Feeds

Steve Gibson picks a fight with Microsoft and The Register

Loud and security-ignorant the pair of us

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Security consultant Steve Gibson - whose claims that Microsoft's latest OS, Windows XP, will destabilise the Internet we have covered extensively - has posted another DDoS diatribe following a conference call with the Beast of Redmond's security team.

In an extremely rare occurrence, however, The Register has been clumped with Microsoft and both received a barracking at his hands [isn't that our job? - Ed]. Well, more precisely Thomas C Greene has been clumped with MS.

Claiming that his concerns and complaints about XP have fallen on deaf ears, Steve Gibson states: "and thanks to many other loud and equally security-ignorant voices which are attempting to confuse the industry on this topic, Microsoft shows no intention of responding to this now very visible threat" with part of the text hyperlinked to one of our stories.

Which one? Er, that'll be the "Steve Gibson really is off his rocker" story. This reporter (me) extensively covered Gibson's claims that XP would enable huge denial of service attacks over the Internet due to its implementation of raw sockets.

This will enable hackers to direct spoofed IP packets at particular sites. The theory runs that since XP will have such a huge uptake with technically illiterate people, hackers will be able to load Trojans onto hundreds of machines and then direct them at will. Hence XP will bring down the Net.

Thomas - who does know a thing or two about security - remains utterly unconvinced by this argument however. As he puts it: "malicious kiddies can already take over Windows machines with Trojans like SubSeven and use them for heavy packeting without the owner's knowledge. Raw socket functionality does not in itself make a machine more or less vulnerable to such infection.

"Furthermore, malicious operators can already do heaps of packet damage using Windows clients without spoofing. Gibson is right that spoofing makes packets nearly impossible to filter, but filtering isn't the answer to a severe packet attack, as anyone who's had to deal with one can attest."

In short, Gibson is "talking absolute bollocks".

So, what does Steve have to say about Thomas' comments. Not much, sadly. The inclusion of the story does seem to calm him down however. Starting with a very angry "Microsoft knows nothing about security and are a bunch of idiots" stance, by the time The Register makes an entrance, Steve has put on his reasoned hat and concluded: "Even though perfect security may be - and probably is - impossible to achieve, increasing the difficulty of criminal exploitation is a worthwhile and effective deterrent."

So there you have it. Check it out for yourself here. Ironically, we found out about this latest installment from receiving an email from Steve sent to email group "My press friends". ®

Related Link

Steve Gibson's latest diatribe

Related Stories

Steve Gibson really is off his rocker
Windows XP will make Internet unstable - top security expert
Everything you wanted to know about DDoS attacks
Security expert waves DDoS white flag
Network ICE CTO responds to further BlackICE criticisms
Network ICE hits back over Gibson jibes
Security expert waves DDoS white flag
Everything you wanted to know about DDoS attacks

Remote control for virtualized desktops

More from The Register

next story
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Seattle children’s accelerates Citrix login times by 500% with cross-tier insight
Seattle Children’s is a leading research hospital with a large and growing Citrix XenDesktop deployment. See how they used ExtraHop to accelerate launch times.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?