Security Now! Episode 1

here's a new podcast with Leo Laporte and Steve Gibson, episode two should be out soon. i'm not sure if there's a direct download but you can subscribe to the feed with either Opera or Ipodder

http://thisweekintech.com/sn1?PHPSESSID=6c57d7eba87921beed96fe0440361a2b

 

i just noticed episode 2 is out, i'll stop posting about it now
http://thisweekintech.com/?PHPSESSID=ea04f5520311cdbe8c73f3fb25fd1037

 

I am not "senior" enough to know much about this but alternate views might be welcome: this might violate TOS or legal boundaries, I dont want to start a row, I dont want to deliberately offend anyone,there is obvious history here that obviously goes well back, just remember there are layers:

This has been lifted from another site:

>>>This is from Steve Gibson's new infomercial with the
redoubtable Leo Laporte in podcast form.

In this podcast you will learn:

- Steve Gibson wrote the tool that was the inspiration for Norton Disk
Doctor which it still runs rings around.

- Everyone should have this tool. It is available at GRC.COM.

- Steve Gibson discovered spyware and coined the term, in addition to
writing the first anti-spyware tool ever.

- Leo Laporte might not know what's wrong with Steve Gibson, but Steve
Gibson claims everyone else does.

- The network worm that hit the world a fortnight ago was a network
worm.

- Hackers are malicious.

- Steve Gibson sometimes sees green spots.

- _Exactly_ what Steve Gibson's favourite word is.

The one thing we learn in this extensive waste of time is that network
worm hit hard because people brought laptops back to work after the
weekend and inside their 'Internet interface' [sic].

How this character surfaces again is anyone's guess. Maybe it's because
of the iPod - and maybe it's because he just won't go away.

Steve 'Ahab' Gibson, set out to pasture by the fleeing John McAfee, is
still out there, probably because he's always been out there and
doesn't have enough to do or enough to retire on. McAfee made Gibson a
good deal, but McAfee wasn't about to do a better deal for Gibson than
he needed to. McAfee tricked Gibson just like he did all the others.

Which kept Gibson alive for a while, let him put a little money in the
bank, but certainly wasn't anything like the 400 million McAfee could
retire on.

Gibson and McAfee go way back. Gibson's not a programmer - he's a
sleaze journalist McAfee picked up to do his dirty work.

McAfee's business strategy has always been simple and effective: it's a
variant of the classic bait and switch. First you need someone to stir
the pot and bad; then you need an 'independent' testing facility; then
you need a cure for everyone's ills.

McAfee was a down and out shyster in San Francisco selling 'I am virus
free' cards to the gays when he came up with his great idea. He'd test
these people for HIV and issue them a six month card for $50. But this
was nothing compared to what he had now: after all, viruses on a
computer were almost the same thing, weren't they?

McAfee traveled coast to coast in his Winnebago, cleaning people's
computers for free. That's how he got the word out. For the idea was to
always give product away for free to home users but make the
corporations and governments pay. The home user would come into work
and recommend the product. Fines are steep for companies that violate
software copyright laws and don't pay - up to $200,000 per infringement
- and governments wouldn't dream of cheating. And in both cases it's a
cost that's passed onto the consumer/taxpayer anyway.

Now McAfee needed an 'independent' testing laboratory and a 'scientist'
to run it. [The 'scientist' he found would quit because he didn't like
the sham of what he was being asked to do - but that comes later.]

McAfee asked all the other AV vendors to contribute copies of their
software. Once a month his laboratory would evaluate all products
against virus lists he himself would supply. No one wanted to
cooperate, so McAfee bought the licenses himself.

Naturally McAfee made sure his own AV product passed the test before he
turned over his list to the laboratory. And naturally his AV product
always did best. No two AV companies will ever have the exact same
list. McAfee always won.

McAfee was great with journalists. He gave them what they wanted: big
fat headlines with scare content. But he'd word it all very carefully
so he - and his journalist friends - could never be caught in a lie.

For example, to scare the world with the Michelangelo virus, he
literally said the infection would be for between 50,000 and 5,000,000
computers - naturally, as he knew, the journalists would concentrate on
the 5,000,000 and not the 50,000 - they need to sell stories and the
media need to sell copy - and when it was all over and only 50,000
computers had been infected, he could say 'see, that's what I said'.

He used Gibson back then too: the infamous Dark Avenger Self Mutating
Virus story. What McAfee had Gibson do - as only Gibson could do - was
paint a picture of a day soon to come more like a computer Armageddon
than anything anyone had ever seen. It was impossible to stop the Dark
Avenger: AV products were helpless. Soon every box on the entire planet
would be slave to this mysterious hacker in Bulgaria.

Of course things didn't exactly work out this way, but Gibson's scare
story helped generate a lot of sales for McAfee, and McAfee knew he had
a good ally.

McAfee sold his AV business for 200 million and was out of the picture
for a while. Then he saw a new opportunity in personal firewalls and
set things up. He bought a lot of stock in Zone Labs and contacted
Gibson.

The strategy was already proven. Gibson's site would be the new
laboratory; he would come up with new ideas which Gibson would test -
as soon as he McAfee and his company Zone Labs had shown they could
pass the test.

Gibson would publish the test and everyone would get paranoid as hell
and start using ZoneAlarm, and at work they'd recommend it be used too.

McAfee called in favours to get his journalist friends to direct
visitors to GRC. There one could see the new Shields Up test - and the
whole site was transformed overnight into an outright shill for
ZoneAlarm. Of all the firewall products that were mentioned there, none
had a hyperlink save one in a single instance, while the number of
hyperlinks to Zone Labs numbered nearly 100.

McAfee even put his own representative in the newly formed Gibson
forums to deal with ZoneAlarm issues. When Zone Labs wanted to come out
with a new beta, everyone there got a copy.

Which is how we got a copy when Keith Little contacted us and wanted to
show us just how good this program was.

*

Keith asked me if I wanted to look at the new ZoneAlarm beta. It was
great, he said. Sure, I told him, and he sent it.

It took me not fully ten minutes to poke holes in it all over the
place. I wrote back to Keith. Wow, he said, you'd best notify Zone Labs.

So I did. I sent a detailed bug report - and questioned a number of
their design decisions. I got back a semi-automated 'tier one' reply.
My report was already buried. I wrote back to Keith, who went through
the roof.

The next day Keith tore McAfee's shill at GRC apart. Her name was
Rebecca. He was not unkind to her - he was unkind to Zone Labs, and
told her in no uncertain terms what would happen if they kept up their
way of doing things. He went on to remind her that I wasn't just
anybody either - it was rather flattering actually, but it is beside
the point.

The next morning a new purchase of the XPT came in - from Gregor
Freund. There is no doubt it was McAfee's call all the way: one doesn't
criticise one's own clients.

Rebecca fielded all the questions in the GRC forum for ZoneAlarm;
McAfee got ZA in shrink wrap and on the shelves; then they came up with
their next great idea and it was again time for Gibson to both stir the
pot and provide an 'independent testing laboratory' scenario: LeakTest.

Naturally McAfee made sure ZoneAlarm could pass the test before he let
Gibson release it.

*

Gibson's not a programmer. And he's not a security expert. Fyodor, the
author of nmap, calls him outright a charlatan - and considering he
shilled for McAfee for so many years, the term has to have a resounding
validity.

Gibson's today running IIS on his web servers: he's hacked it so they
say they're running some silly concoction of a 'research nano-probe
server' or some other such rot, but it's IIS all the way. He even uses
Microsoft's idiotic 'default.htm'.

Gibson doesn't know anything. He saw enough assembler when whoever it
was wrote SpinRite for him, and he's been playing with computers and
networks long enough and had his security beefed up by yet more
outsiders once he got clobbered, but the sad story is he doesn't know
anything else.

He's still trying to peddle SpinRite because he has nothing else to
sell. He's still using Windows because he simply doesn't know how to
use anything else. And he never learned any other programming language
because he still doesn't know the one everyone thinks he knows.

What's the shame here is not that he's peddling air; the shame is so
many people get sucked in.

But right now it's not of much import anyway: McAfee's gone, leaving
his friend in the lurch, a subtle reminder he's just another loser like
all those others McAfee's duped over the years. He's got nothing to do
anymore but try to ride an ebbing wave from the wake of McAfee's hype
machine - a wave that's irrevocably receding.

The 'home security hobbyists' come and go through his forums; people
yawn at a weird product (SpinRite) that was obsolete fifteen years ago;
he makes shows and infomercials and podcasts for the terminally
clueless.

If Steve Gibson ever dared attend a security conference, he'd be
laughed out of town. Steve Gibson probably doesn't even know how to log
in to a Unix box - much less administer it, much less guard over a
network.

He has a way of expressing himself as Leo Laporte says - a way that
irritates some and appeals to others, a way that's extremely simplified
and not always accurate. A few more months or years and GRC will be
back peddling 'small is beautiful' as once upon a time long ago. <<<<

 

will there be a lawsuit?

 

I found this very interesting. Thankyou for your imput it was very educational.

 

I have no axe to grind

The quotes are from an occassional news letter and based on these links:
http://www.radsoft.net/resources/rants/20010714,00.html
http://www.radsoft.net/resources/rants/20011119,00.html
http://www.radsoft.net/resources/rants/20010614,01.html
http://www.radsoft.net/resources/rants/20010714,00.html
http://www.radsoft.net/resources/software/reviews/za/

Many of these links are years old
? credible, ?no longer relevant
just stirring the pot

Regards

 

Thankyou Ronjor.

Regards.

 

hi, Longboard can you please tell me why you think this? i don't want to make this mistake again. or, if Leo Laporte or Steve Gibson have done something wrong i'd like to let them know you think so, then they can get their acts together. thank you

 

ice:

Here there be dragons!

AS a newcomer to this widely known and respected Forum on which I am an infrequent and somewhat very naive(!) poster I have been treated very well and with respect.

My posting of those excerpts could have been construed as a malicious personal attack which I was concerned may not have been appropriate or welcome, particularly as Steve Gibson may not have an opportunity to respond.

AS ronjor has very eloquently stated Steve Gibson has a well known and much appreciated presence in the realms of security and has tremendous success with his software. I have visited his site, used his tools and viewed the forums with interest.

There would appear to be a long lasting personal enmity implicit in the quotes.
Some of the observations/comments appear to have originated from up to 5 years ago and may be of historical interest only (ZA now undoubtedly well beyond what it was and is very well liked. I cannot comment on the coding)

The radsoft site and its developers/writers have an interesting perspective on education of users and take a somewhat maverick approach to users and software to put it mildly.

Having mavericks around us is often useful but can be destructive and offensive.
In my own area of professional responsibility there is often vigorous debate as to personality and proceedure, not always constructive.

I have always felt that orthodoxy needs to challenged on a reguar basis.
For my level of expertise radsoft and scheinsicherheit often provide some challenging insights, which equally often need "the grain of salt" and critical analysis beyond my abilities.

I have been privileged to have been led through the maze of computer security by the mods and contributors here.

Without getting too pompous, creepy or droning on without any real credibility, there was no hidden agenda.

I am a guest in this house and was not seeking to be more than mildly provocative, offering a different slant.

If the mods had felt this quote was inappropriate or even a legal liability, then I was not going to take offense if the post was snipped.

Regards.

 

@ice
btw I meant my post might violate TOS/legal boundaries
not yours

regards

 

has anyone listened to the second episode? it's really good.

 

OK thanks. what do you think of the 2nd episode? have you listened to either of them?

 

<insert long story about how i was a noob, until Gibson came along and showed me the light. But now I'm beyond him of course>

No, not really.

 

episode 4 is out now. it's about passwords. right now i'm at a company that i'm a director of, in name only, i don't work here. but i have free access to the buildings and property. i'm sitting here surrounded by lots of computers and i'm typing this on the Admin PC which has access to all the other computers. i was only given access to a standalone computer with no internet access.

all i'm trying to say is listen to Security Now! and, if you have a computer you value, use strong passwords. i got into this company's network in under 1 minute because of a weak password. BTW please don't think i'm a cracker, it's more then my life is worth for me to do anything, but use the internet. and i'll do my best to clean the logs.