Broadband Tech > Security > Security > Steve Gibson - All Bent out of Shape??

Steve Gibson - All Bent out of Shape??

BTW: If anyone notes that all of this has a flavor of two kids on the block refusing to yield right of way on the sidewalk, as:

Move over!
No, YOU move over!
Make me!
No, YOU make me!
You can't make me!
You can't make me either!

Well, I have to agree, I see more than a touch of that here.

reply to 2kmaro
hehe,
Jeez, wouldn't a simple warning message stating:

Use of this scan requires tcp packets be sent to your machine. These will show up on firewall log's as an attack.
Please disable logging during this portscan or disregard packets form IP xx.xxx.xx.xx

Seems pretty clearcut to me.
What a big deal about nothing. Does Justin hear about complaints to secure.me about the portscan's from this site?
I would imagine a little education to the folk's asking for the service would go over better than harassing software developers trying to enhance the firewall log understanding.
Sheesh.......
--
nam et ipsa scientia potestas est
SCooTER2

reply to 2kmaro
Now I can get some sleep. I had one vote left thanks 2k, I can see Steve's point but the threats???? sad sad sad.
--
Rogaine on my hard drive didn't eliminate the bad spots

I think Gibson is trying to push them out of business - so that his pay-for-play service can take over. Perhaps he has dreams of becoming a Baby Bill G.??

Rocktagon- a BRILLIANT suggestion - so common-sense oriented that I passed it along to abuse@verio.com myself in a recent email.
[text was edited by author 2001-03-04 02:48:31]

reply to 2kmaro
Yes, two stubborn heads that don't seem to have the sense or grace to work out any number of reasonable accommodations (aka compromises).

For my stupid $.02, I'll go with Steve, though I don't care for the tone very much.

I'd prefer a more matter of fact, "because of the volume of these reports, we will be forced to modify the popular free "Shields Up!" to decline to run on machines using your firewall, unless we (you and us) can come up with a better way to skin this cat.

We're both right.

How can we make this work?

How can "white hat" testers work with "black hat" detectors so we can both benefit the Internet community?

We eagerly await an opportunity to jointly create something even better! *IF* not, very most regrettably, we do not see any other alternative than to act unilaterally."

Well, it's just my sorry ass try at a little sensible diplomacy.
--
Democracy is the worst form of government, except for all other forms of government. - Winston Churchill

reply to 2kmaro
Doesn't this all come down to the end user. You have to use common sense when using any program that analyzes logs that you have on your system. If you request a security scan of your system and get numerous hits, doesn't it make sense to find out where these hits are coming from. You don't blindly start sending out complaints about the offending IP. If you do, then you are the problem not the software. Both of these guys make good points, but I have to believe that Steve is off base here.

Wx

reply to 2kmaro
I knew I never really liked him for a reason. Don't get me wrong. I think he has good information, but as 2K made mention to, I think he has a big head, and maybe he is trying to put someone out of business.

Bill Gates didn't do it by threatening people. He simply made a better product.

Maybe he should put a WARNING on his website that states that it will put instances in your firewall logs. BOY, that sounds like a great idea. Simple too.

Ah hell, that's too easy, and I won't get my 15 mins of fame that way.

If I need info on security...... I come here. Nowhere else. I may be a second or third party to his info. But I'll never be a first.

Thanks for listening to me rant.

reply to 2kmaro
Ahhh, Steve's always getting all bent out of shape. Poor guy needs some tranquilizers. Takes himself altogether too seriously, in my way of looking at things. Good intentions, good advice, mostly, and a service to the community, don't get me wrong, but way to tense, and way too serious about himself. Steve, you're a good fellow; I thank you for making security accessible to the "mainstream" non techie community. However, get a grip. You are NOT the NCSA; you are NOT the NSA; there ARE people out there who are better at this than you are; don't make a career of trying to find fault with everyone and everything; "let he who is without sin," and all that... we all love your page; it's your ego we could do without. On a whole, the first time I saw your page, I thought it was snake oil, just because of all the hyperbole and self-laudatory rhetoric. Lighten up, crack a joke, once in awhile... but, please, stop trying to come off as though you were qualified to teach computer security to the DoD and the NSA, and quit scaring poor little surfers half to death, sometimes. Keep telling them the truth, of course, but take life a little more gently... you won't be able to do anyone any good if you have a massive heart attack at your keyboard from the stress of being caught being wrong, once in awhile... if I took that attitude, I would be dead years ago, for all the times I've been wrong about one or another thing!

That's just my opinion... I like Steve's pages, now that I've read through them, and realize that he's pretty well grounded and sincere in his crusade... but, hey, maybe we should take up a collection and buy him a copy of an old Billy Joel tune... "Angry Young Man?"
--
Man will occasionally stumble over the truth, but most times he will pick himself up and carry on. - Sir Winston Churchill

reply to 2kmaro
A case of swelled head it is. It's more like a joke to me. It's not Brady's fault that some people are idiots. I think Gibson should put his following comments " I and my ISP (Verio) are being SPAMMED with eMail generated by idiot users of your tools which are using ShieldsUP! " on the front page of his web site and then ask those idiots not to use his tools.

So Mr. Gibson just in case you end up reading this thread I like the contributions that you've made but now you are just pissing me off. I guess we should start promoting other on line scans instead of yours. What you need to understand is that there are already several online scans ( Including DSLR's ) and of course the idea of line monitoring is not a new one either and it's not like you came up with the idea. As for the Binding information there are several good sites doing the same and we've been promoting them because they are more clear and easier to understand by those so called idiot users. Now why would we want to come to your site? I'll tell you why, because every now and then you happen to offer some good ideas that are worth reading. Once you discredit yourself like this those ideas are no longer valuable and we no longer need to make that occasional trip to your site and you no longer need to worry about us idiots.

Now all we need is for someone to send Mr. Genius an email to come and read this thread. We might as well post something pointing to this thread on his own site for all those idiot users to read. Boy, a bad case of swelled head it is.
--
You can catch the Devil, but you can't hold him long.

reply to 2kmaro
(My previous comments made from ignorance of the issue are removed.)
[text was edited by author 2001-03-05 10:36:06]

reply to Wildcatboy
I took a look at his page for the first time in quite awhile. hehe... sometimes... anyone remember the character on SNL a few years back? I was picturing it...

Network security... yeah, network security, that's the ticket... I perfected... nooo, I invented that concept, yeah, I invented it... that's it... everyone else learned it from me. Back when I built my... nooo... when I built "the" first firewall... yeah, the first firewall...

Sound like a good parody skit for the next "DSLR Follies?"
--
Man will occasionally stumble over the truth, but most times he will pick himself up and carry on. - Sir Winston Churchill

reply to 2kmaro
So the true essence of Steve finally shines through. Amazing. Sometimes I wonder if he doesn't hype security too much so that he can get a base of paying customers.

He may have contributed a lot on the net, but now everyone else is catching on or has caught on. With Steve's big head, I'm willing to bet it'll burst soon enough.

In true journalistic manner, I would first like to hear Steve Gibsons side on this. I make no judgments either way for now. I would have first tried to contact Steve G. to hear what he has to say, just to be fair.

reply to 2kmaro
Morning everyone,

I think now I can watch some more NBA games rather than having to worry about who will be trying to attack me. (The lakers won yesterday against the Grizzlers?)

Those logs are nice things, and I have been ignoring them for a quiet while. Actually, I have disabled them, when I used zonealarm. I just thought of logs take space, and fragmenting your hard drive.

Thanks for the warning message, 2kmaro. One step ahead.
--
Charter Pipeline MACH 3 Service (1.5mbps/512kbps)
Status: Working excellent! 1532/489!
First hop: Less than 10!

My sentiments exactly. I don't worry about such things too much. I secure my machines as best as possible and i don't keep anything "sensitive" on HDD. All my top secret espionage documents are on Zip Disks.

reply to EmilioG

said by EmilioG:

---

In true journalistic manner, I would first like to hear Steve Gibsons side on this. I make no judgments either way for now. I would have first tried to contact Steve G. to hear what he has to say, just to be fair.

---

reply to EmilioG
EmilioG - Mr. Gibson does not condescend to respond to any emails I send to his office@ address - at least not to date. I kind of figure that his comments in the email to Brady & Associates spoke for themselves in truth. If the email is false, then Ben Brady has opened himself up to a liabel suit, as the intent (if not simply to inform) was malicious. So either the email is true and we've caught Steve out shopping for 10-gallon hats, or it is false in which case Mr. Gibson will soon own a new software house!

I believe you've had luck in contacting Gibson in the past, perhaps once again??

Weird, well I don't think he is THAT busy....is he?
E-mails are the second fastest way to talk to someone, next to phone calls.

We should not always listen to the 'most knowledgable person', but rather think twice about what THEY say, and compare it to many others who have the same interest as 'the best' does.
Maybe thats why I haven't launched my microsoft outlook express yet. E-mail is kinda risky now these days.
--
Charter Pipeline MACH 3 Service (1.5mbps/512kbps)
Status: Working excellent! 1532/489!
First hop: Less than 10!

Maybe he is that busy. I noticed that his 'personal' page on his site hasn't been updated or added to since 1999. LOL! Maybe he hasn't had a life since then??;)