About | Buy Stuff | News | Products | Rants | Search | Security | Social
Home » Resources » Rants

Has Steve Gibson Finally Lost His Mind?

Week of June 14, 2001

In an article published on 12 June and subtitled 'Has Steve Gibson finally lost his mind?' The Register's Washington DC correspondent Thomas C Greene lashed out at Steve Gibson of Gibson Research Corporation and what Greene called Gibson's 'paranoid delusions'.

After being packeted into submission last month by a thirteen year old computer enthusiast called 'Wicked', he's become obsessed with the mission of dissuading Microsoft from outfitting XP with the same capabilities as most of its competitors.

He's written thousands of words on his Web site, denouncing Microsoft for putting something like real power into a consumer operating system. He's written memos to the company; he's warned all his site's visitors; but he's still not satisfied.

According to Gibson's paranoid delusions, everyone with a computer is a potential criminal, and the only reason the entire Net population hasn't yet exploded in some mass orgy of evil is because Microsoft has thus far refrained from unleashing the uncontrollable power of the raw socket.

Master hacker Fyodor, author of the well-known stealth port scanner nmap, has also entered the arena, commenting a similar post in the dev-hackers group where Gibson was described as a 'media slut' with the following words:

[ Moderator note: I agree 100% with Darren & Andy. Gibson is a
  charlatan whose 'research' is written for clueless media
  reporters (for press attention) and the teeming masses of
  internet newbies (to whom he sells various products). His
  'findings' are not new, are always filled with massive
  hyperbole, and are frequently completely false. Instead of
  presenting evidence to prove his points, he tends to just state
  them using goofy blue or green fonts as if that somehow adds
  credibility. We recommend avoiding this guy!

  -Fyodor ]

Even the talkbacks at ZD are taking on a new tone:

Gibson is just pissed because his reputation is at stake. He will say and do anything to prove it. I'm sure the architects and software developers of Windows XP know what they are doing better than some flaming 'security expert' who wants attention. [sic]Gibson is really upset of because his sight was hit by a 14 year old script kiddy who knocked his site out for 7 days. He can't even protect his own site and he is a security expert. Raw sockets have been implemented in almost all magor OS's, why is he not complaining about them? I think he just wants publicity so he can get more hits on his site and sell his software.

Why the backlash?
This all started a month ago, in early May 2001. US sites were being hit in the on-going Sino-American cyberwar, and after hitting the FBI the NSA the CIA Clark Kent's secret fortress and all the other badass sites, the Chinese turned their weapons on Gibson and GRC went down - dead in the water.

But was it the Chinese? Gibson looked into the matter and found a thirteen year old script kiddie known as 'Wicked' out of Kenosha Wisconsin had organised the whole thing. Rustling up over 470 zombie machines to carry out the attack, Wicked knocked out GRC time and again - and just when Gibson thought he'd fixed his defenses, Wicked hit again - and again and again. Wicked was unstoppable - and Gibson knew it.

And why did Wicked attack Gibson? Wicked had heard Gibson was slurring script kiddies at his site and he wanted to show Gibson that they were not the unskilled numbskulls Gibson had accused them of being.

A White Flag Plea
And Wicked seems to have proven his point: In a white flag plea Gibson wrote 'I surrender' and literally begged Wicked and his army of hackers to cease their attacks on his site. And evidently Wicked listened, for GRC has been relatively calm since then - in that regard at least.

But not one to scorn the darkness, Gibson now launched an attack of his own - against Microsoft. The key to launching successful DDoS attacks, said Gibson, was the ability to spoof IP sender addresses, and Microsoft, with the imminent release of their new operating system Windows XP, was going to make it easier for hackers everywhere to write programs that did this.

Spoofing IPs
Spoofing IP sender addresses on Windows boxes has never been a big deal, as hackers have had access to supplements such as WinPcap (see the links below), but Microsoft has never taken the time to implement the complete University of Berkeley sockets standard used everywhere else on the Internet today.

http://netgroup-serv.polito.it/winpcap

http://secure.lucidx.com/winpcap/libpcap
http://security.oreilly.com/news/securingnt2_1200.html
http://www.tcpdump.org/lists/workers/2001/03/msg00087.html
http://www.wiretapped.net/security/packet-sniffing/winpcap

http://datanerds.net/~mike/netgroup-serv.polito.it/winpcap/install/

Microsoft uses the Berkeley code
Rumour has it that for the release of Win2K Microsoft took the freely available and accessible Berkeley sockets code and made it work on NT. Which in itself is a good thing. The usual scenario, Microsoft writing their own code for open source standards, implies deviations from said standards and often significantly poorer programming. For example, when Microsoft first implemented Silicon Graphics' OpenGL the results were typically under par and Silicon Graphics was furious. Silicon Graphics had to take the time to learn the Microsoft environment and rewrite the Windows implementation to restore their well deserved image as a cutting edge software firm. If Microsoft stops writing sockets code on their own and just uses the Berkeley code instead, the results will have to be much better.

Not that this affects the s'kiddies and hackers of course. They wouldn't be caught dead running 'Micro$oft Windoze': Their favourite operating system UNIX is better than anything Microsoft can ever throw together - and they know it.

Gibson is upset because he suspects the Microsoft market push behind Windows XP will make it the default operating system, superseding Windows 98/ME, and as long as Windows XP runs the same sockets code as Win2K, anyone will be able to make sophisticated DDoS programs without the help of tools such as WinPcap. Predicting an 'XP Xmas of Death', Gibson says we are all in for the nastiest DDoS attacks the world has ever seen. He's even gone so far as to say that he knows for a fact his site will be hit again soon.

And so the inevitable backlash arrives.

Gibson's best strategy at this point might be to wear bullet-proof shoes.

About | Buy | News | Products | Rants | Search | Security
Copyright © Radsoft. All rights reserved.