Original URL: https://www.theregister.com/2001/07/09/thank_god_someones_finally_exposing/

Thank God someone's finally exposing this charlatan

Reg backers stand tall

By Thomas C Greene

Posted in Bootnotes, 9th July 2001 01:14 GMT

See also:
You both make good points, but we're still leaning in Steve's direction
Steve walks on water; you're a moron, and so's your old man


Have you seen the latest vuln dev posts from this morning? Gibson's taking crap from all angles. Looks like consenses from the list is that he's pretty clueless and only out for PR. One of the few times I've seen that community bash someone else and kinda defend Microsoft!
--not signed


Hey Grandma -- fire up your Spoofarino and let's take out our ISP. It's OK -- Gibson said so!
--not signed


haha kick ass! we've been waiting for someone to write this angle.
--not signed


We know Kieran is in full troll mode at the moment, but I'm surprised at your affectation that didn't realise that STEVE!!!! GIBSON!!!! is barking mad. Five minutes of scanning his (admittedly increasingly) bonkers site should make it perfectly clear. "EVIL SCRIPT KIDDIES!!! HIDDEN SERVERS ON YOUR PC SECRET GOVERNMENT CABALS!!! ONLY STEVE!!!! GIBSON!!!! CAN PROTECT YOU!!!!!!! WAAAH!!!!!!! GAAAA!!!!! YEEEARGH!" ;-)
Kind regards,
--Colin MacDonald


Dear Thomas,
Thank god that someone has finally put pen to paper (fingers to keys?) and written a decent article about Gibson's paranoia! As you say reading his web site recently it has turned from mild paranoia but with some useful tools into the rantings of a madman.

His attack that every single teenager in the world will suddenly turn into a crazed script kiddie as soon as XP is installed on their machine is frankly ridiculous. DDoS programs are around now and the world isn't crumbling around us yet!

I do think that he should let up on MS. Whenever they make their own standards people fall on them like a ton of bricks (quite rightly!). When they are now following other peoples standards they get all this crap! Anyway, thanks again for speaking out against him. Until your article my claims that he was a bit loopy were falling on deaf ears!
--Charles Astwood


So he is going to write an application for Windows (pre-2000) that will use raw sockets. Yet he pretends this is difficult so he can say Microsoft is making it easy for malicious attackers on XP. My head is starting to hurt. Good article.
--weld


I just read your article on Steve Gibson's effort to denonce the raw socket implementation in Windows XP. I agree with him about the fact that this will give
more power to script kiddies to do whatever they want, including spoofing packets in Denial of Service attacks. However, when it comes to DoS attacks, it is
always the same classical scenarios that are discussed. I'd like to bring your attention on my whitepaper "Babel, DDoS of Biblical proportions" (available at www.geocities.com/floydian_99), on which I describe a new type of DoS that many Windows machines are vulnerable to as we speak. The raw socket implementation in Windows XP could be integrated into Babel to do spoofing, but it is not necessary. The way Babel works is quite simple: it simply integrates viruses that spread through the Outlook adress book and pre-configured Denial of
Service. The virus part takes care of distributing the DoS agent, and once a machine is infected, it simply starts bombarding the targets. Since
Outlook-type of viruses usually infects several thousands of machine, it is easy to see that the impact on global connectivity will be major.

Babel does not exist yet in the wild, but after some tests, it should be so easy to make it happen that I am surprised that nobedy ever thought about it yet. Thank you for your time.
--Floydman


Hello Thomas, And thank you for sounding off on this issue.

It has perhaps occurred to you that if Gibson succeeds in developing his raw socket exploit, that he will in effect have disproven his own point, whatever that is?
Cheers,
--Rick Downes


That guy makes my brain hurt. I don't think I've ever met anyone "in the know" that doesn't laugh about Gibson.
--Marc Maiffret


People actaully flamed you about that post?!? I really don't see the problem. What gain is it to the hacker to hack some newbies computer? That isn't a challenge for them so they don't bother. Hacking M$ systems is a challenge and that is why M$ are so frequently hacked. So IF there IS any increase it will be in large companies machines who invest millions a year in security. LMAO. It WON'T against the average home-user.

Anyway, I think you are totally right - If they can't even read to the end of a new article then they deserve to be humiliated (you should post all the names of the idiots who flamed you). PS - This Gibson bloke seems like a really nutter.
--mortensen


Of course Steve's attack won't help at all. Everyone that has no clue about existing security dangers is already a valueble target, like sub7 etc.

As I recall Steve likes the 'quality' of older Microsoft product where it was impossible to fake the IP address. Having a working and correct IP address makes it easier to battle DOS attacks. Just let the router drop all packets from that IP address. If a program can build packages with a random (non active) IP address, you won't be able to trace the origin of an IP packet. So I suppose Steve only tries to convince us that there will be one less method to fight DDOS attacks.

Since he was able to track his attackers through their unability to hide their identity, he feels he has an obligation to protect the world. That's his problem. Isee a nice possibility for microsoft to incorporate a firewall that can easily be managed by users. Indeed give the man a holiday.
--not signed


Go Thomas! Go Thomas! Go Thomas!
Give me a 'D'!
Give me an 'I'!
Give me a 'C'!
Give me a 'K'!
Put 'em together, what you got?
'Steve Gibson'!!!!
Yaaaaayyyy!
Repeat, ad nauseum....
--Paul Robinson


I enjoyed this. It's about time somone started calling "bullocks!" on Gibson. Everything I've read by Gibson has amounted hype -- at best (for worse, read his NanoProbe page, or his Project-X page). What's remarkable is that I had colleagues that actually characterized this chump as a "scientist". The only thing I have any difficulty with is the designation security expert and security specialist with reference to Gibson, which the following piece of (anonymously submitted and still unpublished) errata addresses along with a few other problems in
with Gibson.
cheers,
--munge


I'm in total agreement with you... Mr. Gibson has some technical skills, but the man is seriously nuts. He fails to mention that a) you have to have Administrator rights to create raw sockets in 2k/XP, and personally I think MS will pull an OS X and disable the Administrator login by default, and b) It *is* in fact possible to create raw sockets in Windows 98/ME/NT4. It may not be *natively* possible, but it's trivial, once Sub7 is installed, to download and install a raw packet driver and spoof the packets that way. The capability is there -- the only reason it's not used is that it's not necessary. If attackers can already shred a site's availability without spoofing, why bother?
--Eric Means


Thomas, I have to agree. What Gibson and MS both seem completely unable to understand is that its neither raw socket nor hostile code, but a nearly total lack of egres filtering in ISP's routers *combined* with hostile code and lack of user education, no matter the OS. The first would prevent spoofing from getting out of and ISP's network and if done at the edge, would keep most spoofed packet from ever even entering the main network, the last would eliminate most compromises, and elimination of the second would eliminate the first and last issues, but we both know that'll never happen.
--Rob


I think your assertion that he needs a holiday may be the most accurate one. Consider this:
1) he suffered a DDoS attack
2) he had to analyse pretty quickly what it was and why it took his site off the Net]
3) he had to fight with the support process of his upstream providers to get someone to act on his recommendations (which were sound, but there is that interim step where you have to convince support to let you talk to someone who is capable of understanding what you say - and sees that you know what you're talking about)
4) he had to figure out a way to prevent recurrence - which is what brought us the (in my opinion) very valuable detective story.
5) he had to fight long enought to realise he was 'losing' the battle ('losing' is a relative term, I'd call it accept the problem and deal with it in a different way).

I'm the first to wince at the pyrotechnics used in his tale - I've been using the Net long enough to dislike visual shouting - but his research was good.

Now, adding all of this up I can only reach one conclusion: Steve forgot about the 'count to 10' rule when posting on the Net, he's iMO still too upset about the whole affair (I know how I felt when I had to get hold of someone over a weekend ;-). The pain with email and web postings is that they end up being an immediate dump of your emations at the time - and those may not be for consumption until you've cooled down. I think Steve's just gotten a tad too excited (British understatement here ;-) -- and depending on his character he may or may not realise this.

I'm loath to declare him loopy - he reasons too well. But I think he's presently unable to disconnect emotionally from the issue (God, that's a consulting phrase, sorry) - which IMO harms the quality of his work and his image. Being excitable is not helpful in dealing with a direct or indirect attack and discredits all the good work. I sure hope he cools down - he sure needs a break ;-)
Regards,
--/// P ///


Good article, but it took you all this long to notice Steve Gibson is off his rocker Anyways, I add this gasoline to the conflagration: Apple just released a BSD based operating system. Forget LINUX, you have 1 million plus Macs a year rolling off the assembly lines capable of... oh the horror.

No, seriously... Hrmm... ok, I haven't been able to take Steve Gibson seriously for 5 or so years..
--Scott


Hi
As you have had so many flames relating to the original article written by Steve Gibson I thought I would write you one praising your article. Gibson is clearly a man possessed. I am not going to pretend I really understand the whole technical issue but the use of them giant fonts was enough for me. I did think where he wrote about some _kiddies_ getting together to perform anon DOS attacks made some sense but the man is still clearly mad.

Is this all some guise to hide the fact he still has not got out his network 'scanner' 2 years after he fist bragged he had discovered a new fast way of scanning thousands of ports simultanously? I also have not forgiven him for recommending BlackIce Defender as the 'bees knees' of personal firewalls, until he decided (a week after I bought it) it was crap and ZoneAlarm was the best. I still use BlackIce and it works well enough for me.

Anyway this email was supposed to be about your articles. Thanks, they are well written and I enjoy reading them. More than I can say about the recent insane ramblings of Gibson.
-- Paul J


Mr. Greene,
I agree with you completely. Gibson is completely touting his own horn. To further your point, in Office XP (I realize that they are different products), Outlook disables basically everything that could possibly infect your machine. And there is no easy way to bypass this. So unless you are a complete idiot, if you upgrade to Office XP (somewhat forced now that you can't buy anything but XP), Microsoft has taken a step towards thwarting attacks, not increasing them.

Also, since Microsoft based much of the IP connectivity in 2000 and XP on FreeBSD, it is much more reliable. And how often does Microsoft actually conform to someone else's standard, instead of trying to set their own? I think that for once, and only briefly, Microsoft should maybe be patted lightly on the back for this one. And yes, Mr. Gibson needs a long vacation.
--Glenn Hunt


I think I'd call Steve Gibson a 'self proclaimed security expert'. Security is a wide open area, so of course it's open to interpertation. But what has he done? He's tested PC firewall software. He's written a tool to check which hotfixes you've applied. He's discovered some spyware. He's writen a tool which does a pretty half-assed port scanning job. I think we're giving him too much credit. Unfortunately, a lot of consumers who don't know any better are going to give him even more, because hey, he's a security expert.

I asked Steve why he had included DHCP IPs in the list he had logged as attacking him. He replied that DHCP is not as dynamic as people think, it's dynamic in allocation, but stay after that. Granted, most ISPs have long lease times. Buy my point is that he's pointing fingers in public, but can't be certain that he's pointing at the correct people.
--not signed


Hi Thomas, I just read your June 25th article over at the Register regarding Steve Gibson's claims about Windows XP.

You are absolutely right about Steve Gibson. When I first read his article on XP I felt the same as you do. His complete ignorance of the fact that building raw packets is possible under older versions of Windows (and without the use of installing some sort of protcol driver to boot) baffles me.

However I think he's shot himself in the foot with this article. To the more knowledgable participants in the field of computer security he's discredited his name showing that he is given to fits of what I would classify as paranoid hysteria. I would put him next to John McAfee in terms of generating needless hysteria-driven hype (http://kumite.com/myths/cvha/1996/pr1.htm). I know the next time I ever read something put out by Gibson that I'll be taking with with a grain of salt.

And you watch, now that Gibson has come out with his highly-publicized attack on XP's support of raw sockets, someone will come along and write a bot that spoofs packets under earlier versions of Windows which Gibson has deemed as "secure" just to spite him. Such a zombie would be slightly less-than-trivial to create but not at all outside the reach of even the most amateur of win32 programmers given the number of libraries out there to do that very job.

Of course, as you rightly pointed out in your article, the use of spoofed packets plays a very very small role in DDoS show we are seeing. Filters are meaningless when it you're dealing in the millions of kilobits per-second.

I wish Gibson had focused his efforts on something more worth-while such as the fact that these zombies infect open/insecure Windows clients and that, as Gibson himself found out, there are hundreds if not millions of insecure Windows clients out there just waiting to take part in the biggest show on the net.
--Eric Tribou


Hey Thomas,
Great work you've done. Please keep it up. This is off the record -- [deleted, tcg].

Here's a great rendition of the Mickey Mouse attack on GRC by someone who really knows what he is doing. This is a very long and detailed analysis of the attack, but between the lines you can read very clearly: "Gibson is out of his mind and desperate. All these unpatched systems could have been patched, and real sockets has bollocks to do with it."

Anyway, cheers and sincere hopes the Gibson Groupies don't drive you nuts!
Cheers,
--Rick


Couldn't agree with your more about Steve Gibson's rant. I published a rebuttal of his nonsense on my site here: http://www.usethesource.com/articles/01/06/12/2157208.shtml on June 12.

Nice article, thanks for talking sense.
--John.


Don't worry about Steve and WindowsXP. Steve has a notoriously short attention span. If you don't believe me check out his ASPI ME work.
--Chess


Dead straight.
--not signed


I read your article today and noted you mentioned that you got a lot of mail about the first article. Just thought you would like to know you aren't the only one taking the view that Gibson is wrong, see http://www.nthelp.com link about Gibson near the top of the page.
--Geo.


Yep, hes a loop. There are tools for normal windows that can allow spoofed packets. IE XP=no change.
--Ant


Finally someone who agrees with me! I've been trying to tell people this for years, I even wrote you guys about it a while ago... I can rest now
--jon


Hi Thomas
Just wanted to say thanks for the excellent and very interesting GRC / Windows XP. Saw you were getting a few flames so wanted to add my support to your opinions here.

Its refreshing to find a balanced view for once rather that the usual 'slag m$ off' trendy attitude that is so common on some sites. Just as a background I'm a Solaris sysadmin, but I mainly use Windows on the desktop and will probably continue to do so.

Keep up the good work! And I think Steve Gibson really DOES need a holiday, his site is so unintentionally humourous. :-)
Thanks
--Paul


I'm glad _SOMEONE_ is pointing out what a bizarre idiot Steve Gibson can be. This whole episode is nothing new for him, just more extreme. But it certainly all fits his pattern. In some ways Mr. Gibson seems to be a clever person. But he has technical knowledge gaps you could drive a supertanker through, an ego that dwarfs most suns and the apparent belief that the solar system does indeed, or at least should, revolve around him. It's time somebody mentioned that this particular emperor has never had any clothes.
--Arley Dealey


Thomas,
I'm glad the register has pointed out the absolute rubbish that grc.com has been spewing out over the past few months. I'm a bit shocked that you didn't point out in either of your two articles that Windows 2000 has supported raw sockets from the outset. This isn't the only piece of misinformation, their so called "leaktest" program simply tries to connect to a remote host on port 80, and apparently if your firewall doesn't stop this it is useless.

As a side note, are you still supporting Peter Blobfield @ BT or has he stopped bribing you now?
Regards,
--James Freiwirth.


Thank you for trying to shed light on the lunitic fear-mongering that Mr. Gibson has been spreading for years. "Spyware" beaming data to the mothership --
"Zombies" taking over the net. Please.

I commend you for trying to educate the public (and putting up with the flames from Gibsonites) as to the madness he spreads.

While I recognize Gibson's technical expertise in the area of programming and assembly language, I agree totally with your assessment of his DDoS web page.

In your article on The Register, "Steve Gibson really is off his rocker", you identify some of the key problems with his article. While being informative on one particular form of DDoS attack, his conclusions are far from scientific. The overall tone and style of writing are more something that I would expect from the National Enquirer or the Star [junk magazines here in the US with stories of women giving birth to three ton hippos, and zombies from outer space taking over the brains of people not wearing tin foil hats] than a scientific treatise on the anatomy of a DDoS attack.

His style of sensationalism and not inviting peer review regarding his criticism of Black Ice Defender signify a mind that is under incredible durress and that is not fit to be writing a scholarly paper.

In short, you hit the nail on the head mate: Steve Gibson really is off his rocker.

Thanks for your criticism. It is only through peer review such as your article that we as security analysts and computer professionals can get at the truth, which is the ultimate aim of science.
--Kurt Oestreich


Hi,
I loved the article you wrote on Steve Gibson. I couldn't agree more and being a security expert I can easily say I totally DON'T agree with him. Actually, he's not a security expert. He gained much success with his optout program (which he never even finished) and was able to write hype very well and still is. But that is it, his leaktest and sheildsup tests are fatally flawed and produce either a false sense of security or a mass of confusions. The tests are very basic and simple. I don't recall anything he's ever done that would qualify him as an 'EXPERT' in security. Only an expert at hype and false promises to finish anything he starts. Seems that he runs a popular news server and takes advantage of his audience, who by the best of my knowledge are comprised of really unknowing people and the media ready to cover a story. Very few real experts listen to Gibson as he seems to be learning the ropes as he goes...

Thanks for such a wonderful peice, I'm definitely a fan for life!
--not signed


Hey there,
This just came in my email from the bloated windbag aka. Steve Gibson. You may have already seen this, but just in case: http://grc.com/dos/xpconference.htm

'Loud and security-ignorant.' geepers

PS. Kudos, by the way, on the fantastic articles. Intelligence battling alarmist behavior. Much fun.
--Joe McGuire


I have been a hacker, I've also been a security professional, and hell anyone who does tech support for a cable modem company has the skill required to pull of the attacks he speaks of, and my location alone had over 80o people on payroll that are all fully capable of that... he's taking it WAY out of proportion & he forgets that windows XP also comes with a built in, AND the Insect security manager, witch is supported by the server (your ISP's fault if it isn't) is dam near impenetrable, the firewall is active by default and this would cover most of the RAW SOCKETS vulnerability

I say fuck the people that flamed you, have a good grasp on it, and secondly even if I DID disagree, your still entitled to your opinion. In this case though I agree whole heartedly

ROCK ON!
--not signed


You write the truth, my friend. Your article sums up perfectly what I've been saying to my friends for over a month now. Steve has slowly and gradually gone bonkers over the last 5 years; check the rest of his website, specifically Project X (a physically impossible claim of his).
--not signed


I have to agree with your 25/06/2001 article on Gibson, the man is clearly delusional. One thing that bothers me is why he is being taken seriously enough to warrant, for example, a teleconference with Microsoft engineers. I don't see all the other web whackos out there getting equal voice.

If its of any interest, he is involved in some other unrelated (but equally misguided) endeavours; including excitedly shouting about an old and boring font rendering technology as if its going to change the world, and some highly erratic ramblings about software being written in assembly and open-source software being the future, when in fact not a single piece of his software is actually open-source, and sane people started writing software in portable languages like C around the time of the birth of UNIX. Oh, all using lots of colours, bold, and large fonts, naturally. Mad.
--Tristan


hi!
i've got a small question. how can he be occupied analyzing the DDoS he suffered of and Windows XP's imaginary threat to the Internet, if he's busy with writing more and more endless articles about that topic? have you noticed how long his articles are?! what i read at GRC sounds like WWII-style propaganda to me. BTW he noticed stuff about WinTrinoo2 on his site. IIRC WinTrinoo contains its own spoofing engine set up on NDIS. sheesh :)

greets
--Tom Servo


Oh boy, do I know what you're talking about. Having had to talk a helldesk monkey with an MCSE through using DOS FTP the other day, I'm beginning to wish I had never gone down the official certification route. Perhaps I'm tainted by association.

On a more serious note, I agree entirely with your comments about Steve Gibson and his contribution to the "hackers are going to take over the world and destroy all western (i.e. American) civilisation" debate. It is precisely this sort of ill-conceived hype that gets the wannabe techies in Congress and Parliament over here in a tizz resulting in yet more restrictions to our general civil liberties in what we can and cannot do on the Internet.

If Steve Gibson really wants M$ to produce a cut-down restricted OS, then perhaps he should go back to using, say, Windows 3.11 himself. The power that even novice users occasionally enjoy is precisely the sort of thing that he himself would use. If in response he'd state that it was only the full Sockets implementation he was referring to, then he has a problem on his hands. What other "useful functions" could possibly be used by devious black-hats to wreak havoc? Telnet? FTP? Ability to run a TFTP server? VBA to craft nasty viral or DoS applications? The list is quite large.

Anyway, keep up the good work, and the excellent writing.
--Dan


I'm sorry, but Gibson is really showing his true colors as being a truly expert, highly-trained, totally legitimate knucklehead looking for his 15 minutes of fame to fuel his otherwise miniscule ego. I mean, he's coming across more as a little anklebiter that just won't shut up and go away....I wonder if he's part of the Net Authority Syndicate?? :)

Steve Gibson = "The Nutty Analyst" ?
Happy 4th!!!!
--rf


Mr. Greene,
In response to your article on Mr. Gibson's "warning cry", I would like to say thank you. Sadly enough fanaticism is a very real disorder that affects the brightest of individuals to the dullest. It is my suspicion that Mr. Gibson also was struggling with pride, to the point he failed to see past his exaggerated and often incorrect notions. As with all "doomsayers" time will prove them to be nothing short of charlatans.
--James


I agree, Gibson is MAD
--MD


Yep! Another Death Wish!!! HERE IT IS!

I HOPE THE DEBATE OVER RAW SOCKETS DIES!!!!! (not the (people debaters...REPEAT, not the (human) debaters!)

LOL! I thought I would grab your attention this way...Anyway, I am on the sidelines listening to you; Mr. Thomas Green and Mr. Steve Gibson debate the issue over sockets...I honestly do not grasp the whole idea with 100% understanding....or even 50% but with your articles, I am learning a lot. I envy the knowledge and skill you and Steve have. I listened to the show (online tonight) last night and I wish the host would have let you and Steve go at it in better depth....Oh well, that's how the ball bounces I guess.

LOVE THE ARTICLES but I wonder who is going to be able to point the finger at the other and say with glee, "TOLD YA SO!"

I hope I have not offended you in any way with my attempt at humor....if so, SORRY BUDDY! Didn't intend for that to happen.
Regards,
--webboss