Nomx email server's tall claims fall flat under scrutiny
Nomx unique sales pitch says that their servers provide comprehensive security as they use the "world's most secure communications protocol" to ensure that their users are totally safe from cyber attacks. It sounds like something, one should consider buying, as cyber-security threats are on the rise. However, you may avoid this one because its claims are just empty boasts. Here's how the story goes.
A peek behind the curtain
There is always a nagging suspicion when someone starts talking in hyperboles to suggest that they are the best without any solid data to back up the claim. You may argue, that's called marketing; but when it's about cyber-security, that is a serious claim. Thus a BBC Click investigation team decided to find out if this was indeed the real deal.
Claims in abundance, truth in short supply
In the about section, Nomx looks pretty impressive. They have a "massive Intellectual Property portfolio," which is a good thing to have in hand. They also have "trade secrets in the cyber-security market," which is really comforting. The tagline reads "everything else is insecure," which evokes confidence, I admit. However, all it took was a nerd, a computer and few hours to bust it.
What the investigation revealed
Nomx's personal email server is going to set you back with $199 - $399 (Rs. 12,790-25,645) and you would feel cheated, knowing that it was built around a Rs. 2497 Raspberry Pi computer. The software's on-board were years old and had unpatched security bugs. To crack their so called sophisticated server you don't need to be a genius, because the default password was "password."
Always try before you buy
After all the tinkering around, the investigation team found Nomx aka "overpriced and outdated mail server" had the "most insecure PHP applications" and they were "horrified" by the almost primitive approach to security. This incident would probably serve as a reminder to individuals or firms looking for secure digital solutions, so that, they at least look under the hood before shelling out big bucks.
The strange rebuttal
Sure enough, Nomx did write back to the investigation team explaining that the threats which the team had posed were too advanced and therefore "non-existent for our users." Moreover, "To date, no Nomx account has been compromised" which is like saying buy this expensive machine with outdated software and really fudged up security parameters and pray that you don't get compromised.
