[ale] [Meta] Re: Please stop spamming the list (Was: Re: researcher develops new secure login procedure)

Michael B. Trausch mbt at naunetcorp.com
Fri Oct 11 16:25:19 EDT 2013 

On 10/11/2013 12:23 PM, Jerald Sheets wrote:
> I think you need to calm the $^&* down.

I respectfully disagree.

I'll also note that this is the last email about Gibson I'll write on
this list---ever.  I'm so sick of offering proof that he's a quack that
yes, I'd rather quit the list than have to continue hearing about his
crap more than once.

Security comes from proper infrastructure and proper application of
primitives, not add-on utilities that nobody can use.

> Steve Gibson is indeed noted as a security researcher, and the company
> he founded has been doing computer security work since the 90's.
>  Whether he's any GOOD at it is up for speculation (as he's had a
> couple of very public flubs), but in the grand landscape of things he
> knows quite a bit more about security than I do and probably most of
> us on the list.

I don't think there is any speculation at all about it.  His history is
self-evident.

> The /facts /are that he's created as many security products as he has
> utilities, he's an assembly coder that can decompile and read these
> things like a second language, and has a considerably better handle on
> all the various security issues out there than a large portion of the
> landscape. 

No, sir.

The facts are that he has created a very large number of things, both
software and not.  They could only be called security utilities by
Gibson---as they don't increase security at all in most if not all
situations to which they could be applied.

> The /truth /is that he's written a number of products aimed solely at
> security:
>
> Leaktest

Re-visiting the page gives lots of bullshit about a utility that appears
to not do as much as nmap, but covers some of nmap's utility.

> Securable

A thin wrapper around APIs which already exist on all operating
systems.  Yes, that was real hard.

> Shoot the Messenger

It has been standard advice to disable the utility in the Services
control panel for YEARS now.  This application is nothing more than a
call to an executable that disables the service---something already
built-in to the operating system.  It adds *nothing*.

> Unplug n'Pray

Disabling UPnP on residental networks breaks users expectations, and
with a proper edge device is a perfectly fine system.

It is standard practice to disable such things in environments which are
to be considered secure, and again, this is nothing more than a simple
wrapper around functionality already provided by the Windows operating
system.

> DCOMbobulator

DCOM is a vital component to Windows applications.  If you don't want
it, don't run Microsoft Windows.  Simple.

> and Mousetrap

Nice!  A nifty little tool that does---nothing useful again!  It
actually encourages people to keep end-of-life operating systems
around---a practice which as discussed _*MULTIPLE TIME**S*_ on this list
is not suitable for a secure environment.

I'm not going to even continue---analyzing his stuff is such a waste.

> This is yet another occasion on this list of someone pouncing on
> someone else for trying to be helpful.

I made a respectful request that he stop posting OT stuff at all, since
he can't seem to label it.  I seem to recall that this list reached a
concensus on how to deal with OT posts, two or three years ago.  If
that's changed, it's time to reopen those discussions---not whine
becuase I (and I am sure others, somewhere) am sick of seeing OT stuff
that isn't marked such.

    --- Mike

-- 
Naunet Corporation Logo 	Michael B. Trausch

President, *Naunet Corporation*
? (678) 287-0693 x130 or (855) NAUNET-1 x130
FAX: (678) 783-7843

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20131011/7d847e2a/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jciijdce.png
Type: image/png
Size: 1701 bytes
Desc: not available
URL: <http://mail.ale.org/pipermail/ale/attachments/20131011/7d847e2a/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://mail.ale.org/pipermail/ale/attachments/20131011/7d847e2a/attachment-0001.sig>

More information about the Ale mailing list