[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[dvd-discuss] OT: Was Re: Bush taps Clarke - Now: Raw sockets

To: dvd-discuss(at)cyber.law.harvard.edu
Subject: [dvd-discuss] OT: Was Re: Bush taps Clarke - Now: Raw sockets
From: lunatic(at)hatari.dhs.org
Date: Tue, 16 Oct 2001 10:49:44 -0600
In-Reply-To: <OFC360D6BB.352ABED5-ON88256AE7.005653F4@aero.org>; from Michael.A.Rolenz@aero.org on Tue, Oct 16, 2001 at 08:54:05AM -0700
References: <OFC360D6BB.352ABED5-ON88256AE7.005653F4@aero.org>
Reply-To: dvd-discuss(at)cyber.law.harvard.edu
Sender: owner-dvd-discuss(at)cyber.law.harvard.edu
User-Agent: Mutt/1.2.5i

On Tue, Oct 16, 2001 at 08:54:05AM -0700, Michael.A.Rolenz@aero.org wrote:
> Steve Gibson has some interesting comments on raw sockets in WindowsXP on 
> this website (www.grc.com).

Mr. Gibson's website has lost any and all credibility with his discussion of 
raw sockets.  I have never found Gibson to be knowledgeable about security and
technical concerns - the only real purpose he serves is to interest people in
security who wouldn't otherwise be interested.

He is showing that he wuite clearly has little to no understanding of the 
issue.  The exploits facilitated by raw sockets are still possible without raw 
sockets.  There are numerous spoofing techniques which have the same effect.

Perhaps Steve should get on the case of the ISP's who are enabling spoofing 
attacks by allowing:

 a) source-routed packets
 -and-
 b) packets with source-IP addresses that do not match the subnet they came 
    from

to be routed across their networks.  I should be able to put broken packets on
my network.  My ISP should prevent me from putting broken packets on their 
network.

Gibson routinely takes an approach of "keep only safe equipment on the net," 
while not contributing to the discussion of "given that we cannot trust every
piece of equipment on the net, how do we protect ourselves?"

> Given some of his recent experiences with DOS 
> attacks, I can understand his concerns. There certainly is the potential 
> for widespread misuse given the expected distribution of WindowsXP.

Feh.  It could be done before.  Is Steve going to start arguing that the 
distribution of the DDK be restricted too now...  He's arguing to push raw 
sockets to SYSTEM access only...  well, drivers have that access..

> OTOH, 
> I'm getting pretty tired of hearing about nimda, code red1, code red2, etc 
> by the talking heads on the tube and NOT hearing them say "OK the internet 
> is down today thanks to another "feature" created by microsoft" Everybody 
> keeps reporting on the evil wicked hackers without focusing on the real 
> culprit-microsoft. 

This, I agree with you on.  But, Gibson is not making matters any better.  He's
yelling and screaming "These people are selling you defective products!  Here's
my product which will allow you to continue to be bound by the monopoly."

Steve's job is to hawk his own "security" software.

PK

PGP signature

References:
- Re: [dvd-discuss] Fwd: Bush taps Clarke as CyberdefenseChief
  - From: Michael.A.Rolenz@aero.org

Prev by Date: Re: [dvd-discuss] Fwd: Bush taps Clarke as CyberdefenseChief
Next by Date: Re: [dvd-discuss] Hang the RIAA in their own noose.
Previous by thread: Re: [dvd-discuss] Fwd: Bush taps Clarke as CyberdefenseChief
Next by thread: Re: [dvd-discuss] Fwd: Bush taps Clarke as CyberdefenseChief
Index(es):
- Date
- Thread