innismir.net

The InfoSec community was murmuring lately over a interview with Matt Knox, who wrote spyware in a previous life. I did feel that the interview, although done fairly well, was a bit soft and “DirectRevenue” did cause long-dormant synapses in my brain to start to wake up and scream in horror, but I dismissed them and didn’t look into it any futher.

Thankfully, Chris Boyd aka “Paperghost” did. Boy, did he ever…

The interview painted a “Hey, they did things that were of questionable morality, but they weren’t that bad!” picture and Knox did have a “Aw, shucks… Sorry!” demeanor to him. Which, as Chris points out, is kind of expected, since the interviewer is a friend. However, the State of New York documents paint a very different picture to the entire operation, and comments like:

Matt is a wonderful teacher, a great coder and a good friend. It was pretty awesome that he did this interview and gave us the inside scoop on how a noted adware company operated, both technically and from a business perspective… Nowadays he uses his skills to educate and create software for doctors.

Seem to try to whitewash the seriousness of the situation he had a hand in creating. I’ll give Knox credit for doing an interview, but I won’t give him a pass for coding such nastiness for a very, very long time. Everyone can make mistakes, but the questionable ethics that get them into such mistakes deserve to be scrutinized. As much as I would like to believe he has turned over a new leaf (and by the accounts I’ve see he has) there is this little nagging voice that says “Software for Doctors? He better not be touching patient records.”

I would enjoy a follow-up interview with Knox to address the question raised by Chris. I hope one is forthcoming.