About | Buy Stuff | News | Products | Rants | Search | Security
Home » Resources » Rants

The Funnel

Week of March 19, 2001

'It's like a funnel - and the only people who fit through the funnel are the dumbest of the dumb.'
  -- Sydney Phillips

Put dumb tools in the hands of even dumber users and you have a catastrophe in the making. Steve Gibson and Robin Keir know this today - and have the scars to prove it.

Steve Gibson is of course known for his online diagnostic programs Shields Up! and Leaktest. The former determines whether remote machines can access your system through file and printer sharing on ports 137 - 139, and the latter sees whether your currently installed firewall will in fact prevent unsolicited traffic from leaving your machine and contacting a remote URL.

So far so good.

Now enter the first dumb tool. A program to be used with firewall alert logs, it copies a standard complaint letter to the Windows Clipboard in the event of an alert. The letter is spiked with accusatory verbiage. It's not sent automatically - it depends on a dumb user for that.

Now consider the following scenario and let it really sink in that this is not hypothetical but that this is really happening.

  1. Dumb user requests the services of Steve Gibson's Shields Up!
  2. Dumb user has of course installed a firewall - that is what he is testing.
  3. Along with this firewall - innocuous in itself - dumb user has installed the dumb tool mentioned above.
  4. Dumb user now begins the test.
  5. Dumb user's firewall catches the 'probe' from Shields Up! (which is good).
  6. Dumb user's dumb tool sees that the firewall has issued an alert.
  7. Dumb user's dumb tool copies a standard acidic complaint letter to the Clipboard.
  8. Dumb user pastes the letter into an email and sends it off.

The result of course is that Steve's Shields Up! has backfired to an extent. Offering a free service to anonymous (dumb) users out there, the dumbest of the dumb are as their act of gratitude literally drowning Steve and his IPP in abuse complaints.

But Steve has a newsletter too...

This is not your ordinary weekly newsletter, it's a bit like radsoft.net's X-news in that it comes out only when Steve has something to say. So far in its three year existence it's only come out a total of eight times.

It came out last week again - for the eighth time. It noted an application found at Robin Keir's website.

To receive Steve Gibson's newsletter you must subscribe.

Take the same dumb users as above, factor a distribution of over 700,000 into the equation, add another dumb tool, and suddenly you have Robin's IPP flooded with spam complaints.

Robin never spammed anyone. All that happened was he was mentioned in a newsletter Steve Gibson sent out to people who specifically asked for it. Now Robin's IPP is threatening to discontinue their service of Robin's website.

It's like a funnel.

About | Buy | News | Products | Rants | Search | Security
Copyright © Radsoft. All rights reserved.