Steve Gibson (computer programmer)

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Steve Gibson
Steve in between shots on Leo Laporte's Call For Help in Toronto (April 2007).
Born (1955-03-26) March 26, 1955 (age 66)[1]
Dayton, Ohio[2]
EducationUniversity of California, Berkeley
OccupationSoftware engineer and security analyst
Known forSecurity Now! podcast on

Steven[3] "Steve Tiberius[4]" Gibson (born 26 March 1955) is an American software engineer, security researcher, and IT security proponent. In the early 1980s, Gibson worked on light pen technology for use with Apple and Atari systems. In 1985, he founded Gibson Research Corporation, best known for its SpinRite software.


Gibson started working on computers as a teenager, and got his first computing job with Stanford University's artificial intelligence lab when he was 15 years old.[5] Gibson writes he studied electrical engineering and computer science at the University of California, Berkeley while the alumni directory shows he did not.[6][7]


Gibson was hired as a programmer for California Pacific Computer Company in 1980, where he worked on copy protection for the company's products.[8]

Gibson founded Gibson Laboratories in Laguna Hills, California in 1981; Gibson Labs developed a light pen for the Apple II, Atari, and other platforms and went out of business in 1983.[6][9][10]

In 1985 Gibson founded Gibson Research Corporation (GRC) - a computer software development firm.[6]

From 1986 to 1993 Gibson wrote the "Tech Talk" column for InfoWorld magazine.[11]

In 1999, Gibson created one of the first adware removal programs, which he called OptOut.[12]

In 2001, Gibson predicted that Microsoft's implementation of the SOCK_RAW protocol in the initial release of Windows XP would lead to widespread chaos by making it easier for Windows XP users to create denial of service (DoS) attacks.[13][14][15] In that year, his company's website was brought down by a DoS attack;[5] the attacks continued for two weeks. Gibson blogged about the attacks and his (ultimately successful) efforts to track down the hacker.[5] Three years after the Windows XP release, Microsoft limited raw socket support in Service Pack 2.[16]

In 2005 Gibson launched a weekly podcast called "Security Now" with Leo Laporte on, with its archives hosted on GRC's website.[17][18]

In 2006 Gibson raised the possibility that the Windows Metafile vulnerability bug was actually a backdoor intentionally engineered into the system.[19] A response by Microsoft[20] and by Mark Russinovich on Microsoft's Technet blog[21] stated that the bug appeared to be coding error and that Gibson's reasoning was based upon Microsoft's abort procedure documentation being misleading. Furthermore, Peter Ferrie of Symantec Security Response wrote:[22]

Gibson claimed that a thread is created to run the SetAbortProc handler. In fact, no thread is created to run the handler – it is a callback, which is called by the parser, and the parser has to wait until the callback returns, otherwise the whole point of the function (to abort the printing) is lost. By his own admission, Gibson did not read the documentation (in fact, he claimed that he couldn’t find it, although it is freely available on Microsoft’s Web site), and he claimed that the device context is not available to the function handler. Of course the device context is available to the function handler – it is one of the two parameters that is passed to it (see above), and it is required in order to abort the printing. Finally, Gibson claimed that the control flow could not return to Windows. It is simply a matter of the function returning and discarding the parameters that were passed on the stack. If the record is well formed, Windows will continue to parse the file, as before.

[...] Gibson admits that he was guessing about a number of things. Unfortunately, he guessed poorly. I guess we know better now.

In 2013 Gibson proposed SQRL[23] as a way to simplify the process of authentication without the risk of revelation of information about the transaction to a third party.

GRC products[edit]

GRC has created a number of utilities, most of which are freeware.[24][25]

  • DNS Benchmark, freeware that lets users test the performance of the domain name servers used by their internet service providers.[26]
  • Securable, freeware to test whether a pre-Windows 7 computer is 64-bit compatible. It also tells the user if Data Execution Prevention is enabled.[27]
  • Shields Up, a free browser-based firewall testing service; one of the oldest available[28][29]
  • SpinRite, a hard disk scanning and data recovery utility first released in 1988.[30] As of January 2019 the current version was 6.0,[31] which was first released in 2004.[32] SpinRite is a commercial product, costing $89 as of January 2019.[31] Gibson's work on SpinRite has led to him being considered an expert on hard drive failure.[33]
  • Spoofarino, freeware released in 2006 and promised since the controversy over the launch of Windows XP in 2001, it enables users to test whether their internet service providers allow them to send forged or "spoofed" packets of data to Gibson's Web site.[34]
  • Never10, standalone freeware program that toggles registry values in Windows 7, 8, and 8.1, which either disables or enables Microsoft's Get Windows 10 app and automatic OS upgrade. As of version 1.3 also triggers the removal of any previously downloaded Windows 10 upgrade files as part of the disable function.[35][36]
  • InSpectre, a utility that examines a computer's vulnerability to the Meltdown and Spectre attacks.[37]


  • Gibson, Steve (1991). A Passion for Technology, 1986 - 1990 Cumulative Index and 1986. Aliso Viejo, California: Gibson Research Corporation. ISBN 1-880814-86-2.
  • Gibson, Steve (1991). A Passion for Technology Volume One 1987. Aliso Viejo, California: Gibson Research Corporation. ISBN 1-880814-87-0.
  • Gibson, Steve (1991). A Passion for Technology Volume Two 1988. Aliso Viejo, California: Gibson Research Corporation. ISBN 1880814889.
  • Gibson, Steve (1991). A Passion for Technology Volume Three 1989. Aliso Viejo, California: Gibson Research Corporation. ISBN 1-880814-89-7.
  • Gibson, Steve (1991). A Passion for Technology, Volume Four 1990. Aliso Viejo, California: Gibson Research Corporation. ISBN 1880814897.


  1. ^ "Security Now 500 | TWiT.TV". Retrieved May 15, 2015.
  2. ^ "Security Now! #76, January 25, 2007, Listener Feedback Q&A #15". Retrieved August 12, 2019.
  3. ^ "California Business Search for "gibson research corporation"". California Secretary of State. Retrieved November 3, 2017.
  4. ^ "Security Now! Transcript of Episode #700". Retrieved February 12, 2019.
  5. ^ a b c Millar, Stuart (June 5, 2001). "Teenage hackers". The Guardian.
  6. ^ a b c Gibson, Steve. "Steve's Resumé". Retrieved February 8, 2015.
  7. ^ "Cal Alumni Association". Retrieved January 23, 2021.
  8. ^ Knudsen, Richard (January 1981). "Exec California Pacific: Innovative Marketing Budges" (PDF). Softalk Magazine. 1 (5): 34.
  9. ^ Mace, Scott (December 26, 1983). "Hardware: Light Pen Technology looks to the Micro". InfoWorld. p. 61. Retrieved January 27, 2015. The Gibson Light Pen has been developed for Atari home computers.
  10. ^ "InfoWorld Aug 9, 1982 / P13-17". Popular Computing Inc. August 9, 1982. Retrieved February 24, 2016.
  11. ^ "SpinRite upgrade". InfoWorld. October 11, 1993. ...Steve Gibson, whose Tech Talk column has run in InfoWorld for close to eight years...
  12. ^ Lavasoft. "The History of Spyware". Retrieved February 8, 2015.
  13. ^ Radcliff, Deborah (October 22, 2001). "Windows XP: Is it safe?". Computerworld.
  14. ^ Raw Sockets Debate: Steve Gibson with Tom C. Greene. Online Tonight with David Lawrence (video). 2001. Archived from the original on May 7, 2014. Retrieved February 7, 2015.
  15. ^ Fogie, Seth (June 21, 2002). "Raw Sockets Revisited: What Happened to the End of the Internet?". InformIT.
  16. ^ Griffiths, Ian (August 12, 2004). "Raw Sockets Gone in XP SP2". IanG on Tap.
  17. ^ "Security Now! Episode Archive". Gibson Research Corporation. Retrieved February 8, 2015.
  18. ^ Bowers, Andy (December 9, 2005). "Slate's Podcast Roundup". Slate.
  19. ^ "Security Now! Episode Archive". Gibson Research Corporation. Retrieved December 12, 2017.
  20. ^ Toulouse, Stephen (January 13, 2006). "Looking at the WMF issue, how did it get there?". Microsoft Security Response Center.
  21. ^ Helweg, Otto (January 18, 2006). "Inside the WMF Backdoor". Mark Russinovich's Blog.
  22. ^ Ferrie, Peter (February 2, 2006), Inside the Windows Meta File Format (PDF), Virus Bulletin, archived from the original (PDF) on May 16, 2008, retrieved March 14, 2021 – via (and Internet Archive)
  23. ^ Gibson, Steve (October 2013). "Secure Quick Reliable Login".
  24. ^ Luo, John (March 2004). "Open-source and general public license programs cost little or nothing. Are they right for your practice?" (PDF). Current Psychiatry.
  25. ^ Coolidge, Daniel S. (January–February 2006). "Cyber-Vermin: Dealing with Dangerous Fauna Infesting the Internet". GPSolo Magazine.
  26. ^ Softpedia. "DNS Benchmark". Softpedia. Retrieved February 8, 2015.
  27. ^ Orchilles, Jorge (2010). Microsoft Windows 7 Administrator's Reference: Upgrading, Deploying, Managing, and Securing Windows 7. Syngress. p. 10. ISBN 9781597495622.
  28. ^ Biersdorfer, J. D. (April 6, 2010). "Q.&A.: Torching Your Firewall — On Purpose". The New York Times.
  29. ^ Leonhard, Woody (2005). Windows XP Timesaving Techniques For Dummies. John Wiley & Sons. pp. 429–30. ISBN 9780764596179.
  30. ^ Mendelson, Edward; Stark, Craig L. (October 11, 1988). "First Looks". PC Magazine.
  31. ^ a b "SpinRite". Retrieved February 8, 2015.
  32. ^ Mainelli, Tom (August 2, 2004). "Review: SpinRite 6 to the Rescue". PCWorld.
  33. ^ Anderson, Nate (February 25, 2007). "Experts: No cure in sight for unpredictable hard drive loss". Ars Technica.
  34. ^ Rosenberger, Rob (April 1, 2006). "Steve Gibson finally releases DDoS attack tool". Spyware Point.
  35. ^ "Steve Gibson's Never 10 Helps You Turn Off the Windows 10 Upgrade". Retrieved April 30, 2016.
  36. ^ "This simple app will block Microsoft from downloading Windows 10 on your PC". Retrieved April 30, 2016.
  37. ^ Thorp-Lancaster, Dan (January 17, 2017). "InSpectre will quickly check if your PC is vulnerable to Meltdown and Spectre". Windows Central. Mobile Nations. Retrieved January 17, 2018.

External links[edit]