You missed the important fact: GRC offers a tool for downloading which supposedly is to allow the user to send his IP address to grc so that the grc port scan won't get confused. The problem is that the 'tool' allows one to send ANY IP address to grc. IF it is bundled with a wrapper which is preset to target a specific site, and then made part of the payload of a viri or trojan, a DoS attack can be mounted at the target site. That is what everyone means when they say the grc site has become a supplier of cracking tools for crackers. JLK On Tuesday 11 December 2001 05:01, phil wrote:
Greetings Anders,
I think that Steve <see quote below> is a very intelligent guy, and I although personally I don't really need to use his scanner as I have a shell account, I have used it, and I have told other window user folk who not so fortunate to have a shell, to use his scanner. I get portscanned (with nmap) all the time, is it illegal? While it may be annoying behavior (as we used to say in fidonet), I don't think so, it isn't illegal yet. The only fear here, seems to be the fear spreading as to the evilness of portscanning without detection. And although I agree he(steve) ought to fix that problem, it really only is a scan, not a hack. You would still need to actually attack the target. (methods of which I won't discuss)
Regarding flash, I see a couple gif files to help make his site look asthetic. Some cookies, javascript (which can be turned off), yeah it looks like an original plain paper bag wrapper with cheese normal website. (I think I have more flash on my site) What do you want? All 100% text?
Regarding substance, there's quite a bit of content (substance is what I eat for breakfast) on his site, some of his tricks taught me a thing or two. I go there when I can't remember which dll to delete ( NT4 or 98? I never can remember and the tips and tricks website has way too much advertising) He goes quite in depth about packet sniffing, and a bit about renaming dll's to shut these damned ports off. You probably didn't bother to visit the news server he setup. But portscanning isn't the only thing he does. He is a reverser (that in itself is amazing), a 32bit asm programmer(are you?), he has given software away for free(have you?) Your argument doesn't hold much water in this light. There is content if you are *looking* for it.
I got a friend that knows him personally, (he lives out in Eldorado Hills, California) and I can tell you (according to my friend) he is one nice guy. You can boycott whoever you want, although I think though that your missing the whole point, if you really think about it; the underlying problem is with microsoft's ongoing security problems and their lack of fixing these problems.
In essence, you have your guns pointed at the wrong target. He is just a guy trying to make a living just like anyone else. A lot of folks slammed him when he said XP was going to muck up the web, and frankly I think XP is Vaporware. But that's no reason to attack him, he does have a right, being a US Citizen of freedom of speech, and to try to make a living. The real target ought to be microsoft, because they have consistently proven they are arrogant, and continously make security mistakes, and they refuse to acknowledge there even is a problem. It they fixed all these problems, then Steve's site wouldn't do squat.
I will continue to support him by sending unwary unsavvy windows users his way to check their systems, the good does outweigh the bad in this case. I only hope you actually listen to what I have said, and reconsider your position. I don't think you'd like it if someone started a website called http://anderssucks.com . No I didn't think so. It would be far more productive to ask Anders what the problem is and perhaps give him a solution. Same can be said for GRC. Microsoft on the other hand doesn't play by the legal rules in the first place.
There's too much petty bickering going on, and frankly it's ruining too many business's already. Is the "new business model plan" , to attack other business's and sue them? Is that what the world is come to now? If that's the case then maybe I ought to just pick up some weapons and ammunition and blow away the first bastard that tries that on me. They'd throw me in jail for murder, but hey the problem would be solved if everyone thought like this.
Or maybe, if someone posts a message on SecurityFocus saying you suck, do all the idiots out there go make a
website? Run with the hype. Go with the latest fad. Let's attack the small guy, cause he's easier than the big giant, and he won't do anything about it. I hope I have made my point without flaming anyone (including Anders) I really wish folks could get along and show a little respect to one another. I am not a judge, I try not to judge. Facts are facts.
PS. All the original guy in this thread did was suggest someone scan a box, and he suggested grc.com which is half way fast and dirty way to get the job done, sure there are others out there, many are (one time use) or (pay only) and they are hard to search and find for a beginner. I don't see any suggestions to an alternative free service. And I am not judging your email either, but I am sticking up for Steve.
regards phil
Go to grcsucks.com to see why Gibson should be boycotted. Not only is the site more flash than substance (and very little substance at that), it is also a hacker tool now, allowing anyone to portscan anyone else without fear of detection. All firewalls should block out the grc.com domain.
//Anders