decisions. He was fishing for confirmation and he got it - I have strong doubts about Mr. Hasan's intentions when he contacted support.
He did talk to customer support, and once in a while, I'd rather have a false alarm (keeping it to the level of information, rather than lawsuits) now and then, than something like this actually happening and kept under the radar.
>To be fair, Mohamed Hassan did contact Samsung support and they didn't clear up the issue. In fact, I believe they may have even confirmed that there was a key logger installed! At that point his due dilligence has been done and he has confirmation. He doesn't need to do anything further than that. Shame on Samsung support for such a pathetic showing.
Extraordinary claims require extraordinary evidence. Especially when the person making claims is the founder of a security company. His due diligence consisted of things like "The software I used is false-positive proof since I am using it from 6 years". "I have done this on two different laptops with same results, so it must be Samsung's fault". Huh?
