[ISN] Win-XP firewall defeats Gibson NanoProbes

From: InfoSec News (isnat_private)
Date: Mon Oct 29 2001 - 00:47:04 PST

Next message: InfoSec News: "[ISN] Meet the computer criminals: they'll see you in your office"

Previous message: InfoSec News: "[ISN] Cryptanalysis of Multiswap"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.theregister.co.uk/content/55/22509.html

By Thomas C Greene in Washington
Posted: 26/10/2001 at 19:25 GMT

A reader recently told me that the default settings on his Win-XP Pro
firewall made him invisible on the Net, at least according to Steve Gibson's
ShieldsUp https://grc.com/x/ne.dll?bh0bkyd2 security diagnostic tool. But
this isn't what Gibberson is worried about. As we know, he's terrified that
Harry Homeowner users will be Trojanized six ways to Sunday by malicious
teenagers bent on using their raw sockets to destroy the Internet.

So I installed the XP Home Edition last night and enabled the firewall with
default settings only. Then I took a little trip over to GRC and submitted
myself to an onslaught of Steve's unimaginably sophisticated NanoProbe
Technology.

I could almost feel the Ninja-like power of Steve's NanoProbes assaulting my
machine like a million tiny 'vibrating palms'.

And I was shocked, shocked, I tell you, to find that ShieldsUp gave my now
explosively deadly Windows box a perfect, 'full stealth' score. This new
weapon of mass destruction which I'm typing on is absolutely invisible.

"For all intents and purposes your computer doesn't exist to scanners on the
Internet!" Steve explains.

God, what a relief.

So of course, if Steve's 101% pure assembly language scanning engine can't
find my machine on the Net, there's absolutely no possibility that some
malicious kiddie could do so. And of course, to commandeer an XP box for
destructive purposes, the kiddies have to find it with a scanning utility.

But that's not going to happen -- unless, of course, Steve's ShieldsUp
system is just some lame prop he uses to mystify the masses and propagate
his bogus legend of technical superiority.

If ShieldsUP is a crap toy, and XP really is a weapon broadcasting its
deadly raw sockets to the dark side, then Steve is a fraud. But if the XP
firewall really offers 'full stealth' right out of the box, then Steve is a
fraud.

So which is it?

The proof:
ShieldsUp step one http://213.40.196.62/media/660.htm
ShieldsUp step two http://213.40.196.62/media/661.htm




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
of the mail.

Next message: InfoSec News: "[ISN] Meet the computer criminals: they'll see you in your office"
Previous message: InfoSec News: "[ISN] Cryptanalysis of Multiswap"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Oct 29 2001 - 02:59:11 PST