You have run LeakTest for it to work.
He won't be running it on a Mac, nor is it needed as much.
It's pretty obvious how to turn that stuff off, unlike Winblows.
Gibson knows his s**T. Anyone who codes their windows apps in assembly language is a guru dude in my book!
Gibson Research is a big old phony baloney site.
Steve Gibson is recognized as technically inept by most everyone in the info sec world.
Examples to back up my claim:
http://www.theregister.co.uk/content/4/19925.html http://www.theregister.co.uk/content/archive/24189.html http://grcsucks.com/ All he's good at is marketing himself.
Here's another good tidbit... so much for his incredible programming and security skills.
Malicious use of grc.com
From:
Magni@HammerofGod.com Date: Mon Nov 26 2001 - 11:54:26 PST
Next message: Damieon Stark: "Re: Bug in fetchmail."
Previous message: Ryan Permeh: "Re: Buffer overflow in Python code"
Next in thread: Thorsten Droigk: "Re: Malicious use of grc.com"
Reply: Thorsten Droigk: "Re: Malicious use of grc.com"
Reply: Brad: "Re: Malicious use of grc.com"
Reply: Festive: "Re: Malicious use of grc.com"
Reply: Nicolas Gregoire: "Re: Malicious use of grc.com"
Reply: Everhart, Glenn (FUSA): "RE: Malicious use of grc.com"
Reply: Nicko Demeter: "RE: Malicious use of grc.com"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Greetings:
ShieldsUp(tm) is an application developed by Steve Gibson of Gibson
Research Corporation that allows a web user to request a remote port scan
of their local system via the GRC.Com web site
(
https://grc.com/x/ne.dll?bh0bkyd2). The "Probe my Ports" option performs a scan of many common tcp ports
and reports the status of each port back to the user's browser.
The development of the application and its method of identifying the
client IP address is quite insecure. As a result, ShieldsUp! allows the web
user to
perform a port scan against any other machine on the Internet and return the
results to the web user. The remote system will log the scan as having
originated from one of Steve Gibson's machines.
Gibson has chosen to use a simple hidden tag in the client-side HTML code
to identify the IP address that is passed to the scanning engine. Though
the client's IP address is hashed, it is trivial to alter the value of the
hidden tag in order to request that a different IP address be scanned. The
true IP address is never checked in the HTTP header during the scan -
ShieldsUp happily scans the other box while returning the result set into
the
browser of the box that requested the scan.
Fenris, The Wolf, a member of Hammer of God, quickly reviewed
the hash algorithm used to represent the IP address and found it weak;
therefore, one can easily submit requests, via the Shields Up web page,
for specific IP addresses to be scanned. These findings are not my own,
and I have not included the details of the hash here as it is used to
display a copyrighted page. The Wolf may post his findings if he chooses
to do so, but I will not make that choice for him.
Instead, we can easily bypass the need to crack the hash by simply using
the "IP Agent" supplied by Gibson. Over a year ago, a hacked version of IP
Agent was published that allowed one to supply an address to scan-- Gibson
discounted this as a non-issue, but reportedly fixed IP Agent to perform a
check to prevent this from happening.
However, IP Agent now supports multiple client IP addresses. One simply
needs to bind the targeted IP addresses to a local interface and perform a
scan request. In this case, ShieldsUp presents friendly command buttons
listing the IP addresses bound to the local interfaces and allows you to
select any one that you want scanned. Again, no other checking is done,
and ShieldsUp will scan whatever IP address you ask it to and display the
results in your own browser.
According to the scanning page, "Information gained will NOT be retained,
viewed, or used by us in any way for any purpose whatsoever" which
basically invites anyone to use Gibson's site to do port scans of other
people's boxes without fear of detection.
Additionally, multiple post requests can be easily scripted to perform
scans against a site in attempts to perform a denial of service attack
against a host. In these cases, with sufficient requests generated, one
could ask grc.com to attack another site and it will comply.
One would have hoped that instead of Mr. Gibson spending so much time
expounding on the theoretical DoS capabilities of Raw
Sockets, that he instead had used that time to properly develop his own
application in order to prevent the same. Those concerned with malicious
attacks from grc.com should block Gibson's netblock at the border.
Cheers,
Magni
see post 9 on this thread.
Gibson is a stinker.
an evil genius maybe.....
Ok, I always wonder whether any of these programs do what they say. I used to code in assembler in my other life. Now I'm just a keyboard cowboy. So what do you recommend, wise az?
As appears to be commented on by lots of other self aggrandizing people. So what? A lot of his crap if free, and I've always found him to be a rather stand up dude. What's the ratio of people carping about it who are selling against him?
I tend to suspect people who devote a lot of web time and energy bitching and moaning about other people or their products. They're kinda like all of the rubes on the Yahoo stock message boards who, solely for altruistic reasons[sarc] try to talk everyone and their brother out of purchasing whatever stock the board is meant for.
99% of security stuff is BS and hype anyway, across the board. Turning off the computer when you're not using it takes care of a lot of the problem...
You can think what you like.
The fact remains that his various pronouncements range from technically flawed to seriously inept, which are repeated ad infinitum by barely literate puter industry presstitutes.
I cut and pasted a few of his more barmy pronouncements. Funny that you were more interested in insulting me than in defending Gibsons analysis.
"I agree with you and would do the same. However, writing code to be compatible with MSFT's GUI is not easy. A person that can do it in assembler probably understands it a lot better than someone who takes a high level approach and uses C or C++."
Not a good assumption. The API interface is the API interface. Writing the GUI in an IDE is just common sense in terms of speed of coding and debugging. The hairy bits of the underbelly could have been coded in asm and placed into a DLL. Of course, modern compilers are very efficient, and there is little point to hand optimizing asm routines for desktop applications.
Anyway, Gibson is a poor coder. The last iteration of this "scanner" on his website was abused as an anonymous proxy DOS attack zombie by badguys.
Do better, then.
An IDE has nothing to do with writing the GUI. I have seen the assmbly code do this and it can be coded in Notepad. The assembly code for creating a window is not any more difficult that doing it in C.
A "visual" IDE, on the other hand, is very different. But there are IDEs available for HLA and others. It is all very painfull.
I think MS has the best visual tools available for coding.
"assmbly code do this" should have been "assembly code to do this".