Steven M. Gibson (born March 26, 1955) is an American software engineer, security researcher, and IT security proponent. In the early 1980s, he worked on light pen technology for use with Apple and Atari systems, and in 1985, founded Gibson Research Corporation, best known for its SpinRite software. He is also known for his work on the Security Now podcast.

Early life

Gibson started working on computers as a teenager, and got his first computing job with Stanford University's artificial intelligence lab when he was 15 years old. He then studied electrical engineering and computer science at the University of California, Berkeley.

Career

Gibson was hired as a programmer for California Pacific Computer Company in 1980, where he worked on copy protection for the company's products. He then founded Gibson Laboratories in Laguna Hills, California, in 1981, which developed a light pen for the Apple II, Atari, and other platforms before going out of business in 1983. In 1985, Gibson founded Gibson Research Corporation (GRC), a computer software development firm, and from 1986 to 1993, he wrote the "Tech Talk" column for InfoWorld magazine. In 1999, Gibson created one of the first adware removal programs, which he called OptOut. In 2001, he predicted that Microsoft's implementation of the SOCK RAW protocol in the initial release of Windows XP would lead to widespread chaos by making it easier for Windows XP users to create denial of service (DoS) attacks. That year, his company's website was brought down by DoS attacks which continued for two weeks. Gibson blogged about the attacks and his (ultimately successful) efforts to track down the hacker. Three years after the Windows XP release, Microsoft limited raw socket support in Service Pack 2. In 2005, he launched a weekly podcast called Security Now with Leo Laporte on TWiT.tv, with its archives hosted on GRC's website. In 2006, Gibson raised the possibility that the Windows Metafile vulnerability bug was actually a backdoor intentionally engineered into the system. A response by Microsoft, and by Mark Russinovich on Microsoft's Technet blog, stated that the bug appeared to be coding error and that Gibson's reasoning was based upon Microsoft's abort procedure documentation being misleading. In 2013, he proposed SQRL as a way to simplify the process of authentication without the risk of revelation of information about the transaction to a third party.

GRC products

GRC has created a number of utilities, most of which are freeware.

Works