Steve Gibson (computer programmer)

Steven[4] M.[5] Gibson (born March 26, 1955) is an American software engineer, security researcher, and IT security proponent. In the early 1980s, he worked on light pen technology for use with Apple and Atari systems, and in 1985, founded Gibson Research Corporation, best known for its SpinRite software. He is also known for his work on the Security Now podcast.[6]

Steve Gibson
Gibson in 2007
Born (1955-03-26) March 26, 1955 (age 69)[1]
NationalityAmerican
Other names"Steve Tiberious Gibson"[3]
EducationUniversity of California, Berkeley
Occupation(s)Software engineer and security analyst
Known forSecurity Now! podcast on TWiT.tv
Websitewww.grc.com

Early life

edit

Gibson started working on computers as a teenager, and got his first computing job with Stanford University's artificial intelligence lab when he was 15 years old.[7] He then studied electrical engineering and computer science at the University of California, Berkeley.[citation needed]

Career

edit

Gibson was hired as a programmer for California Pacific Computer Company in 1980, where he worked on copy protection for the company's products.[8] He then founded Gibson Laboratories in Laguna Hills, California, in 1981, which developed a light pen for the Apple II, Atari, and other platforms before going out of business in 1983.[9][10][11]

In 1985, Gibson founded Gibson Research Corporation (GRC), a computer software development firm,[9] and from 1986 to 1993, he wrote the "Tech Talk" column for InfoWorld magazine.[12]

In 1999, Gibson created one of the first adware removal programs, which he called OptOut.[13] In 2001, he predicted that Microsoft's implementation of the SOCK_RAW protocol in the initial release of Windows XP would lead to widespread chaos by making it easier for Windows XP users to create denial of service (DoS) attacks.[14][15][16] That year, his company's website was brought down by DoS attacks[7] which continued for two weeks. Gibson blogged about the attacks and his (ultimately successful) efforts to track down the hacker.[7] Three years after the Windows XP release, Microsoft limited raw socket support in Service Pack 2.[17]

In 2005, he launched a weekly podcast called Security Now with Leo Laporte on TWiT.tv, with its archives hosted on GRC's website.[18][19]

In 2006, Gibson raised the possibility that the Windows Metafile vulnerability bug was actually a backdoor intentionally engineered into the system.[20] A response by Microsoft,[21] and by Mark Russinovich on Microsoft's Technet blog,[22] stated that the bug appeared to be coding error and that Gibson's reasoning was based upon Microsoft's abort procedure documentation being misleading.

In 2013, he proposed SQRL as a way to simplify the process of authentication without the risk of revelation of information about the transaction to a third party.[23]

GRC products

edit

GRC has created a number of utilities, most of which are freeware.[24][25]

  • DNS Benchmark, freeware that lets users test the performance of the domain name servers used by their internet service providers.[26]
  • Securable, freeware to test whether a pre-Windows 7 computer is 64-bit compatible. It also tells the user whether Data Execution Prevention is enabled.[27]
  • ShieldsUP, a free browser-based firewall testing service; one of the oldest available[28][29]
  • SpinRite, a hard disk scanning and data recovery utility first released in 1988.[30] As of January 2019 the current version was 6.0,[31] which was first released in 2004.[32] SpinRite is a commercial product, costing US$89 as of July 2021.[31] Gibson's work on SpinRite has led to him being considered an expert on hard drive failure.[33]
  • Spoofarino, freeware released in 2006 and promised since the controversy over the launch of Windows XP in 2001, it enables users to test whether their internet service providers allow them to send forged or "spoofed" packets of data to Gibson's web site.[34]
  • Never10, standalone freeware program that toggles registry values in Windows 7, 8, and 8.1, which either disables or enables Microsoft's Get Windows 10 app and automatic OS upgrade. As of version 1.3, it also triggers the removal of any previously downloaded Windows 10 upgrade files as part of the disable function.[35][36]
  • InControl, stops automatic upgrading of Windows 10 and 11.
  • InSpectre, a utility that examines a computer's vulnerability to the Meltdown and Spectre attacks.[37]
  • InitDisk, a tool that was developed for GRC's SpinRite (6.1), is a safe USB drive formatter that allows the user to reformat any USB device and make it bootable.[38]
  • ReadSpeed, an accurate benchmark for PC mass storage. The tool measures stability and repeatability to a precision of more than 4 significant digits.[39]
  • ValiDrive, a tool that validates whether or not USB flash drives or other Removable media are actually capable of storing the amount of data that they claim to. [40]
  • Ultra-High Entropy PRNG (Pseudo-Random Number Generator) which are critical to any and all computerized operation.[41]
  • SQRL Login Technology (Simple Quick Reliable Login, pronounced “squirrel”) is an open, free, intellectual property unencumbered, complete and practical system to cryptographically authenticate the identity of individuals across a network (..) it can replace all other systems while offering dramatic improvements in usability and security.[42]

Works

edit
  • — (1991). A Passion for Technology, 1986 - 1990 Cumulative Index and 1986. Aliso Viejo, California: Gibson Research Corporation. ISBN 978-1880814864. OCLC 1245623144. OL 28048112M.
  • — (1991). A Passion for Technology 1987. Vol. One. Aliso Viejo, California: Gibson Research Corporation. ISBN 978-1880814871. OCLC 1245623144.
  • — (1991). A Passion for Technology 1988. Vol. Two. Aliso Viejo, California: Gibson Research Corporation. ISBN 978-1880814888. OCLC 1245623144. OL 27971346M. Retrieved 1 January 2022 – via Internet Archive.
  • — (1991). A Passion for Technology 1989. Vol. Three. Aliso Viejo, California: Gibson Research Corporation. ISBN 978-1880814895. OCLC 1245623144. OL 27971314M.
  • — (1991). A Passion for Technology 1990. Vol. Four. Aliso Viejo, California: Gibson Research Corporation. ISBN 978-1880814901. OCLC 1245623144.

References

edit
  1. ^ "Security Now 500". TWiT.TV. Retrieved May 15, 2015.
  2. ^ "Security Now! #76, January 25, 2007, Listener Feedback Q&A #15". Retrieved August 12, 2019.
  3. ^ "Security Now! Transcript of Episode #700". www.grc.com. Retrieved February 12, 2019.
  4. ^ "California Business Search for "gibson research corporation"". California Secretary of State. Retrieved November 3, 2017.
  5. ^ "Security Now! Episode #948 (jump to 2'15)". twit.tv. Retrieved November 16, 2023.
  6. ^ https://www.grc.com/securitynow.htm
  7. ^ a b c Millar, Stuart (June 5, 2001). "Teenage hackers". The Guardian.
  8. ^ Knudsen, Richard (January 1981). "Exec California Pacific: Innovative Marketing Budges" (PDF). Softalk Magazine. 1 (5): 34.
  9. ^ a b Gibson, Steve. "Steve's Resumé". GRC.com. Retrieved February 8, 2015.
  10. ^ Mace, Scott (December 26, 1983). "Hardware: Light Pen Technology looks to the Micro". InfoWorld. p. 61. Retrieved January 27, 2015. The Gibson Light Pen has been developed for Atari home computers.
  11. ^ "InfoWorld Aug 9, 1982 / P13-17". books.google.com. Popular Computing Inc. August 9, 1982. Retrieved February 24, 2016.
  12. ^ "SpinRite upgrade". InfoWorld. October 11, 1993. ...Steve Gibson, whose Tech Talk column has run in InfoWorld for close to eight years...
  13. ^ Lavasoft. "The History of Spyware". Lavasoft.com. Archived from the original on May 8, 2017. Retrieved February 8, 2015.
  14. ^ Radcliff, Deborah (October 22, 2001). "Windows XP: Is it safe?". Computerworld.
  15. ^ Raw Sockets Debate: Steve Gibson with Tom C. Greene. Online Tonight with David Lawrence (video). 2001. Archived from the original on March 4, 2016. Retrieved February 7, 2015.{{cite AV media}}: CS1 maint: bot: original URL status unknown (link)
  16. ^ Fogie, Seth (June 21, 2002). "Raw Sockets Revisited: What Happened to the End of the Internet?". InformIT.
  17. ^ Griffiths, Ian (August 12, 2004). "Raw Sockets Gone in XP SP2". IanG on Tap.
  18. ^ "Security Now! Episode Archive". GRC.com. Gibson Research Corporation. Retrieved February 8, 2015.
  19. ^ Bowers, Andy (December 9, 2005). "Slate's Podcast Roundup". Slate.
  20. ^ "Security Now! Episode Archive". GRC.com. Gibson Research Corporation. Retrieved December 12, 2017.
  21. ^ Toulouse, Stephen (January 13, 2006). "Looking at the WMF issue, how did it get there?". Microsoft Security Response Center. Archived from the original on January 16, 2006. Retrieved October 29, 2021.
  22. ^ Helweg, Otto (January 18, 2006). "Inside the WMF Backdoor". Mark Russinovich's Blog. Archived from the original on December 18, 2006. Retrieved October 29, 2006.
  23. ^ Gibson, Steve (October 2013). "Secure Quick Reliable Login". GRC.com.
  24. ^ Luo, John (March 2004). "Open-source and general public license programs cost little or nothing. Are they right for your practice?" (PDF). Current Psychiatry.
  25. ^ Coolidge, Daniel S. (January–February 2006). "Cyber-Vermin: Dealing with Dangerous Fauna Infesting the Internet". GPSolo Magazine.
  26. ^ Softpedia. "DNS Benchmark". Softpedia. Retrieved February 8, 2015.
  27. ^ Orchilles, Jorge (2010). Microsoft Windows 7 Administrator's Reference: Upgrading, Deploying, Managing, and Securing Windows 7. Syngress. p. 10. ISBN 9781597495622.
  28. ^ Biersdorfer, J. D. (April 6, 2010). "Q.&A.: Torching Your Firewall — On Purpose". The New York Times.
  29. ^ Leonhard, Woody (2005). Windows XP Timesaving Techniques For Dummies. John Wiley & Sons. pp. 429–30. ISBN 9780764596179.
  30. ^ Mendelson, Edward; Stark, Craig L. (October 11, 1988). "First Looks". PC Magazine.
  31. ^ a b "SpinRite". GRC.com. Retrieved February 8, 2015.
  32. ^ Mainelli, Tom (August 2, 2004). "Review: SpinRite 6 to the Rescue". PCWorld.
  33. ^ Anderson, Nate (February 25, 2007). "Experts: No cure in sight for unpredictable hard drive loss". Ars Technica.
  34. ^ Rosenberger, Rob (April 1, 2006). "Steve Gibson finally releases DDoS attack tool". Spyware Point.
  35. ^ Thurrott, Paul (March 28, 2016). "Steve Gibson's Never 10 Helps You Turn Off the Windows 10 Upgrade". thurrott.com. Retrieved April 30, 2016.
  36. ^ "This simple app will block Microsoft from downloading Windows 10 on your PC". businessinsider.com. Retrieved April 30, 2016.
  37. ^ Thorp-Lancaster, Dan (January 17, 2017). "InSpectre will quickly check if your PC is vulnerable to Meltdown and Spectre". Windows Central. Mobile Nations. Retrieved January 17, 2018.
  38. ^ "GRC InitDisk".
  39. ^ "GRC ReadSpeed".
  40. ^ "GRC ValiDrive".
  41. ^ "GRC's | UHE PRNG Demo". www.grc.com. Retrieved August 17, 2024.
  42. ^ "GRC's | SQRL Secure Quick Reliable Login". www.grc.com. Retrieved August 17, 2024.
edit