Steve Gibson (computer programmer)

From Wikipedia, the free encyclopedia
Jump to: navigation, search
For other people named Steve Gibson, see Steve Gibson (disambiguation).
Steve Gibson
Steve in between shots on Leo Laporte's Call For Help in Toronto (April 2007).
Born (1955-03-26) March 26, 1955 (age 59)
Dayton, Ohio, U.S.
Residence Laguna Hills, California, U.S.
Nationality American
Education University of California, Berkeley
Occupation Software engineer and
security analyst
Known for Security Now! podcast on

Steven Maury "Tiberius" Gibson (born March 26, 1955, Dayton, Ohio, United States)[1] is an American computer enthusiast, software engineer and security researcher. In the early 1980s, Gibson was best known for his work on light pen technology for use with Apple and Atari systems. In 1985, Gibson founded Gibson Research Corporation, best known for its SpinRite software.


Gibson studied electrical engineering and computer science at the University of California, Berkeley. A programmer for California Pacific Computer Company[2] in 1981. He is an advocate of assembly language programming, and prides himself on writing smaller applications mostly in Intel x86 assembly language, including much of the code of the SpinRite hard disk utility used from the beginning of the PC era. He is one of several advocates of optimizing computer programs and reducing the size of their executables. In the 1990s, Gibson began to move into the computer security field, developing and distributing a number of free security tools, including the ShieldsUp! port-scanner, and the LeakTest firewall tester. In 2000, Gibson created one of the first adware removal programs, OptOut.[3]

Gibson Research Corporation[edit]

Gibson Research Corporation (GRC) is a computer software development firm founded in 1985 by Gibson. The company is registered in Laguna Hills, California.[citation needed] GRC has created a number of niche utilities over the years, the foremost of which is SpinRite, a hard disk scanning and data recovery utility.

As of mid-2009 GRC has three employees; Steve Gibson, Greg (technical support) and Sue (bookkeeper). Gibson also founded Gibson Laboratories, Inc. in 1981, a predecessor to GRC.[4][5][6]

One of the significant features of Gibson Research Corporation is that much of Gibson's work is freely available. At this time, only SpinRite is a paid-for commercial product.

Gibson's latest publicly released works are SecurAble, last updated January 14, 2007 and more recently, DNS Speed Benchmark, released September 30, 2010. SecurAble[7] is a program that will tell the user if their CPU supports 64-bit computing, DEP (Data Execution Prevention) and hardware level virtualisation. DNS Speed Benchmark[8] is a utility used for ranking Domain Name Server response times for your location on the internet.

Gibson has completed work on the DNS Nameserver Spoofability Test,[9][10] an online utility used to test whether the systems' configured nameservers are vulnerable to DNS spoofing. This new test joins other free performance optimization and network vulnerability auditing[11][12][13] utilities and configuration guides that Gibson has released through GRC, for free.

In mid-late 2013, Gibson began work on SpinRite v6.1, a free upgrade for existing SpinRite customers. During the course of the work on SpinRite and the research needed to produce the SecurityNow podcast, Gibson announced he had paused work on SpinRite in order to develop and finalize an idea he had been struck with for a new standard for logging into websites. Once the initial idea had been fleshed out, he announced via Twitter and the Security Now podcast the Secure QR Login protocol or SQRL. He has finalized a draft open standard for secure web site login and authentication and is currently coding a reference Windows-based login program for the SQRL protocol.[citation needed]


Gibson was involved with a notable controversy over the Windows Metafile vulnerability,[14] an issue raised in 2006 where a Windows Metafile image could trigger execution of arbitrary code. Gibson analyzed an unofficial patch issued by Ilfak Guilfanov, and publicly speculated both on his podcast Security Now![15] as well as on his website[16] that Microsoft may have intentionally included this vulnerability because of the use of an API called SetAbortProc, originally intended as a mechanism for canceling print jobs, which in his view made no sense. When technology news website Slashdot picked up the assertion, an Internet rumor that Microsoft intentionally built a backdoor to its operating systems was promulgated.[17]

Gibson has been associated with a number of other controversies[18][19] in the computer security field, including his prediction of the "XP Christmas of Death" in 2001 describing the outcomes of Microsoft's implementation of the SOCK_RAW protocol.[20]

Gibson is also known for attempting to replicate functionality of a tool called SYNcookies, written by Dan Bernstein and Eric Schenk, in his own tool called GENESIS, as a preventive mechanism for SYN-flood attacks.[21]



Steve Gibson was, from 1986 to 1993,a weekly columnist (eight years[22] 'TechTalk' column) and Contributing Editor to InfoWorld magazine. He reported on the world of hackers and crackers.[23][third-party source needed]

Techtalk anthology[edit]

  • Gibson, Steve (1991). A Passion for Technology, 1986 - 1990 Cumulative Index and 1986. Aliso Viejo, California: Gibson Research Corporation. ISBN 1-880814-86-2. 
  • Gibson, Steve (1991). A Passion for Technology Volume One 1987. Aliso Viejo, California: Gibson Research Corporation. ISBN 1-880814-87-0. 
  • Gibson, Steve (1991). A Passion for Technology Volume Two 1988. Aliso Viejo, California: Gibson Research Corporation. ISBN 1880814889. 
  • Gibson, Steve (1991). A Passion for Technology Volume Three 1989. Aliso Viejo, California: Gibson Research Corporation. ISBN 1-880814-89-7. 
  • Gibson, Steve (1991). A Passion for Technology, Volume Four 1990. Aliso Viejo, California: Gibson Research Corporation. ISBN 1880814897. 

Broadcast and podcast[edit]

Gibson co-hosts a weekly computer security-focused podcast with Leo Laporte called Security Now!. Gibson has appeared on Leo Laporte's technology podcast, This Week in Tech and also used to occasionally appear on The Lab with Leo Laporte on G4techTV Canada.[citation needed]

See also[edit]


  1. ^ "Steve Gibson". The Official TWiT Wiki. Retrieved August 26, 2014. 
  2. ^ Knudsen, Richard (January 1981). "Exec California Pacific: Innovative Marketing Budges". Softalk Magazine 1 (5): 34. 
  3. ^ Ballister, Robert. "Padre's Corner 19: Ringing in the New Year with Steve Gibson". TWiT. Retrieved 12 January 2015. 
  4. ^ "KoalaPad". ( Retrieved January 27, 2015. The software for the Gibson Light Pen System was developed by Steven M. Gibson of Gibson Laboratories, Inc. for the Apple II computer. 
  5. ^ Gibson, Steven (June 18, 1984). "Behind the Screens: Colors of the Rainbow". InfoWorld. p. 65. Retrieved January 27, 2015. Steve Gibson is president of Gibson Laboratories, of Irving, California, and the developer of the Gibson Light Pen. 
  6. ^ Mace, Scott (December 26, 1983). "Hardware: Light Pen Technology looks to the Micro". InfoWorld. p. 61. Retrieved January 27, 2015. The Gibson Light Pen has been developed for Atari home computers. 
  7. ^ "SecurAble: Determine Processor Security Features". Gibson Research Corporation. Retrieved January 23, 2015. 
  8. ^ "DNS Nameserver Performance Benchmark". Gibson Research Corporation. Retrieved January 23, 2015. 
  9. ^ "DNS Nameserver Spoofability Test". Gibson Research Corporation. Retrieved January 23, 2015. 
  10. ^ "SSL TLS HTTPS Web Server Certificate SHA1 Fingerprints". Gibson Research Corporation. Retrieved January 23, 2015. 
  11. ^ "Password Haystacks". Gibson Research Corporation. Retrieved January 23, 2015. 
  12. ^ "Ultra High Security Password Generator". Gibson Research Corporation. Retrieved January 23, 2015. 
  13. ^ "OpenVPN HOWTO Guide". Gibson Research Corporation. Retrieved January 23, 2015. 
  14. ^ Greene, Thomas C. (21 January 2006). "Windows back door rumor is bunk". The Register. Dice Holdings, Inc. Retrieved November 7, 2013. 
  15. ^ "Transcript of Episode #22". Security Now!. Gibson Research Corporation. Retrieved November 7, 2013. 
  16. ^ "M.I.C.E. - Metafile Image Code Execution". Gibson Research Corporation. Retrieved November 7, 2013. 
  17. ^ "WMF Vulnerability is an Intentional Backdoor?". Slashdot. Dice Holdings, Inc. January 13, 2006. Retrieved November 7, 2013. 
  18. ^ "The Rise and Fall of GRC". Retrieved November 7, 2013. [unreliable source?]
  19. ^ ""Gibson" Rantings - Vmyths - Truth About Computer Virus Myths & Hoaxes". Retrieved 2005-12-11. [dead link]
  20. ^ Greene, Thomas C (12 June 2001). "Security geek developing WinXP raw socket exploit: Has Steve Gibson finally lost his mind?". The Register. Dice Holdings, Inc. Retrieved November 7, 2013. 
  21. ^ Greene, Thomas C (22 February 2002). "Steve Gibson invents broken SYNcookies: GRC SYN-flood cure is worse than the disease". The Register. Dice Holdings, Inc. Retrieved November 7, 2013. 
  22. ^ "SpinRite upgrade". InfoWorld. October 11, 1993. ...Steve Gibson, whose Tech Talk column has run in InfoWorld for close to eight years... 
  23. ^ Gibson, Steve M. (1991). A Passion for Technology: 1990. Gibson Research Corporation. ISBN 9781880814901. 

External links[edit]