Back to Top

Wednesday, July 25, 2007

Hack the Gibson - special edition - aka lucky 13

I've been absent lately with the whole Hack the Gibson series, completely missing the 100th episode for example, not because I wouldn't have material, but because I'm very busy (or very lazy, depending on your viewpoint :-)). However I just wanted to let you know about a usefull resource, which unfortunately seems to be dead (in the sense that the domain seems to have expired).

The site I'm talking about is (again, I didn't provide a link, because you would be met with a generic this domain has expired message). Fortunately most of the content (if not all) is still available at's wayback machine (which as of the time of this writing seems also to be down - this is all a conspiracy I tell ya! :-)). The site consists of a (relatively) large set of materials criticizing Steve Gibson, and, even though the domain name is rather inflamatory, the content is well balanced. Hopefully it will come back someday.

PS. The existence of this site is both reassuring (in the sense that there are others who have similar opinions, and not just anybody, for example the author of Snort is one of them!) and intimidating (because if so many well written material couldn't get Steve to at least tone down his hype-machine, it's very improbably that I can).

And finally here is a quote to remind everybody what I object against (from episode #99, taken directly from the transcript) - the premise of this is that somebody has written in to counter one of Steve's arguments:

STEVE: "In the days before international banking, banks would build elaborate buildings. The reason for this is often considered by non-economists to be competitive. However, economists know that if it were out of competition, there would be similar architectural arms races in other industries. Yet banks were different somehow. The real reason is that the bank could afford to build beautiful buildings, while the fraudsters, who would open a bank and then skip town with the money deposited, could not. A baroque building was a signal of legitimacy. These scenarios are called ‘signaling games’ in economics and game theory that only a legitimate bank could afford to send.

"The problem in the online world, as you well know, is that people use the same rationale. If they go to a phishing site, and it has a nice layout with scripting and menus and animation, they assume it’s real. Enter EV certificates, the online equivalent of building a nice bank. It only makes economic sense to get one if you plan on sticking around. A nice website is a signal that anyone can duplicate, and therefore it isn’t a good signal at all. An EV-enhanced certificate that costs $15,000 per year is not easily duplicated and therefore is an effective signal. If you are legitimate and can’t afford one, you probably are not a target for phishing in the first place." Which actually I thought was sort of a really good point that he made. "If you don’t have the same need to signal your legitimacy as PayPal, eBay, Amazon, or an online bank, all of whom can afford one." And then he says, "I’ve written more on this exact topic if you’re interested," blah blah blah. But anyway, I just - I loved what he said. I mean, this is the kind of really good stuff that’s appearing in the mailbag now, so...

Now please direct your attentions to exhibit A, aka the sentence where Steve refuses to give real credit to the guy (Google to the rescue), even though they praise the letter. This is selfishness and disrespectful of the listeners, who put time and effort into the show and without whom there would be no show!

Update:'s Wayback machine is back up again, so here is the link to the last stored version:


Post a Comment

You can use some HTML tags, such as <b>, <i>, <a>. Comments are moderated, so there will be a delay until the comment appears. However if you comment, I follow.