Has anybody read this? http://grc.com/dos/grcdos.htm

Scary stuff, especially the bit about WinXP/2000. I noticed his comments about Zone Alarm vs Black Ice Defender. I've nowhere near enough knowledge to assess the truth of what he says, but anyone who can write progs like Spinrite has got to know his stuff.

That is some sweet reading and very worrying especially the BlackIce part. Good job that I don't use BlackIce but other Firewalls which I will not say which exact ones.

I'm using the Zone Alarm freebie with InoculateIT Personal Edition and F-Prot for DOS as a second opinion. I thought I'd be reasonably safe from all the amateur hackers out there, but now I'm a little less certain (gulp).

At least ZoneAlarm came out with a good writeup for dealing with these problems and is free unlike BlackIce which failed and is $40.

Natural born poverty-stricken cheapskates like me just LOVE free software, especially when it's better than many of the commercial offerings!

i read this and it chilled my sh*t.
i use Zonealarm and swear by it. i keep a copy on CD and load it on all our customers PC's who have cable modems.

Good information to have.

I'd say this is a must read for all techs.

Originally posted by Mustang:
<STRONG>Good information to have.

I'd say this is a must read for all techs.</STRONG>

I agree, I think. I will let you know when my head quits spinning.

I've seen a bunch of posts on Slashdot and Ars from people claiming "expert" knowledge of hacking stuff saying Gibson doesn't know what he's talking about. My money's on Gibson.

It took a few hours for mine to stop spinning.
hope yours doesnt last that long.

i've seen gibson on techtv a few times...i'm betting he is rite. seems like he really knows what he is talking about.

You know it did make for some good reading.But the one line that got to me was "The days of an Internet based upon mutual trust among interconnected networks has passed".Trust is the key word in this phrase.Damn it was good when only a few had access to it.It really wasn't meant to be set up for shopping,media,Porn,etc.Most of us use it for what it was intended to be used for,info.But knowledge is power,and in the hands of a 13 year old,just...sorry,heads not spining,teeth are cringing in anger.Ok i'm getting off the soap box now,but I could probably write just as lengthy a post,as that article. <IMG SRC="smilies/mad.gif" border="0">

At least Gibson collects evidence and presents it to back up what he is saying. I don't know how anyone can refute that, I don't care how much of an "expert" you claim to be. Anyway, he was able to get under MS's skin a little with that bit on Windows being poorly coded and ruining the Internet.

Originally posted by Jeff the Brit:
<STRONG>I've seen a bunch of posts on Slashdot and Ars from people claiming "expert" knowledge of hacking stuff saying Gibson doesn't know what he's talking about. My money's on Gibson.</STRONG>

I could probably write just as lengthy a post,as that article.

D`ont be shy DJSEARCHING,post your thoughts and let us diseminate them as you seem have done to Gibson`s writings.

No it wasn't anything about Mr. Gibsons piece.Basically my thoughts were on the 13 year old.I mean the statement about a gun in the hands of a child,who probably indeed dosen't know code,or the inner workings of an os.Another basis of my post was,had the internet basically stayed as an info/scientific channel as it was set up,and not a media streaming/home shopping network,then that 13 year old and alot of people like him,would've never been on it.So I'm sorry if my first post was misunderstood.So to clarify,it's a shame a good thing like the net has to go this way.

I'm gonna violate my tech-only posting sabbatical for this one, to point out something that nobody else has (verbally) realized yet:

There's no proof anywhere that this guy actually is 13. He could be 20, 30, 40, or 7. All we have is his own "word" and the word of another hacker that discussed him with Mr. Gibson. Now if it's dead easy for you or me to set up a fake internet personality, then how is that supposed to give your average hacker trouble doing it too?

(In fact, we have no proof of any of this stuff, we are all taking Mr. Gibson's word for it all anyways... Not saying I don't believe it myself, but you get the point)

Here is the Technet article containing Microsoft's response to the claims that XP will make DDoS attacks easier:

http://www.microsoft.com/TechNet/security/raw_sockets.asp
Titled "Hostile Code, not the Windows XP Socket Implementation, is the Real Security Threat"


I did a bit of testing, for what it's worth. I found that XP's "firewall" stood up to Symantec's test, all ports were reported as closed. However, the GRC leak test FAILED. Code running on the pc CAN contact the outside world, aparently unimpeded. That confirms what Steve is saying, there will be problems. The threat is coming from within the PC and unlike ZoneAlarm, XP's firewall, at least in beta2 is apparently unable to stop it.

I will not be uninstalling ZoneAlarm any time soon.

I read the article posted on GRC, and That's what I figured. Windows was the problem. I've even tested some of the exploits against our network here at the office, just to see how we would handle if we were attacked. We failed on some respects, and we passed on others(I'm not going into detail on this as not to expose the network to any risk).

Never the less,finger pointing on either side won't solve the problem.