Sign up for our newsletters   

Baltimore City Paper home.
Print Email


Socket Man

By Joab Jackson | Posted 6/20/2001

I dig renegade computer-security consultant Steve Gibson. Not only is the dude a great storyteller but he's the best Net advocate out there, a regular Abbie Hoffman of the binary age. Still, his latest crusade has me wondering if he isn't starting to value Microsoft-bashing over basic honesty.

On May 4, the Web site for Gibson's company, Gibson Research Corp., suddenly dropped off the Internet. It was being subjected to a distributed denial of service (DDoS) attack--the same kind that temporarily crippled Yahoo! and early last year--in which a site's server is crushed by a huge number of phony requests coming from all over the Net. Fortunately for GRC, this kind of attack can easily be thwarted with a bit of smarts--and Gibson has plenty of those. He knew that all his service provider had to do was have its routers read the packet headers of the phony requests to identify the return addresses, then filter out everything arriving with those addresses. Once he got the right engineer on the phone, was back in business.

Gibson didn't stop there, though. Examining the packets, he found that his site had been bombed by 474 computers, all running Windows, and all unwitting slaves to a remotely installed "zombie" program, unbeknownst to the PCs' owners. suffered from five more attacks that month, and Gibson eventually tracked down the vandal (by getting a copy of the zombie program from one of the folks whose computer had been enslaved). It's hard to say what's more disturbing--that the perp was a 13-year-old from Wisconsin, or how easy it was for this kid to undertake such a project.

Gibson wrote up his adventures in the adolescent-hacker underground in an essay, "The Strange Tale of Denial of Service Attacks Against GRC.Com". It's one of those irresistible, take-an-afternoon-off-to-read essays on computer culture that appear on the Web from time to time, in the same league as Eric Raymond's "The Cathedral & the Bazaar", Neal Stephenson's "In the Beginning There Was the Command Line", the Son of Gomez's "The Xenix Chainsaw Massacre", and the anonymously penned cyberpunk-goes-to-Oz parody "The Guru of News" . But if Gibson initially milked his ordeal for entertainment, he has since directed his energies into a tirade against Microsoft's new operating system, Windows XP, which won't even be out until the fall. In a subsequent essay, "Why Windows XP Will Be the Denial of Service Exploitation Tool of Choice for Internet Hackers Everywhere" (, Gibson asserts that once XP hits the streets, it'll be even easier for hackers to wreak serious havoc.

"Windows XP is the malicious hacker's dream come true," Gibson writes. He was only able to tell where his attacks were coming from because, with current Windows systems, it is impossible to forge a computer's Internet address, making it easy to filter out packets with those addresses. XP, however, will come with a programming feature called "raw sockets" support, which can be used to forge phony Internet addresses. Once XP is in widespread use, Gibson predicts, the zombie programs hackers plant via the Internet--the kind that attacked his company--won't be as easily identified, and thus will be nearly impossible to filter out. Without that filtering capability, the victim site can't start heading off the attacks as they're occurring; it's out of commission for the duration of the bombardment.

Or so Gibson argues. Microsoft itself posted a rebuttal, pointing out a few good reasons why XP may not be the risk Gibson claims ("Hostile Code, Not the Windows XP Socket Implementation, Is the Real Security Threat". For one, if hackers really want an Internet-address-spoofing machine, they don't have to wait for XP; Unix and Linux and the new Mac OS X already offer such raw-socket capability. Gibson counters that the sheer number of XP machines that will be out there (with their non-security-savvy owners) will provide far more firepower for hackers--how many Linux, Unix, and Mac OS X computers are there, compared to the number that will be running the soon-to-be ubiquitous XP? But Microsoft rebuts that XP machines will have far stronger security features than earlier versions of Windows--it will be harder for hackers to break into them and plant zombie programs in the first place.

Like I said, Gibson has educated a lot of users about the dangers of cyberspace. His Web site offers the popular free service Shield's UP, a test that checks broadband-connected computers to see how vulnerable they are to intrusion. Many computer users were first alerted to the dangers of broadband when they saw their machines' profiles staring back at them after taking this test. And Gibson's exposure of how Real Audio implanted spy software onto copies of its free-downloading program alerted many that their privacy was being compromised.

Still, as Microsoft-bashing has turned into a favorite sport of journalists everywhere, from The Sun to Slashdot News, it's a bit disheartening to see Gibson needlessly indulge in it as well, however entertaining the story that prompted his fulminating. As for Microsoft, well, let's just hope XP will be as secure as the company claims.

Related stories

Cyberpunk archives

More from Joab Jackson

#Everything (8/19/2009)
A million conversations are going on right now on Twitter--what do they have to say to you

Three Feet High and Rising (7/22/2009)
Expat Baltimore writer and ex-Last Picture Show lead man Louis Maistros weaves a luring tale from New Orleans

Spy Lame (8/27/2008)
A Book About What Your Stuff Says About You Doesn't Reveal Enough

Comments powered by Disqus
CP on Facebook
CP on Twitter