<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 10/11/2013 12:23 PM, Jerald Sheets
wrote:<br>
</div>
<blockquote
cite="mid:A6452982-2076-4226-BEE5-E9DADC202D14@gmail.com"
type="cite">
<div>I think you need to calm the $^&* down.</div>
</blockquote>
<br>
I respectfully disagree.<br>
<br>
I'll also note that this is the last email about Gibson I'll write
on this list—ever. I'm so sick of offering proof that he's a quack
that yes, I'd rather quit the list than have to continue hearing
about his crap more than once.<br>
<br>
Security comes from proper infrastructure and proper application of
primitives, not add-on utilities that nobody can use.<br>
<br>
<blockquote
cite="mid:A6452982-2076-4226-BEE5-E9DADC202D14@gmail.com"
type="cite">
<div>Steve Gibson is indeed noted as a security researcher, and
the company he founded has been doing computer security work
since the 90's. Whether he's any GOOD at it is up for
speculation (as he's had a couple of very public flubs), but in
the grand landscape of things he knows quite a bit more about
security than I do and probably most of us on the list.</div>
</blockquote>
<br>
I don't think there is any speculation at all about it. His history
is self-evident.<br>
<br>
<blockquote
cite="mid:A6452982-2076-4226-BEE5-E9DADC202D14@gmail.com"
type="cite">
<div>The <i>facts </i>are that he's created as many security
products as he has utilities, he's an assembly coder that can
decompile and read these things like a second language, and has
a considerably better handle on all the various security issues
out there than a large portion of the landscape. <br>
</div>
</blockquote>
<br>
No, sir.<br>
<br>
The facts are that he has created a very large number of things,
both software and not. They could only be called security utilities
by Gibson—as they don't increase security at all in most if not all
situations to which they could be applied.<br>
<br>
<blockquote
cite="mid:A6452982-2076-4226-BEE5-E9DADC202D14@gmail.com"
type="cite">
<div>The <i>truth </i>is that he's written a number of products
aimed solely at security:</div>
<div><br>
</div>
<div>Leaktest</div>
</blockquote>
<br>
Re-visiting the page gives lots of bullshit about a utility that
appears to not do as much as nmap, but covers some of nmap's
utility.<br>
<br>
<blockquote
cite="mid:A6452982-2076-4226-BEE5-E9DADC202D14@gmail.com"
type="cite">
<div>Securable</div>
</blockquote>
<br>
A thin wrapper around APIs which already exist on all operating
systems. Yes, that was real hard.<br>
<br>
<blockquote
cite="mid:A6452982-2076-4226-BEE5-E9DADC202D14@gmail.com"
type="cite">
<div>Shoot the Messenger</div>
</blockquote>
<br>
It has been standard advice to disable the utility in the Services
control panel for YEARS now. This application is nothing more than
a call to an executable that disables the service—something already
built-in to the operating system. It adds <b>nothing</b>.<br>
<br>
<blockquote
cite="mid:A6452982-2076-4226-BEE5-E9DADC202D14@gmail.com"
type="cite">
<div>Unplug n'Pray</div>
</blockquote>
<br>
Disabling UPnP on residental networks breaks users expectations, and
with a proper edge device is a perfectly fine system.<br>
<br>
It is standard practice to disable such things in environments which
are to be considered secure, and again, this is nothing more than a
simple wrapper around functionality already provided by the Windows
operating system.<br>
<br>
<blockquote
cite="mid:A6452982-2076-4226-BEE5-E9DADC202D14@gmail.com"
type="cite">
<div>DCOMbobulator</div>
</blockquote>
<br>
DCOM is a vital component to Windows applications. If you don't
want it, don't run Microsoft Windows. Simple.<br>
<br>
<blockquote
cite="mid:A6452982-2076-4226-BEE5-E9DADC202D14@gmail.com"
type="cite">
<div>and Mousetrap</div>
</blockquote>
<br>
Nice! A nifty little tool that does—nothing useful again! It
actually encourages people to keep end-of-life operating systems
around—a practice which as discussed <u><b>MULTIPLE TIME</b><b>S</b></u>
on this list is not suitable for a secure environment.<br>
<br>
I'm not going to even continue—analyzing his stuff is such a waste.<br>
<br>
<blockquote
cite="mid:A6452982-2076-4226-BEE5-E9DADC202D14@gmail.com"
type="cite">
<div>This is yet another occasion on this list of someone pouncing
on someone else for trying to be helpful.</div>
</blockquote>
<br>
I made a respectful request that he stop posting OT stuff at all,
since he can't seem to label it. I seem to recall that this list
reached a concensus on how to deal with OT posts, two or three years
ago. If that's changed, it's time to reopen those discussions—not
whine becuase I (and I am sure others, somewhere) am sick of seeing
OT stuff that isn't marked such.<br>
<br>
— Mike<br>
<br>
<div class="moz-signature">-- <br>
<table border="0">
<tbody>
<tr>
<td> <img src="cid:part1.09060903.01070403@naunetcorp.com"
alt="Naunet Corporation Logo"> </td>
<td> Michael B. Trausch<br>
<br>
President, <strong>Naunet Corporation</strong><br>
☎ (678) 287-0693 x130 or (855) NAUNET-1 x130<br>
FAX: (678) 783-7843<br>
</td>
</tr>
</tbody>
</table>
</div>
</body>
</html>