GRC.com's new projects... opinions? - Page 2
Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 23

Thread: GRC.com's new projects... opinions?

  1. #11
    Junior Member
    Join Date
    Dec 2001
    Posts
    24

    I have 1 last thing to say and I wonder what you will answer. You believe the words of a buncha college dropouts?
    Hm. Well, okay--I will oblige your request and reply, as no one else has thus far. Your biggest hero, JP, is also a college dropout. You believe him when he says things, don't you? My point is that you shouldn't always look at the educational level attained when assessing someone's credibility, especially in the computing world.
    Share on Google+

  2. #12

    Exclamation ?WTF

    I have 1 last thing to say and I wonder what you will answer. You believe the words of a buncha college dropouts?
    - Where did that quote come from?

    Hm. Well, okay--I will oblige your request and reply, as no one else has thus far. Your biggest hero, JP, is also a college dropout. You believe him when he says things, don't you? My point is that you shouldn't always look at the educational level attained when assessing someone's credibility, especially in the computing world.
    - Well I for one, didn't request for you to reply to this statement/quote.. or this thread for that matter. I think you have the wrong form. You must be looking for "General Bullshit".. Did you even take the time to read what this thread was about? I seriously doubt it. My biggest hero, eh? Heh, sure. Indeed certificates, degrees, and a college education are not required they are usually attained FOR someone's credibility or career field. In either case, you seem to have the education level of a HS freshman so I'm no longer going to debate this with you.

    Remote_Access_
    Share on Google+

  3. #13
    AntiOnline Senior Member
    Join Date
    Oct 2001
    Posts
    514
    I am going to dodge the rediculous previous comment made and continue on in the named thread subject.

    GRC.com has been nothing but a help to me. Gibson has released great programs aimed at making one breathe a little easier.

    As stated above, so what if he was wrong on one thing (DDoS)? No man is perfect, and people today are so unforgiving...
    [shadow]uraloony, Founder of Loony Services[/shadow]
    Visit us at
    [gloworange]http://www.loonyservices.com/[/gloworange]
    Share on Google+

  4. #14
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    From what I understand of Gibson's current implementation, his stack would be vulnerable to "token" replay:
    Someone could establish a legitimate connection from a public computer (ie: from a different IP), capture the SISN, the reuse that SISN on a fake packet (setting the packet's client addy as the one from the public computer used)...

    Even if the key is changed every reboot, web servers are meant to be up for long periodes of time, leaving a good window of opportunity... I guess someone could also automate this process using trojaned computers and exchanging IPs & SISN between them...

    *disclaimer, I might be wrong but this is what I'm seeing...

    On the editorial side, what bothers me with Gibson is his quick bold (in both ways) absolute statements, declaring things perfect before peer review... Just have a look at the last (third) page, he had to appologize because he was too quick with his words... And also of course the formatting of his papers... Usually in the IT community, you *suggest* new ideas and standards in a emotion free paper that states only facts which is easy to (peer) review... Gibson on the other hand rolls out the marching band and loud speaker vans to announce to the world that is great (sorry for the emotion, but that shows my point).

    Ammo
    Share on Google+

  5. #15
    Junior Member
    Join Date
    Dec 2001
    Posts
    24
    This post in reply to remote access.
    (I've come to the conclusion that I should explicitly say when I am replying or not replying to one of RA's posts, as he seems incapable to comprehend that he is NOT the only quotable person on this forum.)


    - Where did that quote come from?
    It came from focmaester's last post. Did you not read it? Are you not reading every single one of this thread's posts like a happy antionline camper?


    Well I for one, didn't request for you to reply to this statement/quote.. or this thread for that matter. I think you
    have the wrong form. You must be looking for "General Bullshit".. Did you even take the time to read what this thread was about? I seriously doubt it.
    Listen, you crackhead. This post had absolutely nothing to do with you or anything you've posted. Where do you come off thinking such? You are hardly the center of my universe, hell; you're hardly the center of my antionline universe. JP has purchased his own universe, right?

    You've attacked me for not reading this thread, and yet you seem to have skipped over other people's posts. I for one have read all of them. I am a good, informed antionline user, one who makes posts after having taken the whole thread into consideration. You, friendly friend, are a bad antionline user, you have made a fool out of yourself by ironically attacking me for things you, not I, are responsible for.

    Which one of us is in highschool? Which one of us is an idiot?


    ...so I'm no longer going to debate this with you.
    Debate? You're hardly worth debating with. My sixteen year old sister is a much better debater than you are, we sometimes engage in hour long debates about a variety of subjects. Do you pretend to think that you can truly ever keep up with me?

    How's your SQL coming along?
    Share on Google+

  6. #16

    You again?

    This post in reply to autumn regret/hehbris//chemical/oblio/etc.

    I've come to the conclusion that I should ignore those previously stated aliases.. after this post

    It came from focmaester's last post. Did you not read it? Are you not reading every single one of this thread's posts like a happy antionline camper?
    - If I read it I wouldn't of asked you where you got the quote. So no, I didn't read it. I didn't happen to read EVERY post werd for werd.. I was too busy posting something of VALUE, something that may HELP someone instead of replying with some ignorant statement with NOTHING to do with GRC..

    Listen, you crackhead. This post had absolutely nothing to do with you or anything to do with what you've posted. Where do you come off thinking such? You hardly the center of my universe, hell; you're hardly the center of my antionline universe. JP has purchased his own universe, right?
    - Crackhead?.. You seem to be sadly mistakeing. It's a figment of your imigination. Did you take your medication today? Where in my post did I state that I were the center of your "AO universe"? That must be another figment of your imigination.. Well, I wasn't aware that JP purchased a universe but what ever.. Did you forget to take your medication this morning?

    You attack me for not reading this thread, and yet you seem to have skipped over other people's posts. I for one have read all of them. I am a good, informed antionline user, one who makes posts after having taken the whole thread into consideration. You, friendly friend, are a bad antionline user, you have made a fool out of yourself by ironically attacking me for things you, not I, are responsible for.
    - Blah blah blah.. Big deal. I happened to miss ONE post. Not everyone spends all day on AO reading EVERYONES post.. Oh no, I'm a bad AO usr.. Shame on you RA.. Muhaha

    Which one of us is in highschool? Which one of us is an idiot?
    - Hahaha, well I'm neither so that only leaves YOU.

    Debate? You hardly worth debating with. My sister year old sister is a much better debater than you are, we sometimes engage in hour long debates about a variety of subjects.

    How's your SQL coming along?
    - I'm not werth debateing with, eh? Then, why did you reply? You don't have to debate this with me.. go argure with your year old sister. She seems to share the same attention spand and mental capability as you. What do you spend hours upon worth less hours debateing with a one year old?.. As for my SQL class.. It's going good. What languages did you say YOU were learning? Here's an example of an SQL statement for you..

    SELECT *
    FROM Jackasses;

    SQL Query Results
    autumn regret, hehbris, chemical, noble hamlet, & oblio
    Share on Google+

  7. #17
    Senior Member
    Join Date
    Jul 2001
    Posts
    343

    Red face Steve Gibson

    Hi There;

    If it was not for the posts on www.grc.com about the nasty
    hole in IIS, several customers could have lost there complete
    data base including credit card info.
    Microsoft never tell you straight info, they bury it
    in a bunch of legal jumble and links....
    There is still a number of IIS servers out there with the hole
    but it is the fault of the systen admins not to patch it.

    Now with the Holes in XP like raw sockets and
    Unversal Plug and Play that has been spread
    around ... Thanks to Steve

    Steve Gibson does a GREAT JOB!
    My kudos to Steve.
    Keep up the good work Steve!!
    Franklin Werren at www.bagpipes.net
    Yes I do play the Bagpipes!

    And learning to Play the Bugle
    Share on Google+

  8. #18
    Senior Member
    Join Date
    Nov 2001
    Posts
    472

    DOS attacks

    I checked around and found out this has been discussed on Linux Kernel Mailinglist. It seem Gibsons solution wouldn't work, and would open up to new forms of attacks.


    Check out


    http://www.uwsg.iu.edu/hypermail/lin...12.2/0787.html


    http://www.uwsg.iu.edu/hypermail/lin...12.2/0799.html


    http://www.uwsg.iu.edu/hypermail/lin...12.2/0882.html
    ---
    proactive
    Share on Google+

  9. #19
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    It'd be nice to see something done at the tcp/ip stack level to ward off some of the DoS and DDoS attacks. Considering they come from script kiddie programs (a majority), it should be relatively easy to reverse-engineer what they hit, counter with a dynamic algorithm to block the attack (drop packets), and set up rules for watching said IP. Seriously good hackers who do programming could work around a lot of those fixes but I don't see very many true hackers running DoS against machines so I'm not too worried about what the script kiddies say they'll do in response (it has to be something inherently stupid of course).

    Perhaps a good tcp/ip stack would have the ability to drop packets from an IP based on rulesets. This is great for things like netfilter where you can set up rules and can be integrated into the kernel, but I'm not sure what you'd do with Winblows. As it is, firewalls have to get better otherwise there's going to be more holes in them than 10 pounds of aged swiss cheese. One of these days I'm gonna get my rulesets up for ipchains...it might help someone out.

    One thing I didn't like about this post (the second link) was this:
    The foundations of this person's scheme simply cannot work.
    Instead of just trashing it, why doesn't this "David Miller" offer some insight on how to make it work or offer other ideas? I can't stand idiots that just trash someone's "idea" without some form of instruction on what they *could* do to make it work, better, etc...
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.
    Share on Google+

  10. #20
    Senior Member
    Join Date
    Jan 2002
    Posts
    682
    regardless of gibsons style and or ability...i'd say if he does nothing else for the rest of his career..he's done the whole internet community a huge service...he's made people realize that security matters...and i'm not talking about any of <you> ...i mean joe shmuck with the always-on who, until shields-up, had no idea that his computer was an open book..

    i con't comment on his new projects...i'm not qualified...but...he writes tiny useful and for the most part -free- windows progs...if M$ had written leakstest it would have been 6.5 megs and cost 99 bucks...with a $24.95 upgrade fee...so ya he is a media guy with a considerable ego...but i'd say the net's a bit better and safer place because of his work...
    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides