 HpowerRoflmao
join:2000-06-08
Glendale, CA | reply to 2kmaro
Re: Steve Gibson - All Bent out of Shape?? Whoa, 2 years? hmm, weird. The busy man!!!
Ok, time for some lan party now!  |
|
|
|
| reply to 2kmaro
Well, IMHO, egos have caused problems for many good people. Sometimes, doing the right thing for the wrong reason, is as bad as doing nothing at all.
Steve has helped the security world quite a bit through out time, however, I have sensed his ego before.
Perhaps it is pride, stress, lack of staff or backing...
Who knows...
I do not see the right to make demands to exclude himself as a positive step in security. Falsifying an IP is not the hardest thing to do.
Perhaps the old "making a mountain out of an ant hill" is in effect here.
Other solutions have been mentioned. A notice to inform the "dough heads" of the world would seem to be the easiest. I have seen people post DSL Reports IP as an attack before. Some people just don't think...
It would appear to me that Brady's program is doing it's job. In reality, a security check is an attack.
Whose liability? Whose problem? It would seem to be Steve's.
I don't feel compromising security by "building in a special exemption" to be a feasible answer.
Of course, I have never used an analyser, and don't plan on using one. If I need to see who is attacking me, I will look it up myself...
And I have a hardware firewall, so really nothing makes it through anyway...
Just my feelings on the liability of it...
--
Inquiring minds want to know... |
|
 MeeToo7You Too?Premium
join:2000-10-18
Ardmore, PA | reply to nekote
I totally disagree with Gibson's tactic on this. As Rocktagon said, DSLR already monitors several lines, mine included, and I had to add DSLR's IP's in the advance security tab setting on ZoneAlarm so that I would not get faulse reports of attacks. DSLR makes that clear in the FAQ.
IMHO, it is the responsibility of Gibson to educate his users to these reports of attacks and ways to get around them. The run-of-the-mill users who are in the process of learning to secure their sites will inevitably over react and/or panic at such alarms until they learn to read them properly. A lot of us have been there ourselves. It doesn't make us big idiots, simply ignorant users in the process of learning. Gibson, instead of dictating to utility companies what they should code into their utilities or not, should concentrate on educating the public, as the guru that he is, in a helpful manner.
I agree with 2kmaro, he seems to have contracted a case of Big Head. Sad.
--
. |
|
| reply to 2kmaro
Wierd Info I ran "The Cleaner" trojan scanner and it said that the Gibson Firewall Leaktest was counted as a Trojan. Hmmmmmmm. |
|
 61999674Gotta Do What Ya Gotta DoPremium
join:2000-09-02
Here
kudos:1 | reply to MeeToo7
Re: Steve Gibson - All Bent out of Shape?? Well it seems to me it would be so easy for Steve to add to his test site the following >>
Your Computer will receive packets from the following address ***.***.***.*** :: name of address >> please disregard any warning you may receive from your firewall program this is NOT an attack from the outside. >> Maybe Justin could show him how this is done ?? It seems to me the test site on DSLR reports does have this type of warning in some form.
--
Ockham's Razor at work again |
|
HpowerRoflmao
join:2000-06-08
Glendale, CA | Yea, oh well, no one is perfect.
He made mistakes....we all will do mistakes too.
At least someone did something about the security not being taken serious in the world, and it was Steve Gibson who warned us.....to a certain point.
--
Charter Pipeline MACH 3 Service (1.5mbps/512kbps)
Status: Working excellent! 1532/489!
First hop: Less than 10! |
|
 jaykaykay4 Ever YoungPremium,MVM
join:2000-04-13
Scottsdale, AZ
kudos:19
 ·Speakeasy
| reply to MeeToo7
***Message edited due to having read the rest of this thread. My original post read differently before, as I didn't have Steve's side or enough information to base an intelligent response. I have now changed the wording in the italicized words below to reflect my thinking in a more positive manner.
The suggestion that he, Steve, educate the public is right on. So is your description of the simplicity in what he is seeing, and in fact, is due to the great program that he offers, and by doing so, actually contributes to his own problem by novice users. A combination of some sort of disclaimer/informational announcement re: what the user will see plus a good descriptive explanation of why as a learning tool would be a good addition to his site.
Since Steve has gone a long way in using his site as an educational tool already and has made a clear statement right along with his test page agreement, and since he is obviously going to be doing more educating from the tone of his replies here, I applaud him. My hat's off to him for taking his time to respond and for going more than a mile to try to keep this whole thing from blowing way off the mark, which is where it was headed.***
I, for one, have learned a great deal about what is happening on my system by using ZLA. As a tool, it has been very educational, and I can tell that it will be even more so as this entire security issue evolves. I can also say with certainty that before I had it, I messaged Steve about probing my system when I had asked for a security test! If I had had another type program (such as is described in later portions of this thread)in generating messages for ISPs, I would have used them too. I am the average user (or used to be), and I still have too much to learn and need all the help I can get. If Steve, Matt, 2K, and even Ben and all the others to follow will continue to work together on behalf of all the idiots out there like myself (used to be!), everyone will profit, and some will do so in the monetary sense of the word.
This thread once again points out the many issues there are with security in this technological society, and to everyone's credit, sites like this still exist to help move along the process for the truly uneducated. A big thank you to Steve for laid his body at the doorstep of the masses and to all the rest who have contributed to this thread and so many others that are teaching people like me what we need to know, even though some of the learning is painful. You are all assets to the Internet/computer community.
--
JKK
Age is a very high price to pay for my maturity, so
if I can't stay young, I can at least stay immature!
[text was edited by author 2001-03-05 16:49:36] |
|
tnm456
join:2001-01-28
Connellsville, PA | Letter to GRC I could not find a direct email address for Steve Gibson, So I
did the next best thing. Sent an email to GRC..
To Whom it may Concern;
I mean no disrespect toward Steve Gibson or GRC.
It seems that Steve Gibson has contacted Ben E. Brady of Brady & Associates in an attempt to coerce
them into changing their program ClearIce, ClearZone, and Clear Route). The information I have read
reflects very negatively on Mr.Gibson.
Mr. Gibson contends that the software is 'defective' because it allows the user to send attack reports
intercepted by the user's personal firewall program without 'filtering' for Gibson's IP address ranges as
false alarms to Gibson's ISP, Verio, Inc. There are many people that believe that this is a case of
under-informed people, not 'defective' programming.
If reporting was disabled for attacks from GRC's IP addresses it would send an open invitation to
any would-be hackers to impersonate that IP. Using that spoofed address to run rampant over
the internet, knowing they would not be reported.
Ben Brady said "I have a great deal of respect for Steve, he's done a great service to the Internet
community at large, to a great degree he has made the various manufacturers of personal firewall
products 'toe the line' with respect to producing a quality product. What he is trying to do here is
nothing short of forcing my utilities into censorship on the net."
There is a very large group of people over at DSLreports
that are looking at this as a case of Steve Gibson getting a swelled head, Thinking he can force
his views and wishes upon the internet community. I would like to personally invite Steve or
any other company representative to comment on this issue. We have an on-going forum thread
reguarding this issue. Needless to say GRC/Steve looks like the bully in this confrontation.
»www.dslreports.com/forum/remark,540313..
While we all agree that Mr. Gibson has a great deal to offer the internet community, many
believe that he has over-stepped his bounds. |
|
 shazaam
join:2001-01-14
San Antonio, TX
| reply to 2kmaro
Re: Steve Gibson - All Bent out of Shape?? A lot of spirited discussion going on about this on the GRC discussion group site. Surprisingly, since Gibson owns the site, much of it is very clear-headed.
»grc.com/x/talk.exe?cmd=xover&gro···feedback
[text was edited by author 2001-03-04 21:39:23] |
|
 gwionwild colonial boyPremium,ExMod 2001-08
join:2000-12-28
Pittsburgh, PA
kudos:1 | reply to 2kmaro
The fair flip side. A reporting program shouldn't encourage users to just automatically send an abuse e-mail regarding every single knock at the door. Not every "hit" is an "attack." Discretion is essential, not only to separate accidental or non-malicious, albeit perhaps misdirected, at times, traffic from malicious stuff, but to educate users in rational security. On the other hand, asking someone to preconfigure a reporting utility to completely exclude IP's entirely as "positively safe" - "because the site operator said so" is dangerous and... damn it, yes, simple minded. The risks are incredible. There's fault to be found, yes, with the reporting utility: it should NOT encourage blindly sending abuse reports for EVERY hit... heck, one night I kept getting hits for hours ... turned out to be a bunch of gamers looking for a Quake server that had had my dynamic IP earlier... what good purpose would reporting those innocents to their ISP's have served??? ... no harm, just a little scare, for a minute. OK. I just made my point. I'll shut up, now. Steve's still dead wrong. You ask that the reporting feature be linked to a help file and a whois utility... and offer some advice on your scan site, for heaven's sake... you DON'T (especially while calling YOURSELF a security expert) ask a security product manufacturer to essentially poke a nice, big HOLE in their products just to accomodate your huge ego. Heck, I hear that "krACkZ iz US.KoM" caught wind of this, and wants a special rule in there for their latest experimental trojie... hey, equal time and all that!
--
Man will occasionally stumble over the truth, but most times he will pick himself up and carry on. - Sir Winston Churchill |
|
 GomezExile in waitingPremium,Ex-Mod 06-11
join:2001-02-21
Atlanta, GA | reply to tnm456
Re: Letter to GRC I also have the utmost respect for both Steve and GRC.
But after reading the buzzword friendly nanoprobe information (»grc.com/np/np.htm) I decided I need to activate the marketing/ego filters when reading the site.
--
Before you criticize a man, walk a mile in his shoes. Then criticize, you're a mile away, and you have his shoes. |
|
 2kmaroThinkPremium,ExMod 1 BC
join:2000-07-11
ColossalCave | reply to gwion
Re: Steve Gibson - All Bent out of Shape?? I don't know how the 3 mentioned programs display their alerts (I have ClearZone, but don't use it since getting ZoneAlarm Analyzer). So who knows what level of drama they provide when reporting on things.
The problem here is that Gibson's test probes the 10 or so most likely targets of simple assaults. Not much you can interpret them as except attacks.
ZoneLog Analyzer at least makes an attempt to distinguish between "attack", "harmless", and "unknown". It is still up to the END USER to make the final determination. There is only limited information available to the firewall and firewall log analyzer: IP and two ports (source and destination). So what can you tell from all of that? Geeze!
I've got my own home made equivalent of ZoneLog Analyzer and it also has a feature that allows me to exclude IPs from the displayed reports. But I choose which IPs to put in that list, and have the option to review them periodically. And mistakes are going to be made.
Now, I'll give you a  red-faced example: I once reported a site for attacking me based on the results of ZL Analyzer. I even took the precaution of looking up the IP via SpamCop. However, the IP did not resolve to a 'user name', and all I got was the provider: UU.net. UU.Net did not ring a bell, so I lodged a complaint. OOPS! Next thing I know, I get an email from some guy named JUSTIN with a little comment about having lodged a complaint against their Bronze Line Monitoring service!! Oh well... Now the IP does provide a name to go with it, that helps. But all the safeguards in the world are not going to prevent honest mistakes from being made.
But locking in IPs to be excluded from reports? No way. |
|
| reply to 2kmaro
I believe it should be pointed out that all the responses I see here seem to be based solely on Ben Brady's inflammatory "press release".
But no law says you have to be objective. So have at it. |
|
tnm456
join:2001-01-28
Connellsville, PA | said by pchelp:
I believe it should be pointed out that all the responses I see here seem to be based solely on Ben Brady's inflammatory "press release".
Sir Pchelp,
If you would read my prior posting, you will see that
not everyone is taking a view against Steve Gibson.
I thought I made it known that I would like to have
Mr. Gibson or a company rep. respond to this allegation.
GRC's comments are welcome here.
I am sure I am not the only person that would like to
hear their point of view in this matter.
--
Many links for Broadband security issues: »www.cvzoom.net/~nitemare/index.htm |
|
2kmaroThinkPremium,ExMod 1 BC
join:2000-07-11
ColossalCave | reply to pchelp7
pchelp - The fact that the info has been 'one sided' has been noted elsewhere in this thread, please review this comment:
»Steve Gibson - All Bent out of Shape?? |
|
MeeToo7You Too?Premium
join:2000-10-18
Ardmore, PA
| reply to shazaam
said by shazaam:
A lot of spirited discussion going on about this on the GRC discussion group site. Surprisingly, since Gibson owns the site, much of it is very clear-headed.
»grc.com/x/talk.exe?cmd=xover&gro···feedback
[text was edited by author 2001-03-04 21:39:23]
Shazaam, thanks for the link. I've read through several threads and according to some, Gibson and Brady have had personal wars on security issues before. Apparently Brady used to post on Gibson's site. This could very well be an emotional war of egos between the two. If that's the case, I'm going to sit on the sidelines and watch the match quietly and see what comes out of it
BTW, one poster made a comment suggesting that Brady's log analyzers give the user the choice to add a range of IP's to ignore. I assume something like ZoneAlarm does in the Advance options. I've never seen ClearICE or ClearZone, I don't know if they have that feature, but if not, that's a very legitimate issue and a feature that should be added, IMO. Brady could code that in, and Gibson could warn people using his probe site of those alerts, and everyone would be happy. If both parties could swallow their pride, ofcourse.
--
. |
|
Anon | reply to 2kmaro
Well Well Well Steve way to go you have got a big head Ive got an idea Why dont you first blame yourself.I know it is a matter of pride.I have an idea put a warning before scanning to state your ip number 207.71.92.221 and warn people about the logging of Firewalls and to not report.I believe their are way to fix problems sometimes in life Steve you have to look in the mirror and except some responsiblity for your own actions as well,its not always other peoples problems.I thought people would use common sense I guess Im suprised as well to hear people are reporting or reacting to quickly without doing the proper checks for themself.In any event I am going to quite using his site till he can accept some responsiblities for his own actions as well.Theres plenty other Scans you can use |
|
 WildcatboyPremium,Mod
join:2000-10-30
Toronto, ON
kudos:2
Security Product V..
Security
| reply to MeeToo7
The problem here is that Gibson is not the only one doing scans. There are numerous sites doing the same thing but he is asking for special treatment. If Brady must exclude Gibson's IP address then he must exclude DSLR's and dozens of other IP addresses. When will it stop? If I start a web site tomorrow and do a port scan, can I ask Brady to do the same for my IP as well? There are several hacker's sites that do scans. I bet some of them do a little bit of sniffing around for themselves as well. So now what?, Should we exclude their addresses as well.
The problem I see here is that Gibson is asking for Special treatment because he thinks he is more important than others. Besides I don't own Brady's software but Gibson's address shows in my firewall log. If I decide to send a complaint using ZA's log, is he going to tell the world not to use ZA anymore. How about Norton's log and Tiny's log and ... . I am trying to be objective but it gets harder and harder to do so, specially when I don't read anything from Gibson to see what his point of view is.
--
You can catch the Devil, but you can't hold him long. |
|
2kmaroThinkPremium,ExMod 1 BC
join:2000-07-11
ColossalCave | reply to MeeToo7
MeeToo - Have to distinguish between the firewall product and the firewall log utility here. It is not the firewall itself that Gibson is griping about, it is the reporting tool(s).
I just checked my copy of ClearZone, the tool that does the analyzing of the log, and there is not an option to exclude IPs from reporting at all.
With ZoneLog Analyzer, there is an option to "TAG" an IP as Friendly or Unfriendly. Seems I recall suggesting this to Matt sometime back and he agreed it was a good idea. This is the kind of thing that Gibson is looking for Brady to include in his logging.
The thing here, like WCB says, are the analyzer makers supposed to keep up with all of the sites doing security probes? It would seem that Gibson doesn't care so long as HIS site's IP gets golden treatment. Hogwash!
Gibson and Brady seem to have some animosity and Gibson is trying to weild his 'power' to force Brady to make changes to his software. The problem does NOT demand a software solution.
Bottom line: I like ZoneLog Analyzer better than ClearZone anyhow!;) It has the option in it already that Gibson wants from Brady - now, what happens if I don't stick Gibson's IP in it? See - it still boils down to the End User dealing with the problem, not the programmers. |
|
Anon | reply to 2kmaro
I appreciate the comments left by those folks who felt that hearing only Ben Brady's side of this story might not be completely fair.
After a flurry of private eMail Friday with Ben, during which both sides of the dialog became increasingly heated, it was pretty clear that Ben and I were at an impasse.
It was then that he unilaterally wrote and published a one-sided document -- quoting me well out of context -- and naturally expressing his side of our "dispute".
He told me that "I'd be sorry" ... and I suppose he was right, since I am. But I'm not sorry for the reasons he imagined, since I'm not much worried about the consequences of Ben's publication. I'm more saddened that we have been unable to reach an amicable resolution.
Ben publicly posted over in comp.security.firewalls (where you can see and verify it for yourself) that he would be willing to update his programs to prevent their generation of false and incorrect eMail reports from contact with my ShieldsUP! servers ... if I were to pay him $20,000. But, frankly, that seems out of line to me, and perhaps a bit like extortion.
Like many of you here, who apparently feel that my ego has expanded to take over the West Coast (except I suppose that Bill Gates is here too , Ben's real issue seems not to be as much about security reporting problems, but more about my public dislike for BlackICE Defender, which I have publicly stated I think "cries wolf" too much and scares folks. He and I have gone around about that before, and he seems to still be annoyed with me for that reason.
But, in any event ... I had hoped that this whole mess would blow over and resolve itself. But having just discovered this thread at DSL Reports, it seems that I will be forced to create and post a public statement to explain and defend myself against the decidedly one-sided portrayal which Ben has created.
In the meantime, I wrote a note over in comp.security.firewalls yesterday, which I'll copy here so that you can get some sense for my position in all this.
And to those of you who expressed some acknowledgement for everything I've freely given to the Internet security community over the past year and a half, and the greater PC community during the past fifteen years ... thanks for the thanks.
Steve Gibson. |
|
