You may or may not be familiar with the Gibson Research Corporation, but recently with all of its popularity, many people have come to dislike Steve Gibson and his crusade against bad Internet practices. Even so much as to create a site like grcsucks.com. My question to you is if Steve really knows what he?s doing, or if his practices are technologically flawed, inaccurate, and pointless. The reason I?m asking here is because so far it?s basically been a personal grudge-match and flame war between those who listen and those who don?t. Not pretty. Is there any reason to the madness to be found?
GRC vs Reality
- Thread starter Scudtech
- Start date
Nothinman
Elite Member
- Sep 14, 2001
- 30,672
- 0
- 0
Gibson is one of those people that knows just too much to be annoying and dangerous, or atleast he focuses on things that aren't important.
He codes all his apps in assembler to make himself seem smarter than he his, asm is good to know if you program but dumb to use for normal programming.
Everything he talks about is a soap opera, did you see his article about how he infiltrated a hacker IRC channel by reverse engineering a DoS bot?
His crying about raw sockets in XP was just as bad, if not worse, he fails to realize, or atleast mention, that A) you need admin priviledges to use them and B) Win2K has them, and 9X and NT can have them if you install a 3rd party driver, which if you have admin privs on the box you can do easily.
He codes all his apps in assembler to make himself seem smarter than he his, asm is good to know if you program but dumb to use for normal programming.
Everything he talks about is a soap opera, did you see his article about how he infiltrated a hacker IRC channel by reverse engineering a DoS bot?
His crying about raw sockets in XP was just as bad, if not worse, he fails to realize, or atleast mention, that A) you need admin priviledges to use them and B) Win2K has them, and 9X and NT can have them if you install a 3rd party driver, which if you have admin privs on the box you can do easily.
Just a few comments...
Steve Gibson has passion and I respect that. Furthermore, much of his site is written in layman's terms albeit from a soapbox point of view. For this reason alone, I know of at least one very large ISP who directs customers to his site when trying to explain the dangers of not applying the appropriate security patches to their machines. Real security sites like Security Focus and Incidents.org, while much more accurate than GRC, are far too technical for the vast ranks of near computer-illiterate subscribers. So in this respect, if GRC's ranting manages to light a fire under their collective arses to stay up-to-date with security patches, then so be it. Until a group of BOFHs get together to design a security site with the layman in mind, directing them to GRC is probably better than not doing anything.
In the past, I've looked upon Steve Gibson with a sort of bemusement. There are plenty of kooks out there (Alex Chiu anyone?). Here's one who's at least trying to do something good. The three biggest problems I have with Steve Gibson are a) his ego, b) his apparent tendency to work in a vacuum and c) his soapbox approach.
There are already plenty of big egos on the net. D.J.Bernstein comes to mind (like him or hate him, you have to respect his numerous contributions to security and the internet). So adding one more ego to the fire doesn't really really matter. In fact, it's quality amusement when two big egos clash.
His work in a vacuum, though, really gets me. What I mean by that is he doesn't seem to keep track of what's going on in the security world. GRC's recent SYN-attack countermeasures are a perfect example. In his own words he says "I was unaware of previous work in this area" and judging from the problems left unaddressed by his solution, I have to believe him. The problem here is that no "security expert" (and indeed, no programmer!) should operate without following other developments in the community. Had GRC bothered to look around to see if any work for had been done towards combatting SYN attacks he surely would have stumbled upon DJB's and Eric Schenk's SYNcookie method and he would have learned that the Linux kernel has had such an implementation for around years now.
I've already talked about his soapbox approach.
Steve Gibson has passion and I respect that. Furthermore, much of his site is written in layman's terms albeit from a soapbox point of view. For this reason alone, I know of at least one very large ISP who directs customers to his site when trying to explain the dangers of not applying the appropriate security patches to their machines. Real security sites like Security Focus and Incidents.org, while much more accurate than GRC, are far too technical for the vast ranks of near computer-illiterate subscribers. So in this respect, if GRC's ranting manages to light a fire under their collective arses to stay up-to-date with security patches, then so be it. Until a group of BOFHs get together to design a security site with the layman in mind, directing them to GRC is probably better than not doing anything.
In the past, I've looked upon Steve Gibson with a sort of bemusement. There are plenty of kooks out there (Alex Chiu anyone?). Here's one who's at least trying to do something good. The three biggest problems I have with Steve Gibson are a) his ego, b) his apparent tendency to work in a vacuum and c) his soapbox approach.
There are already plenty of big egos on the net. D.J.Bernstein comes to mind (like him or hate him, you have to respect his numerous contributions to security and the internet). So adding one more ego to the fire doesn't really really matter. In fact, it's quality amusement when two big egos clash.
His work in a vacuum, though, really gets me. What I mean by that is he doesn't seem to keep track of what's going on in the security world. GRC's recent SYN-attack countermeasures are a perfect example. In his own words he says "I was unaware of previous work in this area" and judging from the problems left unaddressed by his solution, I have to believe him. The problem here is that no "security expert" (and indeed, no programmer!) should operate without following other developments in the community. Had GRC bothered to look around to see if any work for had been done towards combatting SYN attacks he surely would have stumbled upon DJB's and Eric Schenk's SYNcookie method and he would have learned that the Linux kernel has had such an implementation for around years now.
I've already talked about his soapbox approach.
He focuses on things that arent important and does his best to spread a great deal of inaccurate and dangerous mis-information on his website.... his Shields UP! program is the most blatant example of this.
Most of his claimed innovations have been known and practiced for years by other people in the security world.
He knows just enough to write reasonably intelligently and pass himself off as the 'expert' he claims to be.
Most of his rants are filled with large factual errors though, and usually focused on topics that are pretty much entirely irrelevant in the present security world.
Gibson seems more focused on boasting his already too large ego then in actually doing anything beneficial.
Most of his claimed innovations have been known and practiced for years by other people in the security world.
He knows just enough to write reasonably intelligently and pass himself off as the 'expert' he claims to be.
Most of his rants are filled with large factual errors though, and usually focused on topics that are pretty much entirely irrelevant in the present security world.
Gibson seems more focused on boasting his already too large ego then in actually doing anything beneficial.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 21K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter