[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [dvd-discuss] OT: Was Re: Bush taps Clarke - Now: Raw sockets



Actually I think Gibson is pushing your a) and b) below. But your argument 
is well taken. The whole notion that only "safe and approved software 
blessed by the wonderful __________[fill in the blank with microsoft, 
"our" government, NSA, CIA, FBI, GW Bush's best advisors, Steve Gibson, 
Atilla the Cyberhun or other]" does NOT provide security anymore than 
microsoft is providing standards (if they are standards why are they 
changing every two years and providing me with NOTHING more in 
functionality!!!!!!). There's enough stuff already out there that can be 
misused. Gibson's point is to not add more to it. I'm inclined to let 
Microsoft release XP, let the chaos reign and when people realize that the 
chaos can be ended by doing "uninstall windowsXP" maybe people and our 
leaders will wake up, realize the dangers of this monopoly and THEN solve 
start solving the RIGHT problems.






lunatic@hatari.dhs.org
Sent by: owner-dvd-discuss@eon.law.harvard.edu
10/16/01 09:49 AM
Please respond to dvd-discuss

 
        To:     dvd-discuss@eon.law.harvard.edu
        cc: 
        Subject:        [dvd-discuss] OT: Was Re: Bush taps Clarke - Now: Raw sockets


On Tue, Oct 16, 2001 at 08:54:05AM -0700, Michael.A.Rolenz@aero.org wrote:
> Steve Gibson has some interesting comments on raw sockets in WindowsXP 
on 
> this website (www.grc.com).

Mr. Gibson's website has lost any and all credibility with his discussion 
of 
raw sockets.  I have never found Gibson to be knowledgeable about security 
and
technical concerns - the only real purpose he serves is to interest people 
in
security who wouldn't otherwise be interested.

He is showing that he wuite clearly has little to no understanding of the 
issue.  The exploits facilitated by raw sockets are still possible without 
raw 
sockets.  There are numerous spoofing techniques which have the same 
effect.

Perhaps Steve should get on the case of the ISP's who are enabling 
spoofing 
attacks by allowing:

 a) source-routed packets
 -and-
 b) packets with source-IP addresses that do not match the subnet they 
came 
    from

to be routed across their networks.  I should be able to put broken 
packets on
my network.  My ISP should prevent me from putting broken packets on their 

network.

Gibson routinely takes an approach of "keep only safe equipment on the 
net," 
while not contributing to the discussion of "given that we cannot trust 
every
piece of equipment on the net, how do we protect ourselves?"

> Given some of his recent experiences with DOS 
> attacks, I can understand his concerns. There certainly is the potential 

> for widespread misuse given the expected distribution of WindowsXP.

Feh.  It could be done before.  Is Steve going to start arguing that the 
distribution of the DDK be restricted too now...  He's arguing to push raw 

sockets to SYSTEM access only...  well, drivers have that access..

> OTOH, 
> I'm getting pretty tired of hearing about nimda, code red1, code red2, 
etc 
> by the talking heads on the tube and NOT hearing them say "OK the 
internet 
> is down today thanks to another "feature" created by microsoft" 
Everybody 
> keeps reporting on the evil wicked hackers without focusing on the real 
> culprit-microsoft. 

This, I agree with you on.  But, Gibson is not making matters any better. 
He's
yelling and screaming "These people are selling you defective products! 
Here's
my product which will allow you to continue to be bound by the monopoly."

Steve's job is to hawk his own "security" software.

PK