Steve Gibson picks a fight with Microsoft and The Register

Loud and security-ignorant the pair of us


Security consultant Steve Gibson - whose claims that Microsoft's latest OS, Windows XP, will destabilise the Internet we have covered extensively - has posted another DDoS diatribe following a conference call with the Beast of Redmond's security team.

In an extremely rare occurrence, however, The Register has been clumped with Microsoft and both received a barracking at his hands [isn't that our job? - Ed]. Well, more precisely Thomas C Greene has been clumped with MS.

Claiming that his concerns and complaints about XP have fallen on deaf ears, Steve Gibson states: "and thanks to many other loud and equally security-ignorant voices which are attempting to confuse the industry on this topic, Microsoft shows no intention of responding to this now very visible threat" with part of the text hyperlinked to one of our stories.

Which one? Er, that'll be the "Steve Gibson really is off his rocker" story. This reporter (me) extensively covered Gibson's claims that XP would enable huge denial of service attacks over the Internet due to its implementation of raw sockets.

This will enable hackers to direct spoofed IP packets at particular sites. The theory runs that since XP will have such a huge uptake with technically illiterate people, hackers will be able to load Trojans onto hundreds of machines and then direct them at will. Hence XP will bring down the Net.

Thomas - who does know a thing or two about security - remains utterly unconvinced by this argument however. As he puts it: "malicious kiddies can already take over Windows machines with Trojans like SubSeven and use them for heavy packeting without the owner's knowledge. Raw socket functionality does not in itself make a machine more or less vulnerable to such infection.

"Furthermore, malicious operators can already do heaps of packet damage using Windows clients without spoofing. Gibson is right that spoofing makes packets nearly impossible to filter, but filtering isn't the answer to a severe packet attack, as anyone who's had to deal with one can attest."

In short, Gibson is "talking absolute bollocks".

So, what does Steve have to say about Thomas' comments. Not much, sadly. The inclusion of the story does seem to calm him down however. Starting with a very angry "Microsoft knows nothing about security and are a bunch of idiots" stance, by the time The Register makes an entrance, Steve has put on his reasoned hat and concluded: "Even though perfect security may be - and probably is - impossible to achieve, increasing the difficulty of criminal exploitation is a worthwhile and effective deterrent."

So there you have it. Check it out for yourself here. Ironically, we found out about this latest installment from receiving an email from Steve sent to email group "My press friends". ®

Related Link

Steve Gibson's latest diatribe

Related Stories

Steve Gibson really is off his rocker
Windows XP will make Internet unstable - top security expert
Everything you wanted to know about DDoS attacks
Security expert waves DDoS white flag
Network ICE CTO responds to further BlackICE criticisms
Network ICE hits back over Gibson jibes
Security expert waves DDoS white flag
Everything you wanted to know about DDoS attacks


Other stories you might like

  • Lonestar plans to put datacenters in the Moon's lava tubes
    How? Founder tells The Register 'Robots… lots of robots'

    Imagine a future where racks of computer servers hum quietly in darkness below the surface of the Moon.

    Here is where some of the most important data is stored, to be left untouched for as long as can be. The idea sounds like something from science-fiction, but one startup that recently emerged from stealth is trying to turn it into a reality. Lonestar Data Holdings has a unique mission unlike any other cloud provider: to build datacenters on the Moon backing up the world's data.

    "It's inconceivable to me that we are keeping our most precious assets, our knowledge and our data, on Earth, where we're setting off bombs and burning things," Christopher Stott, founder and CEO of Lonestar, told The Register. "We need to put our assets in place off our planet, where we can keep it safe."

    Continue reading
  • Conti: Russian-backed rulers of Costa Rican hacktocracy?
    Also, Chinese IT admin jailed for deleting database, and the NSA promises no more backdoors

    In brief The notorious Russian-aligned Conti ransomware gang has upped the ante in its attack against Costa Rica, threatening to overthrow the government if it doesn't pay a $20 million ransom. 

    Costa Rican president Rodrigo Chaves said that the country is effectively at war with the gang, who in April infiltrated the government's computer systems, gaining a foothold in 27 agencies at various government levels. The US State Department has offered a $15 million reward leading to the capture of Conti's leaders, who it said have made more than $150 million from 1,000+ victims.

    Conti claimed this week that it has insiders in the Costa Rican government, the AP reported, warning that "We are determined to overthrow the government by means of a cyber attack, we have already shown you all the strength and power, you have introduced an emergency." 

    Continue reading
  • China-linked Twisted Panda caught spying on Russian defense R&D
    Because Beijing isn't above covert ops to accomplish its five-year goals

    Chinese cyberspies targeted two Russian defense institutes and possibly another research facility in Belarus, according to Check Point Research.

    The new campaign, dubbed Twisted Panda, is part of a larger, state-sponsored espionage operation that has been ongoing for several months, if not nearly a year, according to the security shop.

    In a technical analysis, the researchers detail the various malicious stages and payloads of the campaign that used sanctions-related phishing emails to attack Russian entities, which are part of the state-owned defense conglomerate Rostec Corporation.

    Continue reading

Biting the hand that feeds IT © 1998–2022