Security Now! Episode 1

Discussion in 'other software & services' started by iceni60, Aug 22, 2005.

Thread Status:
Not open for further replies.
  1. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
  2. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
  3. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    I am not "senior" enough to know much about this but alternate views might be welcome: this might violate TOS or legal boundaries, I dont want to start a row, I dont want to deliberately offend anyone,there is obvious history here that obviously goes well back, just remember there are layers:

    This has been lifted from another site:

    >>>This is from Steve Gibson's new infomercial with the
    redoubtable Leo Laporte in podcast form.

    In this podcast you will learn:

    - Steve Gibson wrote the tool that was the inspiration for Norton Disk
    Doctor which it still runs rings around.

    - Everyone should have this tool. It is available at GRC.COM.

    - Steve Gibson discovered spyware and coined the term, in addition to
    writing the first anti-spyware tool ever.

    - Leo Laporte might not know what's wrong with Steve Gibson, but Steve
    Gibson claims everyone else does.

    - The network worm that hit the world a fortnight ago was a network
    worm.

    - Hackers are malicious.

    - Steve Gibson sometimes sees green spots.

    - _Exactly_ what Steve Gibson's favourite word is.

    The one thing we learn in this extensive waste of time is that network
    worm hit hard because people brought laptops back to work after the
    weekend and inside their 'Internet interface' [sic].

    How this character surfaces again is anyone's guess. Maybe it's because
    of the iPod - and maybe it's because he just won't go away.

    Steve 'Ahab' Gibson, set out to pasture by the fleeing John McAfee, is
    still out there, probably because he's always been out there and
    doesn't have enough to do or enough to retire on. McAfee made Gibson a
    good deal, but McAfee wasn't about to do a better deal for Gibson than
    he needed to. McAfee tricked Gibson just like he did all the others.

    Which kept Gibson alive for a while, let him put a little money in the
    bank, but certainly wasn't anything like the 400 million McAfee could
    retire on.

    Gibson and McAfee go way back. Gibson's not a programmer - he's a
    sleaze journalist McAfee picked up to do his dirty work.

    McAfee's business strategy has always been simple and effective: it's a
    variant of the classic bait and switch. First you need someone to stir
    the pot and bad; then you need an 'independent' testing facility; then
    you need a cure for everyone's ills.

    McAfee was a down and out shyster in San Francisco selling 'I am virus
    free' cards to the gays when he came up with his great idea. He'd test
    these people for HIV and issue them a six month card for $50. But this
    was nothing compared to what he had now: after all, viruses on a
    computer were almost the same thing, weren't they?

    McAfee traveled coast to coast in his Winnebago, cleaning people's
    computers for free. That's how he got the word out. For the idea was to
    always give product away for free to home users but make the
    corporations and governments pay. The home user would come into work
    and recommend the product. Fines are steep for companies that violate
    software copyright laws and don't pay - up to $200,000 per infringement
    - and governments wouldn't dream of cheating. And in both cases it's a
    cost that's passed onto the consumer/taxpayer anyway.

    Now McAfee needed an 'independent' testing laboratory and a 'scientist'
    to run it. [The 'scientist' he found would quit because he didn't like
    the sham of what he was being asked to do - but that comes later.]

    McAfee asked all the other AV vendors to contribute copies of their
    software. Once a month his laboratory would evaluate all products
    against virus lists he himself would supply. No one wanted to
    cooperate, so McAfee bought the licenses himself.

    Naturally McAfee made sure his own AV product passed the test before he
    turned over his list to the laboratory. And naturally his AV product
    always did best. No two AV companies will ever have the exact same
    list. McAfee always won.

    McAfee was great with journalists. He gave them what they wanted: big
    fat headlines with scare content. But he'd word it all very carefully
    so he - and his journalist friends - could never be caught in a lie.

    For example, to scare the world with the Michelangelo virus, he
    literally said the infection would be for between 50,000 and 5,000,000
    computers - naturally, as he knew, the journalists would concentrate on
    the 5,000,000 and not the 50,000 - they need to sell stories and the
    media need to sell copy - and when it was all over and only 50,000
    computers had been infected, he could say 'see, that's what I said'.

    He used Gibson back then too: the infamous Dark Avenger Self Mutating
    Virus story. What McAfee had Gibson do - as only Gibson could do - was
    paint a picture of a day soon to come more like a computer Armageddon
    than anything anyone had ever seen. It was impossible to stop the Dark
    Avenger: AV products were helpless. Soon every box on the entire planet
    would be slave to this mysterious hacker in Bulgaria.

    Of course things didn't exactly work out this way, but Gibson's scare
    story helped generate a lot of sales for McAfee, and McAfee knew he had
    a good ally.

    McAfee sold his AV business for 200 million and was out of the picture
    for a while. Then he saw a new opportunity in personal firewalls and
    set things up. He bought a lot of stock in Zone Labs and contacted
    Gibson.

    The strategy was already proven. Gibson's site would be the new
    laboratory; he would come up with new ideas which Gibson would test -
    as soon as he McAfee and his company Zone Labs had shown they could
    pass the test.

    Gibson would publish the test and everyone would get paranoid as hell
    and start using ZoneAlarm, and at work they'd recommend it be used too.

    McAfee called in favours to get his journalist friends to direct
    visitors to GRC. There one could see the new Shields Up test - and the
    whole site was transformed overnight into an outright shill for
    ZoneAlarm. Of all the firewall products that were mentioned there, none
    had a hyperlink save one in a single instance, while the number of
    hyperlinks to Zone Labs numbered nearly 100.

    McAfee even put his own representative in the newly formed Gibson
    forums to deal with ZoneAlarm issues. When Zone Labs wanted to come out
    with a new beta, everyone there got a copy.

    Which is how we got a copy when Keith Little contacted us and wanted to
    show us just how good this program was.

    *

    Keith asked me if I wanted to look at the new ZoneAlarm beta. It was
    great, he said. Sure, I told him, and he sent it.

    It took me not fully ten minutes to poke holes in it all over the
    place. I wrote back to Keith. Wow, he said, you'd best notify Zone Labs.

    So I did. I sent a detailed bug report - and questioned a number of
    their design decisions. I got back a semi-automated 'tier one' reply.
    My report was already buried. I wrote back to Keith, who went through
    the roof.

    The next day Keith tore McAfee's shill at GRC apart. Her name was
    Rebecca. He was not unkind to her - he was unkind to Zone Labs, and
    told her in no uncertain terms what would happen if they kept up their
    way of doing things. He went on to remind her that I wasn't just
    anybody either - it was rather flattering actually, but it is beside
    the point.

    The next morning a new purchase of the XPT came in - from Gregor
    Freund. There is no doubt it was McAfee's call all the way: one doesn't
    criticise one's own clients.

    Rebecca fielded all the questions in the GRC forum for ZoneAlarm;
    McAfee got ZA in shrink wrap and on the shelves; then they came up with
    their next great idea and it was again time for Gibson to both stir the
    pot and provide an 'independent testing laboratory' scenario: LeakTest.

    Naturally McAfee made sure ZoneAlarm could pass the test before he let
    Gibson release it.

    *

    Gibson's not a programmer. And he's not a security expert. Fyodor, the
    author of nmap, calls him outright a charlatan - and considering he
    shilled for McAfee for so many years, the term has to have a resounding
    validity.

    Gibson's today running IIS on his web servers: he's hacked it so they
    say they're running some silly concoction of a 'research nano-probe
    server' or some other such rot, but it's IIS all the way. He even uses
    Microsoft's idiotic 'default.htm'.

    Gibson doesn't know anything. He saw enough assembler when whoever it
    was wrote SpinRite for him, and he's been playing with computers and
    networks long enough and had his security beefed up by yet more
    outsiders once he got clobbered, but the sad story is he doesn't know
    anything else.

    He's still trying to peddle SpinRite because he has nothing else to
    sell. He's still using Windows because he simply doesn't know how to
    use anything else. And he never learned any other programming language
    because he still doesn't know the one everyone thinks he knows.

    What's the shame here is not that he's peddling air; the shame is so
    many people get sucked in.

    But right now it's not of much import anyway: McAfee's gone, leaving
    his friend in the lurch, a subtle reminder he's just another loser like
    all those others McAfee's duped over the years. He's got nothing to do
    anymore but try to ride an ebbing wave from the wake of McAfee's hype
    machine - a wave that's irrevocably receding.

    The 'home security hobbyists' come and go through his forums; people
    yawn at a weird product (SpinRite) that was obsolete fifteen years ago;
    he makes shows and infomercials and podcasts for the terminally
    clueless.

    If Steve Gibson ever dared attend a security conference, he'd be
    laughed out of town. Steve Gibson probably doesn't even know how to log
    in to a Unix box - much less administer it, much less guard over a
    network.

    He has a way of expressing himself as Leo Laporte says - a way that
    irritates some and appeals to others, a way that's extremely simplified
    and not always accurate. A few more months or years and GRC will be
    back peddling 'small is beautiful' as once upon a time long ago. <<<<
     
    Last edited: Aug 26, 2005
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,763
    Location:
    Texas
    Longboard

    Is your post a quote from another site? If so, what is the link? Thanks.
     
  5. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    will there be a lawsuit?
     
  6. Beefcarver

    Beefcarver Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    263
    Location:
    michigan
    I found this very interesting. Thankyou for your imput it was very educational.
     
  7. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    Last edited: Aug 26, 2005
  8. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,763
    Location:
    Texas
    Thanks for the links.

    Steve Gibson for all his faults, we all have them, was the one that really got me interested in computer security.
    He also hosts a free website to discuss security and related items.
    For those reasons, I thank him. :)
     
  9. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    Thankyou Ronjor.

    Regards.
     
  10. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    hi, Longboard :) can you please tell me why you think this? i don't want to make this mistake again. or, if Leo Laporte or Steve Gibson have done something wrong i'd like to let them know you think so, then they can get their acts together. thank you :)
     
  11. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    ice:

    Here there be dragons!

    AS a newcomer to this widely known and respected Forum on which I am an infrequent and somewhat very naive(!) poster I have been treated very well and with respect.

    My posting of those excerpts could have been construed as a malicious personal attack which I was concerned may not have been appropriate or welcome, particularly as Steve Gibson may not have an opportunity to respond.

    AS ronjor has very eloquently stated Steve Gibson has a well known and much appreciated presence in the realms of security and has tremendous success with his software. I have visited his site, used his tools and viewed the forums with interest.

    There would appear to be a long lasting personal enmity implicit in the quotes.
    Some of the observations/comments appear to have originated from up to 5 years ago and may be of historical interest only (ZA now undoubtedly well beyond what it was and is very well liked. I cannot comment on the coding)

    The radsoft site and its developers/writers have an interesting perspective on education of users and take a somewhat maverick approach to users and software to put it mildly.

    Having mavericks around us is often useful but can be destructive and offensive.
    In my own area of professional responsibility there is often vigorous debate as to personality and proceedure, not always constructive.

    I have always felt that orthodoxy needs to challenged on a reguar basis.
    For my level of expertise radsoft and scheinsicherheit often provide some challenging insights, which equally often need "the grain of salt" and critical analysis beyond my abilities.

    I have been privileged to have been led through the maze of computer security by the mods and contributors here.

    Without getting too pompous, creepy or droning on without any real credibility, there was no hidden agenda.

    I am a guest in this house and was not seeking to be more than mildly provocative, offering a different slant.

    If the mods had felt this quote was inappropriate or even a legal liability, then I was not going to take offense if the post was snipped.

    Regards.
     
  12. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    @ice
    btw I meant my post might violate TOS/legal boundaries
    not yours

    regards
     
  13. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    has anyone listened to the second episode? it's really good.
     
  14. ice60

    ice60 Guest

    OK thanks. what do you think of the 2nd episode? have you listened to either of them?
     
  15. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,763
    Location:
    Texas
  16. -----

    ----- Guest

    <insert long story about how i was a noob, until Gibson came along and showed me the light. But now I'm beyond him of course>

    No, not really.
     
  17. ice60

    ice60 Guest

    episode 4 is out now. it's about passwords. right now i'm at a company that i'm a director of, in name only, i don't work here. but i have free access to the buildings and property. i'm sitting here surrounded by lots of computers and i'm typing this on the Admin PC which has access to all the other computers. i was only given access to a standalone computer with no internet access.

    all i'm trying to say is listen to Security Now! and, if you have a computer you value, use strong passwords. i got into this company's network in under 1 minute because of a weak password. BTW please don't think i'm a cracker, it's more then my life is worth for me to do anything, but use the internet. and i'll do my best to clean the logs.
     
Loading...
Thread Status:
Not open for further replies.