Tuesday, April 15, 2014

Heartbleed Marketing - Call for Ambulance chasers

TL;DR

We are looking for companies who wrap their services around heartbleed hype, to expose them in one consolidated list.

What has happened?

In the last 7 days we have seen an explosion in Security firms that can assist with your Heartbleed woes.  Some are legitimate, some just want to generate more leads, some have nothing of value and are abusing the media's fever pitch around Heartbleed.

Project Goal

I am building a list of vendors that have abused Heartbleed for personal gain.  Here are three examples of who has made list so far:
  • Tripwire - offers "free" SecureScan
    • Existing customers must sign into "new" portal (marketing gathering data for upsales)
    • Non-customers cannot get a scan without providing personal data
    • http://www.tripwire.com/securescan/?home-banner
  • WhiteHat Security - offers 30 days WhiteHat Sentinel scanning service
    • You must enter in all personal data before getting your Heartbleed scan
    • https://info.whitehatsec.com/Social-SecurityCheck.html
  • DigiCert - offers "free" online scan
    • You must enter in all personal data before getting your Heartbleed scan
    • https://www.digicert.com/heartbleed-bug-vulnerability.htm
Here are examples of good ways to market your services, leveraging Heartbleed's attention in media:
  • Qualys - offers free online scan via SSL Labs
    • No marketing / sales wall
    • No requirement to fill out forms with company and personal data
    • https://www.ssllabs.com/ssltest/
  • GlobalSign - offers free online scan via SSLCheck service
    • No marketing / sales wall
    • No requirement to fill out forms with company and personal data
    • https://sslcheck.globalsign.com/en_US

We need your data!

So, have a vendor that has emailed or tweeted about Heartbleed, only to find they want ALL your data before the can give you a status on Heartbleed?  Got someone who is using the Heartbleed name, though, there service does not really have anything to do with Heartbleed attacks?  Send them in! @hackajar on twitter or gmail.com

NOTE:  I do get a lot of positive marketing emails from companies like Rapid7 and Imperva.  They say things like, "Hey existing customer, run these commands to get the value out of the product you already own!".  That, to me, is a positive use of Heartbleed in their marketing.

No comments:

Post a Comment