[ale] Please stop spamming the list (Was: Re: researcher develops new secure login procedure)

Jerald Sheets questy at gmail.com
Fri Oct 11 12:23:03 EDT 2013


I think you need to calm the $^&* down.

Steve Gibson is indeed noted as a security researcher, and the company he founded has been doing computer security work since the 90's.  Whether he's any GOOD at it is up for speculation (as he's had a couple of very public flubs), but in the grand landscape of things he knows quite a bit more about security than I do and probably most of us on the list.

The facts are that he's created as many security products as he has utilities, he's an assembly coder that can decompile and read these things like a second language, and has a considerably better handle on all the various security issues out there than a large portion of the landscape.  

The truth is that he's written a number of products aimed solely at security:

Leaktest
Securable
Shoot the Messenger
Unplug n'Pray
DCOMbobulator
and Mousetrap

The truth is that he has a number of web-based utilities aimed solely at security:

Shields Up
Password Haystacks
HTTPS Fingerprints
DNS Spoofability testing
Perfect Passwords
PPP Passwords
and the Security Now podcast

…not to mention being the contributing editor to InfoWorld (when that was a thing) reporting on security and the world of both hacking and cracking.

Pertinent to our list, he makes all his stuff available for FREE (except his original SpinRite! disk product which "pays the bills") in a very FOSS-like availability.


This is yet another occasion on this list of someone pouncing on someone else for trying to be helpful.  

Keep this up and nobody but you will be left here bitching at yourself.  

Relax.  This list isn't that important and neither are you.


--j


On Oct 11, 2013, at 9:29 AM, Michael B. Trausch <mbt at naunetcorp.com> wrote:
> 
> 
> Steve Gibson is not a security expert.  Stop putting him on a pedestal, and PLEASE stop spreading bad information.  That new "secure" login procedure has AT LEAST one fatal flaw, and I think two.  It is not suitable for use, and in fact straight username and password over TLS is more secure.
> 
> At this point, I am respectfully asking you to quiet down on the list.
> 
> The last thread you started was on Windows.
> 
> This thread is invoking Gibson (again), despite much rather on-topic discussion to the fact that Gibson isn't a suitable source of security information.  This is at least the third or fourth off-topic post from you this week that I can recall—and quite impolitely without the OT.
> 
> Please stop spreading bad information and please stop discussing your trials and tribulations with your Microsoft products at all on this list. You can't seem to put "[OT]" in when it needs to be done—so please just stop altogether.
> 
>     Much appreciated,
> 
>     Mike
> 
> -- 
> <ehfbcech.png> 	 Michael B. Trausch
> 
> President, Naunet Corporation
> ☎ (678) 287-0693 x130 or (855) NAUNET-1 x130
> FAX: (678) 783-7843
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20131011/dff9625f/attachment.html>


More information about the Ale mailing list