We learnt (by different security friends) that this CONRAD LONGMORE loves denigrating people, revealing their personal life for free BUT DON T LIKE THIS FOR HIMSELF. ;-) YES ! in fact he asked GOOGLE to remove his post from the results in the Google search. Crazy ! that our White security Knight don t like what he does to (some) honest people and companies to ensure the Buzz and traffic on his eCommerce Blog where he is still selling crap things that Have nothing related about security.
So here we are again guys !!
Earlier, in August we were informed by some partners of a strange post from a guy claiming being a "security expert". This dude called Conrad Longmore from a blog we never heard about (dynamoo), posted an article about Mobiquant Technologies. He maybe got his freeware antivirus warning him about a malicious javascript resulting of an infection on our hoster files. The strange thing here is fully about the behaviour of the guy claiming to belong to the security community. After 20 years in the sec arena we never seen a hacked victim behing blamed and denigrated having its website infected. What about the hackers? sure it requires a real true technical work. Not given to everyone.
We made a quick search about this unknown blogger.
[removed to avoid Google removal ]$
He is using a personal blog space on google blogspot, after apparently having tried several corp domain (www.Conrad-longmore.co.uk 404 error, no files) and a wordpress free space (http://en.wordpress.com/tag/conrad-longmore/ 404 error , no files).)
No company, no professional profile. Jobless or Yet another freelancer. Website : dynamoo.com seems to be a fake or outdated (last update 2003) website as many links are broken. Kind of blogsite quickly setup and stopped by this myserious guy.
We found some related facebook link :https://www.facebook.com/conrad.longmore , with a profile picture of a guy having a walk in the british countryside holding a bag with a kiddy puppet in the back :
and a twitter account with some strange twitts taking position for the [removed to avoid Google removal] community :
After having contacted the guy , our team did not have any answer from him.
Seems that this guy is using various ways to drive some traffic to his blog by denigrating different websites and people with no reasons claiming they are all hackers or malicious internets users and has already many enemies apparently:
This is clearly to make some business about mobile items sold on his web and by using this technique of degritation to do some buzz ( audience is poor) he is selling mobile accessories. Security ? ecommerce ? mobile accessories ? strange guy ;-). People are complaining on forums about receiving spam email from him to buy mobiles parts : "
Conrad Longmore does appear to sell all kinds of things, including mobile phones, and portable air conditioners, so the guy must have read the site and added the PS for shits and giggles" : Forum of victims describing what happened to them.
The malware a classical non critical HH. JS, among thousands variants of this kind, have spreaded thoughout the web since years, and it has infected again this summer up to 252 000 website among which Apple.com and some others which were unavailable for nearly one week for some of them.
Our dude find that on our website, which is obviously technically hosted on a distinct independent infrastructure than the corporate one, thought it was a valid and major reason to drive a deep dive study about : the company, its financial status (with French reading bad expertise ;-)) , our management, our domain .... and yes absolutely not about this malware, the security countermeasures etc . In short nothing related with security and IT.
The funny thing is that he did criticize our website about having a temporary non critical js malware and we thought we should find a perfect website on his side. This was aboslutely not the case:
- broken links(25/70), outdated references( last update is 2003),blogsite is badly designed, coded and graphically disgusting. We even find 5 vulnerabilities and it looks like a beginner web blogger.
By the way we decided not to take any action again this anonymous strange blogger which apparently is using strange techniques to exists and shine on the web to make money on our back.
Finnally, after some discussion with famous security real bloggers on the web most of them told us they never heard of him and few who did know him, had some negative feedback about his behaviour. As in any case a security professional will blame a hacked victim for being infect or hacked. Our company never decided to be infected for some days earlier during summer time. This mix of corporate, financial -(he is also a financial expert ;-)) and personal elements in a security analysis demonstrate clearly the guy is somehow not in the security space but just personnally blogging using security as an excuse.
This is how the web is going nowadays : giving some space to unknown people, having lot of freetime to blog on all and nothing.