Slashdot Mirror

http://grcsucks.com/

Found this gem about Steve Gibson at wirelessforums.org:

Anyone that claims to be a security expert, yet does not participate in any of the security related mailing lists, does not attend security conferences, (does not attend hacker conferences), is not a security expert.

While his advice does have some merit, in most cases, the problems, exploits, and effects are exaggerated far beyond reality and borderning on alarmist.

While he may be right about this issue, you should be sure to check out GRC Sucks before giving him too much credit.

Dissenting opinion. The whole site is an interesting read.

Dissenting opinion. The whole site is an interesting read.

Morons and complete tools will continue to meddle with things they don't understand, put on by fearmongers and people trying to make money.

Case in point: SpinRite. Written by the Internet's most famous fraudster, Steve Gibson.

Some people are so incredibly gullible to his bullshit that it is sad and insane.

You're a fool for believing anything that comes from Steve Gibson.

http://grcsucks.com/spinrite.htm

http://grcsucks.com/spinrite.htm

Spinrite sucks. It's crap. No wonder you think your drives are bad.

Oh, and GRC == Gibson. He's a gimp.
Gibson has a realistic attitude towards educating computer-illiterate users. But, yeah, he can be a fuckwit at times: http://grcsucks.com/
He may know a bit of asm, but he's no +ORC. Am I right or am I right.

Btw, we all know that +ORC dropped off the map because he got a job at MS.

Obligatory http://grcsucks.com/ link, because Steve Gibson ... well, he sucks.

For mentioning Steve Gibson in a post:
http://www.grcsucks.com/

Spin Rite was a great scam. Gibson posited that hard disk magnets weakened over time, so that they would eventually fail. Spin Rite would "correct" them by creating mistakes (indirectly) and then fixing them. Sigh.

Steve Gibson is a total bonehead. His latest moronic idea was debunked on /. just a few days ago.

But it succeeded in getting people to see the name Steve Gibson on a website again. From the plagarizer of SynCookies, the father of Raw Sockets paranoia, comes a new wild and unfounded allegation, WMF bugs put there intentionally to let Microsoft SPY ON EVERYTHING YOU DO OMGWTF!

I can't believe people on the last thread actually took him seriously without looking at his past media whoring failed attempts at security analasis.

Steve Gibson is the Bob Lazar of the security field, only wackier.

Conspiracy theories don't need reasons backing them up

You've got a good point here and it describes the other side of of Steve Gibson. After reading that site, you'll understand his stories are mostly made of popular speak or disinformation, rather then scientifical information.

So while you may admire him for his charisma, you shouldn't for his expertise. Would you e-mail him about an error, he'll silently correct it as if he'd always known it. You won't find him at an official security conference, but in the eyes of his fanbase he remains a god. I can image people are felling for his stories through, his stories make you get excited easily.

http://www.grcsucks.com/

Ah, GRCSUcks, that sounds like a very credible and authoritative site, and judging by the few scraggly articles - just so. Even has some links to Microsoft, where they say everything is hunky dory and Steve is wrong, they are experts on security and brilliant, our OS is hacker proof, XP is the best and most secure OS ever. Uh, yea.. And yet, they did patch their system. Gee, ever think if MSFT just got of their high horse and listened to this guy, he wouldn't have to be an alarmist, but that's apparently the only way you can get the elephant to budge.

If I remember correctly, Steve was briefly famous for claiming the sky was falling based on some changes to how Windows XP was being architected to handle sockets. The hacker community came back around and roasted this guy.

Uh, get a clue, this guy is the hacker. And Microsoft ended up fixing their own code so yeah, guess that really proves this guy is a nut ... NOT.

He's an 'interesting' fellow. Thanks for the security community flashback, Slashdot! It's been a long time since I thought about happyhacker, antionline, grc and the like. :)

No problem. Now I guess you should get busy and patch your system... or maybe you run Linux ;)

If I remember correctly, Steve was briefly famous for claiming the sky was falling based on some changes to how Windows XP was being architected to handle sockets. The hacker community came back around and roasted this guy. He's an 'interesting' fellow. Thanks for the security community flashback, Slashdot! It's been a long time since I thought about happyhacker, antionline, grc and the like. :)

If only Gibson could hack.

I think Microsoft will go after Gibson's reputation.

Even then they would just be embracing/extending someone else's idea.

Like that'd be a tough thing to do...

/ignore

http://grcsucks.com/

Steve Gibson is not a security expert

http://www.grcsucks.com/

This Steve Gibson ?, yeah he is a real security expert, along with his podcast boy wonder we have much to be afraid of

Haha analysed by Steve Gibson, well NOW I feel safe.

Security researcher he isn't (really), but I do respect his ability to code. At any rate, for those who don't know why that's potentially laughable, see the GRC sucks website.

Leo's podcast This Week in Tech features John C. Dvorak and Steve Gibson.

Leo himself never seemed that bad, but he's not that intelligent in regards to technology. He's not someone I personally consider as a reputable source for technology news/discussion; I listened to a few episodes of This Week in Tech and unsubscribed. In general, the show often gave me the same feeling I get whenever I overhear someone saying something flat out wrong about computers, simply because they don't know better.

I don't think that the security community has a unanimously high opinion of Steve Gibson: see http://www.grcsucks.com/ for a counter-point.

Gibson is certainly a gifted self-publicist, but Ill leave others more qualified to comment on whether he is a good security consultant...

Might want to read this and this about SpinRite.

Steve Gibson is a wacko, man.

Might want to read this and this about SpinRite.

Steve Gibson is a wacko, man.

Might want to read this and this about SpinRite.

Steve Gibson is a wacko, man.

From http://www.grcsucks.com/.

Steve Gibson often is referred to as being a "Security Expert", yet one has to see his appearances on *real* security boards/interviews/gatherings. Where was Steve Gibson at Defcon/BlackHat Conference ? Why doesn't he comment/ on Bugtraq or other Security Focus mailing lists ?

The answer is quite simple: he would get nailed down by arguments and facts from real security experts in less then a minute. These persons tend not to be very impressed by self-proclaimed Security Experts and his obfuscation of the real issues and intentions.

As you can read on his resume page, Gibson worked for years as a marketer "Gibson founded a proprietorship specializing in media advertising and public relations" , and that's what he is really good at.

There is usually always an amount of truth behind stories in tabloid newspapers. However, everybody knows that the tabloid newspaper will sensationalise the story to make it sound worse than it already is. Of course they do this to sell more newspapers.

Steve does the same thing, and while he does have a few things to sell, it appears that the main reason he does it is to stroke his inflated ego.

His technique is the same as tabloids - use loaded words to spread Fear, Uncertainly and Doubt among his readers, such that they tend to think that only he knows and understands the whole truth, and only he is the one that will "save them". Notice how he liberally also uses HTML features, such as colour, font sizing and emphasis to highlight some of the loaded words. His DoS attack description could be a canonical example of this technique.

You may be interested in my first attempt at doing it, in regards to the possiblity that your house could be burgled - GRC.com has a new Sheilds UP Test .... It's not that hard to do, and for somebody who lived in a house, yet wasn't aware that they could be burgled, it would be quite scary to find out, particularly in the way I've presented this information.

According to Mr Gibson (from http://www.grcsucks.com/grcdos.htm):- "Operating system kernel-level "packet drivers" are freely available on the Internet. Microsoft even provides a (buggy) sample of such a driver in their own "Platform SDK" (A sample kit for Windows developers.)" He certainly has no idea what the "Platform SDK", is for... I am sure it has no such things as "packet drivers" FWIW, the SDK has headers files, and libraries, and is used for developing application programs for windows. Driver development in MS land requires the MS DDK, an environment for building windows drivers. This Gibson, is sure is ...

For the truth about Mr Gibson, look here

Since you link to Steve Gibson Research, I'll have to link to grcsucks. His (Steve's) views were wrong then, and they're still wrong today. The "raw socket == ddos" argument was thoroughly discredited:

Dissecting Steve Gibson GRC DoS Page
Raw Sockets are not a Security Risk

Bloody, I know about too many old flamewars.

Since you link to Steve Gibson Research, I'll have to link to grcsucks. His (Steve's) views were wrong then, and they're still wrong today. The "raw socket == ddos" argument was thoroughly discredited:

Dissecting Steve Gibson GRC DoS Page
Raw Sockets are not a Security Risk

Bloody, I know about too many old flamewars.

Since you link to Steve Gibson Research, I'll have to link to grcsucks. His (Steve's) views were wrong then, and they're still wrong today. The "raw socket == ddos" argument was thoroughly discredited:

Dissecting Steve Gibson GRC DoS Page
Raw Sockets are not a Security Risk

Bloody, I know about too many old flamewars.

Thousands of people gripe about Windows having this "awful security hole" thanks to misinformation on GRC, and are generally so uptight about information they find on there that they'll cripple their internet connections, wreck the data on their harddrives, and so on...all in the name of being secure! (his entry on http://attrition.org/errata/charlatan.html links to http://www.grcsucks.com/ which describes some of the mania people will go through at Gibson's prompting)

So what happens if MS doesn't pander to them? They constantly get bad press from people who constantly spout off about "security" that they gleaned from the Gibber's site. What happens if MS does pander to them? A few people are upset, but most of the bad press on this issue goes away.

So what should they have done? Wait it out, and take the high road? They've tried that. Educate the users? We've tried that. What else?

Is this mob anything like Gibson Research?
For our sakes I hope not...

Interesting that the Slashdot article Failing Grades For Most Anti-Spyware Tools posted (planted?) in late November gave better marks to the Giant product. I was thereby persuaded to download and install, but my experience didn't at all match the glowing satisfaction the review led me to expect.

Shortly after that review appeared and received wide circulation--in spite of community misgivings about the reviewer--Microsoft announces acquisition of Giant.

So it's a mediocre product which has received a lot of recent good publicity. I see PR fingerprints all over this one.

I wouldn't believe everything Steve Gibson says.

Some amusing Register clippings about him:

http://www.theregister.co.uk/2002/02/25/steve_gibs on_invents_broken_syncookies/
http://www.theregister.co.uk/2001/11/26/steve_gibs on_accidentally_creates_dos/

You might also want to take a look at GRCSucks.com.

While Steve Gibson is known for overblown language, his ShieldsUp does in fact test for open ports.

I stopped reading GRC.com after reading this

Although I wouldn't touch anything related to Real with a 10 foot pole either, there are plenty of more reliable/credible ways to come to that conclusion.

Your links for the c&p impaired:
http://grcsucks.com
http://theregister.co.uk/content/55/24189.html
http://vmyths.com/resource.cfm?id=59&page=1

As a side note, using mocking websites to give actual information does excist. An example of this is the site GRC Sucks dot com | Debunking Steve Gibson exposing a security incompetent.

Did anybyody say grc sucks yet? Somebody has to.

ohh, I see you have quoted an expert there.

Mr Gibson is a fake

Gibson's "Black Ice",

Yes, i'm a nit-picking bastard, but Steve Gibson did not make BlackIce.

From all appearances, I wouldn't trust the man to secure a piece of swiss cheese, let alone government systems. Read his site or visit this other site to get an idea why.

Putting a bit too much faith in ol' Gibson are we? You do know that his site is not, nor should it ever be, a final word in security.

Check out http://grcsucks.com for some possible enlightenment. The man should be considered a marketing machine way before he should be thought of as a security "guru".