Steve Gibson (computer programmer)

For other people named Steve Gibson, see Steve Gibson (disambiguation).

Steve Gibson
Steve in between shots on Leo Laporte's Call For Help in Toronto April, 2007.
Born	(1955-03-26) March 26, 1955 (age 58) Dayton, Ohio, United States
Residence	Laguna Hills, California USA
Nationality	American
Education	University of California, Berkeley
Occupation	Software Engineer and Security Analyst
Known for	Security Now! podcast on TWiT.tv (network)
Title	Computer programmer
Website
www.grc.com

Steve Maury Gibson (born March 26, 1955, Dayton, Ohio) is a computer enthusiast, software engineer and security researcher who studied Electrical Engineering and Computer Science at the University of California, Berkeley. Gibson lives in Laguna Hills, California. In 1985, Gibson founded Gibson Research Corporation, which is best known for its SpinRite software. An avid sci-fi fan, he has been known to be jokingly referred to as Steve Tiberius Gibson, an obvious poke at Star Trek's most famous captain of the Enterprise, James T(iberius) Kirk.

Works

Gibson has had a very long career in the technology field; his resume lists jobs he had held back to the age of 13. ^[1] Coincidentally, his website was taken down with DDoS by a 13-year-old on May 4th, 2001. ^[2] He began in hardware projects but moved more toward software development in the 1980s. One of his early successes during this period was a light pen graphics system for the Apple II.

Gibson is an advocate of assembly language programming, and prides himself on writing smaller applications mostly in Intel x86 assembly language, including much of the code of the SpinRite hard disk utility used from the beginning of the PC era. He is one of several advocates of optimizing computer programs and reducing the size of their executables.

In the 1990s, Gibson began to move into the computer security field, developing and distributing a number of free security tools, including the ShieldsUp! port-scanner, and the LeakTest firewall tester. In 2000, Gibson created one of the first adware removal programs, OptOut.

Gibson's latest publicly released works are SecurAble, last updated January 14, 2007 and more recently, DNS Benchmark, released September 30, 2010.^[3] SecurAble is a program that will tell the user if their CPU supports 64-bit computing, DEP (Data Execution Prevention) and hardware level virtualisation.^[4] DNS Benchmark is a utility used for obtaining DNS nameserver performance characterization, profiling and comparison.^[5]

Gibson is working on the DNS Nameserver Spoofability Test,^[6] an online utility used to test whether the systems configured nameservers are vulnerable to DNS spoofing.

Controversies

Steve Gibson was involved with a notable controversy over the Windows Metafile vulnerability,^[7] an issue raised in 2006 where a Windows Metafile image could trigger execution of arbitrary code. Gibson analyzed an unofficial patch issued by Ilfak Guilfanov, and publicly speculated both on a podcast called Security Now!^[8] as well as on his Web site^[9] that Microsoft may have intentionally included this vulnerability because of the use of an API called SetAbortProc, originally intended as a mechanism for canceling print jobs, which in his view made no sense. When Slashdot, a technology news Web site, picked up the assertion, an Internet rumor that Microsoft intentionally built a back-door to its operating systems was promulgated.^[10]

Gibson has been associated with a number of other controversies^[11] in the computer security field, including his prediction of the "XP Christmas of Death" in 2001 describing the outcomes of Microsoft's implementation of the SOCK_RAW protocol.^[12]

Gibson is also known for attempting to replicate functionality of a tool called SYNcookies, written by Dan Bernstein and Eric Schenk, in his own tool called GENESIS, as a preventive mechanism for SYN-flood attacks.^[13]

Gibson Research Corporation

Gibson Research Corporation or GRC is a computer software development firm founded in 1985 by Gibson. The company is registered in Laguna Hills, California.^[14] GRC has created a number of niche utilities over the years, the foremost of which is SpinRite, a hard disk scanning and data recovery utility.

As of mid-2009 GRC has three employees; Steve Gibson, Greg (technical support) and Sue (bookkeeper). Gibson also founded Gibson Laboratories, Inc. in 1981, a predecessor to GRC.^[1]

One of the significant features of Gibson Research Corporation is that far more of Steve's work is freely available. At this time only SpinRite is a paid-for commercial product.

Media

Gibson co-hosts a weekly computer security-focused podcast with Leo Laporte called Security Now!. Gibson has appeared on Leo Laporte's technology podcast, This Week in Tech. and also used to occasionally appear on The Lab with Leo Laporte on G4techTV Canada.^{[citation needed]}

Steve Gibson was a contributing editor to InfoWorld magazine. He reported on the world of hackers and crackers.^{[citation needed]}.

See also

• Shields Up
• Security Now!
• SpinRite

References

1. http://www.grc.com/resume.htm
2. http://computer.howstuffworks.com/zombie-computer3.htm
3. http://www.grc.com/freepopular.htm
4. http://www.grc.com/securable.htm
5. http://www.grc.com/dns/benchmark.htm
6. "DNS Nameserver Spoofability Test". GRC. 
7. http://www.theregister.co.uk/2006/01/21/wmf_fud_from_grc/
8. http://www.grc.com/sn/SN-022.htm
9. http://www.grc.com/wmf/wmf.htm
10. http://it.slashdot.org/it/06/01/13/1519204.shtml?tid=201
11. http://radsoft.net/news/roundups/grc/
12. http://www.theregister.co.uk/2001/06/12/security_geek_developing_winxp_raw/
13. http://www.theregister.co.uk/2002/02/25/steve_gibson_invents_broken_syncookies/
14. Gibson Research Corporation, Techadvice.com. Retrieved on 2 February 2007.

External links

• Steve Gibson on Twitter
• Steve Gibson's Attrition.org page
• Password Haystacks — Secure password system invented by Steve Gibson
• Perfect Passwords — Secure Password Generator
• Gibson's OpenVPN Guide
• Steve Gibson — Official TWiT wiki page