By now you've probably heard about the DDoS attacks against grc.com. Hard to miss, since it's plastered all over the techie press. Also there's this guy running around trying to get people's attention about so-called security flaws in Windows XP.

It's hard for me to express how much I hate Steve Gibson. Frankly, I'm getting tired of hearing about the "security expert" who is "exposing" the "serious vulnerability" in Windows XP that will lead to increased DDoS attacks -- properly implemented IP sockets.

His flashy web sites are filled with hyperbole and sound-bite statements designed to scare people into purchasing his snake oil products. And the whole thing with Windows XP I just don't get. On his own website, he links to an article on The Register ("Steve Gibson really is off his rocker") that does an excellent job of explaining just about how I feel about Steve Gibson.

I guess I just don't understand security. Shhh, nobody tell my boss.

That being said, he does actually have a point, and it is interesting reading. Bruce Schneier (who I really like) has a good analysis of the attacks here:

http://www.counterpane.com/crypto-gram-0106.html#6

Do yourself a favor, skip the actual article and read the analysis instead.