[Am-info] Steve Gibson - Truthsayer and one of my heros

[Gene Gaines]

Microsoft looks more and more like the star performer in a
Texas cow chip throwing contest.  After it begins to rain.

Steve Gibson is an old-fashioned professional programmer
who remembers how to code.  Beautiful man, excellent work.
(I have had one of his disks or downloads on my shelf for
decades.)

Interesting observations he has made about Mickysoft's IIS,
some on his web site at www.grc.com.

Steve Gibson has a free small utility called ID Serve. It
allows Web surfers to easily see whether an e-commerce
site that's asking for their credit card number is or is
not running Microsoft's IIS (Internet Information Server).

And a quote from Netcraft, a research group in England,
reveals serious cracks. "One in 10 of the [IIS] e-commerce
and encrypted transactions sites tested by us had
backdoors in place to allow external attackers to monitor
the systems, or have commands executed on the machines,"
(See www.netcraft.com/Survey/index-200110.html.)  That's
after many, many servers had been patched, but by no means
all.

It's not as if it's impossible to make software that's
more secure. Wim Vandeputte, CTO of Custodix.com, a
provider of trusted services, notes that the OpenBSD
operating system he uses "hasn't suffered from a
remote hole in the default install in over four
years." In a similar vein, Gibson says, "The last
serious remote-code execution vulnerability to hit the
Apache Web server was back in 1997. But IIS has them
monthly." Knowing that you may need to patch a product
next month and again the month after doesn't make you
feel as secure as using a product that's well-tested.
Partially as a result, Apache server software enjoys
twice IIS's market share in Netcraft's latest survey.

Note: the above taken from the Jan. 21, 2002 newsletter
of BRIAN LIVINGSTON: "Window Manager" from InfoWorld.com.

Gene Gaines
gene.gaines@gainesgroup.com
Sterling, Virginia