Microsoft MVP SecuritySummit thread in Security

Microsoft MVP SecuritySummit thread in Security http://www.dslreports.com/forum/r11805421 en Wed, 09 Dec 2009 19:22:31 EDT Wed, 09 Dec 2009 19:22:31 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11835111 B :
I am afraid. I am very afraid.

-- B

]]> http://www.dslreports.com/forum/remark,11835111 Thu, 11 Nov 2004 14:01:59 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11835065 Name Game :

said by antiserious

said by Name Game

:

see if you can find any gals with a Microsoft tattoo in the non-smoking section :D

I was just trying to help him find Noreen :D never thought about diagramming that sentence for "propositional phases" or the direct object..he'll figure it out or get some new threads going. ;)

Nice shirt Steve. :)

--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/]]> http://www.dslreports.com/forum/remark,11835065 Thu, 11 Nov 2004 13:56:17 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11834422 antiserious :

said by Name Game

:

see if you can find any gals with a Microsoft tattoo in the non-smoking section :D

... where on the body is the 'non-smoking section' located ? ... not that he shouldn't do a thorough search, just to give him a place to start ... :p ...

... wait ... that sounded ... umm ...

... nevermind ...

--
... "everybody's somebody to somebody, and nobody to everybody else" ... y.t. ...]]> http://www.dslreports.com/forum/remark,11834422 Thu, 11 Nov 2004 12:42:06 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11831902 sivran : Gotta love that shirt Steve was wearin. ;) ]]> http://www.dslreports.com/forum/remark,11831902 Thu, 11 Nov 2004 02:47:26 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11830769 CalamityJane :

said by WFO

:

CJ forgot to mention that she had her bull whip in hand and only got the "hell yeahs!!!" with each crack of the whip. LOL.;)

You can bet on that, but they have already deployed - so I didn't really need a bullwhip this trip....just hollered a lot. They are already on it and I'm just giving them info as fast as I can from OUR perspective :)

Meanwhile, Steve has continued this thread there (small technical error). Go here to follow it :)

»SecSummit notes for Wednesday
--
It takes a disaster to make a woman out of a female
Gladiator Security Forum
Proud Member of ASAP (Alliance of Security Analysis Professionals)]]> http://www.dslreports.com/forum/remark,11830769 Wed, 10 Nov 2004 23:16:35 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11829221 WFO :

said by CalamityJane

:

Well,I had some great one-on-one chats afterwards with a few MS execs about the "spyware" (hijack) issues and they are not only interested as in *Yeah*, but not only yeah.....but *HELL yeah!*

CJ forgot to mention that she had her bull whip in hand and only got the "hell yeahs!!!" with each crack of the whip. LOL.;)]]> http://www.dslreports.com/forum/remark,11829221 Wed, 10 Nov 2004 20:25:16 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11829082 Name Game : Well that will give you some time for a towel check and a wake up call. :D

Wake Up Call

ht tp://media.phonelosers.org/sound/hotel_wake_up_call.mp3

Towel Check

ht tp://media.phonelosers.org/sound/hotel_towel_check.mp3
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/]]> http://www.dslreports.com/forum/remark,11829082 Wed, 10 Nov 2004 20:09:20 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11828947 Steve :

said by Name Game

:

Well use the new Engine for some recon ;)

Great: I need to find a place to drink tonight, and the search engine unveils tomorrow. Just my luck :-)
--
Stephen J. Friedl � Unix Wizard � Microsoft MVP � Tustin, California USA � my web site]]> http://www.dslreports.com/forum/remark,11828947 Wed, 10 Nov 2004 19:57:02 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11828901 Name Game :

said by Steve

said by Name Game

:

Sound like the perfect night to check out the hotel lobby bar

No bar in the hotel :-(

Bummer :(

Well use the new Engine for some recon ;)
»www.redherring.com/Article.aspx?···+mission
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/]]> http://www.dslreports.com/forum/remark,11828901 Wed, 10 Nov 2004 19:52:33 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11828847 Steve :

said by Name Game

:

Sound like the perfect night to check out the hotel lobby bar

No bar in the hotel :-(
--
Stephen J. Friedl � Unix Wizard � Microsoft MVP � Tustin, California USA � my web site]]> http://www.dslreports.com/forum/remark,11828847 Wed, 10 Nov 2004 19:47:13 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11828804 Name Game :

said by Steve

said by mers2

:

MS is definitely keeping them busy - 7:00am to 10:00pm is a long day.

Sound like the perfect night to check out the hotel lobby bar to see if you can find any gals with a Microsoft tattoo in the non-smoking section :D Charge it to Blake Room. ;)
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/]]> http://www.dslreports.com/forum/remark,11828804 Wed, 10 Nov 2004 19:42:59 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11828059 Steve :

said by mers2

:

MS is definitely keeping them busy - 7:00am to 10:00pm is a long day.

Especially considering all the alcohol served for dinner - it's been quite a chore :-)

Tonight a whole raft of MVPs are going to a local pool hall for fun and frolic, and MS is providing the bus. It's a smoke-allowed joint, so I won't be going - have to get my booze elsewhere :-)

Steve
--
Stephen J. Friedl � Unix Wizard � Microsoft MVP � Tustin, California USA � my web site]]> http://www.dslreports.com/forum/remark,11828059 Wed, 10 Nov 2004 18:19:24 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11827989 mers2 : MS is definitely keeping them busy - 7:00am to 10:00pm is a long day. MS picked some very fine people to attend this conference and I hope MS listens and follows through on recommendations made. It sounds like good info being given out by MS as well. Thanks for the pics, Blake.]]> http://www.dslreports.com/forum/remark,11827989 Wed, 10 Nov 2004 18:11:41 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11827931 Name Game : Just trying to keep Security very Slurryous..we have a great bunch of folks representing us there at the Summit..they work hard..deserve the break..and I can not think of a better mix to have the wisdom and the tenacity to make their voices heard..they do us all proud.
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/]]> http://www.dslreports.com/forum/remark,11827931 Wed, 10 Nov 2004 18:03:28 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11827663 jaykaykay :

said by dp

:

I just love John's unique sense of humor, this place wouldn't be the same without him :) Of course, some of his remarks take a lot of deep thought to sink in. Keeps us all sharp. ;)

I agree and love John's humor too. It just kind of grabs you at times and at others...really makes you cock your head and think "did he really say that?".]]> http://www.dslreports.com/forum/remark,11827663 Wed, 10 Nov 2004 17:29:45 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11827284 dp :

said by jvmorris

:

Look, if you guys wanna say that NG is typically anal-retentive, then why not just come out and say it? :D

I just love John's unique sense of humor, this place wouldn't be the same without him :) Of course, some of his remarks take a lot of deep thought to sink in. Keeps us all sharp. ;)
--
Write your questions down on the back of a $20 dollar bill and send them to me]]> http://www.dslreports.com/forum/remark,11827284 Wed, 10 Nov 2004 16:49:23 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11826184 gracie :

said by Link Logger

:

There are at least three DSLReport folks in these pics, can you spot/name them all?

duh, they ARE wearing name tags :). but this brings up a good point; notice the unbalanced ratio of male/female (making it easy to guess who's Calamity Jane even without the nametag!). i am often the only. or one of few, female attendee at geek fests, particularly in the area of security (my pet interest professionally and personally). sometimes good (oh, yes ;)), sometimes not so good when i get mistaken for the registration secretary...

have a great time, guys! wish i were there! but ms is pissed i'll bet because i asked "provocative" questions at the last local MS-sponsored SBS 2003 seminar ;).
--
graciella! "not tonight dear, I have DSL."
Creating SuperOrganizations Worldwide]]> http://www.dslreports.com/forum/remark,11826184 Wed, 10 Nov 2004 14:59:28 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11825754 Name Game :

said by John2g

said by jvmorris

:

Look, if you guys wanna say that NG is typically anal-retentive, then why not just come out and say it? :D

It :)

I resemble that remark :D
--
Gladiator Security Forum »www.gladiator-antivirus.com/
Missing Kids
»www.missingkids.com/]]> http://www.dslreports.com/forum/remark,11825754 Wed, 10 Nov 2004 14:14:36 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11825709 John2g :

said by jvmorris

:

Look, if you guys wanna say that NG is typically anal-retentive, then why not just come out and say it? :D

It :)
--
Better to remain silent and be thought a fool, than to speak and remove all doubt. ]]> http://www.dslreports.com/forum/remark,11825709 Wed, 10 Nov 2004 14:09:38 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11825633 jvmorris : Look, if you guys wanna say that NG is typically anal-retentive, then why not just come out and say it? :D
--
Regards, Joseph V. Morris]]> http://www.dslreports.com/forum/remark,11825633 Wed, 10 Nov 2004 13:59:30 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11825622 Name Game :

said by B

said by John2g

said by Name Game

:

I lost track of my stool coming back from the powder room.:)

Please tell us that doesn't mean what it sounds like...

-- B

It was just a hair ball " Out of the box " :D.. but I finally found my bearing rattling around in the SP2 level. They need better IFRAME supports in that tower. Next thing you know it will be natural for everyone to be blowing in the wind.

That first step is a doozie. ;)
--
Gladiator Security Forum http://www.gladiator-antivirus.com/
Missing Kids
http://www.missingkids.com/]]> http://www.dslreports.com/forum/remark,11825622 Wed, 10 Nov 2004 13:58:24 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11825536 B :

said by John2g

said by Name Game

:

I lost track of my stool coming back from the powder room.:)

Please tell us that doesn't mean what it sounds like...

-- B
--
In a realm outside causality and function]]> http://www.dslreports.com/forum/remark,11825536 Wed, 10 Nov 2004 13:48:26 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11825530 John2g :

said by Name Game

:

I lost track of my stool coming back from the powder room.:)

No wonder you looked "flushed" :)
--
Better to remain silent and be thought a fool, than to speak and remove all doubt. ]]> http://www.dslreports.com/forum/remark,11825530 Wed, 10 Nov 2004 13:47:04 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11825511 Name Game : Wear your tinfoil hats when you have din din in the Speakeasy up in that SpaceNeedle..last time I have a late breakfest there..not only got dizzy :D I lost track of my stool coming back from the powder room.:)

Wireless net to cover downtown Seattle

»seattlepi.nwsource.com/business/···y10.html
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/]]> http://www.dslreports.com/forum/remark,11825511 Wed, 10 Nov 2004 13:44:29 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11825452 jaykaykay : What a neat thread. Not only the information but the photos. Thanks, guys, for sharing with us all.]]> http://www.dslreports.com/forum/remark,11825452 Wed, 10 Nov 2004 13:38:40 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11822484 CalamityJane : Well,I had some great one-on-one chats afterwards with a few MS execs about the "spyware" (hijack) issues and they are not only interested as in *Yeah*, but not only yeah.....but *HELL yeah!*

More to follow when the NDA allows :) I like their attitude and *HELL yeah* they have noticed ;)

Blake - we gotta get you a decent flash on that digicam. :D
--
It takes a disaster to make a woman out of a female
Gladiator Security Forum
Proud Member of ASAP (Alliance of Security Analysis Professionals)]]> http://www.dslreports.com/forum/remark,11822484 Wed, 10 Nov 2004 03:34:45 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11822480 Link Logger : So on the bus trip to and from the Space Needle I decided to do a little war driving/busing and get an idea as to how 'open' Seattle was for wireless. I must admit they are certainly better then Calgary as very few wireless systems were in default configuration, not to say they were all locked down, but I would suspect that a system where the SSID has been changed and is still yet open, is meant to be open. Tip of the hat to Seattle as they are doing a heck of a lot better then Calgary for example when it comes to wireless awareness.

Blake
--
Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel]]> http://www.dslreports.com/forum/remark,11822480 Wed, 10 Nov 2004 03:31:30 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11822454 Link Logger : This is a geek festival and the conversation is pretty hard hitting as pretty well everyone here has earned their battle scars and don't pull punches when letting Microsoft know what is working and what isn't. Want to get this crowd frothing at the mouth, try to dazzle them with marketing fluff and they will happily shred any marketing guys. You talk tech and know your stuff or die a horrible death.

Blake
--
Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel

]]> http://www.dslreports.com/forum/remark,11822454 Wed, 10 Nov 2004 03:18:15 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11822421 Link Logger : There are Security MVPs from all over the world here, and most of them despite the jet lag were slugging it out with the rest of us. And once again Microsoft proved they know how to chuck a great little party.

Blake
--
Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel

]]> http://www.dslreports.com/forum/remark,11822421 Wed, 10 Nov 2004 03:08:14 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11822408 Steve : Well, our time at the Space Needle was great. Two busses took us and our Microsoft hosts there, and we spent an hour on the observation deck up at the top: it was very clear, though I never managed to make it outside to really revel in it.

After an hour we headed back down to dinner, and we had assigned seating. They alternated "MVP" with "Microsoftie", and I sat next to the guy who gave a talk about their vulnerability assessment software. Great group of people.

So I'll try to recap the day. We covered a lot of material, and I wish to be clear that I am not pretending to be the stenographer: I made more notes on things I am interested in, and I certainly will leave things out.

We started out with a talk from Mike Nash, a corporate VP of security, and pretty much at the top of the food chain for this entire group. It wasn't so much technical as it was giving the overview of how Microsoft "gets it" about security. It's fair to take exception with particular products, technologies, or initiatives, but I believe that it's hard to make the case that Microsoft has not gotten religion about security.

Mike recounted a fun story: about two years go, he and a camera crew went to the Pike Place Market - a place in downtown Seattle - to ask people what they thought about computer security: I thought of it like doing "Jaywalking".

So this was about 9 months after 9/11, and the cops noticed them at work and approached them.

Cop: What are you doing?
Mike: We're doing a video about security
Cop: No you're not

So they had to pack up and go elsewhere. It was funny to hear the reactions from two years ago on how people trust their computers, and the best answer was "I don't worry about it, I have a Mac" :-)

Throughout this post, keep in mind that Microsoft is dealing with an enormous range, from "home users" to "enterprise users": it should not be such a surprise that running 200,000 systems (as one of our MVPs does) brings up issues that home and small business users don't even dream about.

After the Blaster worm, he ended up being the official corporate punching bag, with customers giving him 30-minute rants for 12 hours at a time for several months. I am sure I would not have wanted his job then, and this reinforced something we got at the Global Summit in April: Blaster was a watershed event at Microsoft, doing more than anything else to get them with the program.

One of the real-world issues they have heard about it the firewall before XP/SP2: many have thought that the firewall sucked, having too little configuration granularity, and he relayed a story that exhibited how much of a mess this was.

In the old days, users connecting to the Microsoft network via VPN were required to have the firewall enabled, but those inside the network had to have it disabled so you could get to local resources (fileserver, printers, etc.).

This means that if you're at home and want to print your email, these were your steps:

* enable firewall
* connect VPN
* open email in outlook
* disconnect VPN
* disable firewall
* print to local printer
* enable firewall
* reconnect VPN
* do more email stuff

This is the kind of lousy real-world user experience that helped inform them on how to do a better job.

Again, Mike was not so much giving tech details as a bigger roadmap, and it was a pretty good message.

Next was a session on Phishing/SPAM/Sender-ID, though we didn't end up getting anything about Phishing (that was covered in a later session). I think we all know how lousy the spam problem is, and he covered the steps that Hotmail is taking to combat spam and how this is being leveraged elsewhere.

There are five broad approaches to cutting down spam:

1) Heuristics: rules of thumb
2) Rules-based: specific keywords ("Make money fast!")
3) Machine learning: Bayesian filtering
4) Signature-based: like A/V, look for known spam
5) Community based: I vote that msg X is spam, it's filtered for you

Hotmail's "SmartScreen" is a combination of several of the above and ends up dumping an astonishing amount of spam every day.

They have a very large number of Hotmail users that have volunteered to help rate email: periodically, they are shown one of their own emails and asked "is this spam?", and the results help inform the global filters.

This really does require large amounts of input, because not everybody calls spam the same thing. That periodic email you get from Amazon.com (that you signed up for!) is not "spam" just because you changed your mind in the same way that "We offer Vi@gra for less" is spam.

Where this gets interesting is in Outlook 2003: the spam filters there will use the SmartScreen filters to help make it better. It will (with permission!) update the filters periodically, and it's gotten really rave reviews.

The user can maintain personal white and black lists, as well as choose to reject (say) email from .ru (Russia) or those with Cyrillic (Russian) character encoding. It really comprehensive.

Then the discussion of Sender-ID, which is filtering for mailservers and domains. The oversimplified description: if I own unixwiz.net, I can publish - in DNS - the list of IP addresses that are allowed to send email as that domain.

When your mailserver receives email purporting to be from unixwiz.net, it can see if the source IP is on the approved list. There are three cases:

1) unixwiz.net publishes SPF data, IP matches
2) unixwiz.net publishes SPF data, IP does not match
3) unixwiz.net doesn't have any SPF data

Case #1 means "it really is coming from unixwiz.net", and though it doesn't mean "not spam", it does increase accountability in that you can more easily know that the sender is who he says he is.

Case #2 is the easy one: it's spoofed, and should be dumped.

Case #3 means we simply don't know anything about the sender, so we have to go through all the usual checks.

There is a bit more to it than this, of course, but that wasn't where it got heated. It was on licensing.

Microsoft is offering a royalty-free license for this technology, but the terms are such that it requires nearly everybody to get individual licenses with Microsoft. The open-source people have soundly rejected this, and I am pretty much in that camp.

I happen to not be an open-source nutcase (who will find fault with anything Microsoft does), I believe in intellectual property, and generally like Microsoft, but I think they have made an enormous mistake here.

If they are trying to protect some legitimate interest, where not doing so would cost them something big, then I'd be OK with it, but so far nobody has been able to say what interest is being protected. There still may be one (so I have a slightly open mind), but in my book and in that of many, it's just "the same old proprietary Microsoft."

I cannot believe how embarrassingly lame and stupid this is. Oh well, they didn't ask me.

Anyway, the next segment was on the SCW (Security Configuration Wizard) found in Win2003 server SP1, and though I don't do that much with big enterprises, it was well received. The ability to rollback a security policy that (presumably) didn't work got a lot of kind words.

Then vulnerability assessment tools, and it started with the MBSA (Microsoft Baseline Security Analyzer). This runs on your machine and looks for "stuff" that is insecure: missing patches, empty admin password, etc. I am chagrined to say that I have never run it, but CalamityJane

raves about it.

One of the problems people run into is that different tools give different answers for what patches are required: Windows Update and MBSA don't agree, so who do you believe? They agreed that this was a mess, and things are in the work to make this problem go away. It's encouraging.

Then we broke for lunch, and I left the conference center to join the printing/imaging team, which was unrelated to any of my Security work.

I missed the first hour of the presentation on IE, but the ~10 minutes I saw seemed like PR and was not that interesting.

Then the session I was looking forward to: Network Access Protection. Enterprise users take note!

The idea is that a network administrator ought to have the right to know the state of every machine on his network, and NAP supports this.

Oversimplified description: if a computer on a network is "unhealthy" (A/V out of date, missing patches, bad security configuration, etc.), it gets a restricted view of the network, with access only to a few machines that let it get fixed (update A/V, get patches, etc.). Only when the machine is healthy is it given full access.

This will be particularly helpful for laptops: the idiot VP of sales gets infected while on the road, but he doesn't get to infect the rest of the company when he goes back to the office.

But this is all about "mechanism", not "policy", so the Microsoft platform only lets the IT admin set the rules for the local network. It seems to me that getting the rules tuned not quite right means that every second Tuesday of the month, everybody gets locked out one the new patches arrived (e.g., everybody is out of date at the same time).

Part of this are available now with RAS and wireless, but it won't be until Longhorn until this is supported in the big picture.

The guy who was supposed to give this presentation was sick, so we got a business-y guy as a fill-in who had never seen the slides before. I was prepared to be disappointed, but he did an outstanding job. Was completely up to speed on the big picture, never BS'd or spun, just a great save.

More info at »www.microsoft.com/nap

The last presentation was on Spyware, and CalamityJane

was totally in her element. The speaker was fantastic even though Microsoft's big picture is not nearly as compelling as we'd like it to be.

He talked about what makes spyware "spyware", and he did a very good job of showing that it's not always so clear-cut how to define things.

If software is changing your computer settings, is it "spyware"? What if it's a tweak-tool that you downloaded so you can fool with your desktop?

If software is secretly monitoring what a user does, is it "spyware"? What if it's parental-control software installed by Mom to watch the kids?

If software makes a modem call to establish an internet connection, is it "spyware"? What if it's "your ISP software" (as opposed to a porn dialer).

The definition they used was "Programs that perform certain behaviors without appropriate user consent", and he really presented this whole thing well.

Clearly spyware is really bad news, and their crash-reporting data suggests that one third of XP crashes are linked to spyware, and some non-trivial percentage of all support calls are due to this. I'm sure that the OEMs (Dell, HP, etc.) are singing a similar song.

Where the song was not so happy was how to deal with current issues. There are sticky legal issues about Microsoft uninstalling software that might be desired ("Microsoft out to crush iWon.com"), and it really didn't look like there was much beyond XP/SP2.

I believe that XP/SP2 is a huge win, but it's not helping get rid of CoolWebSearch: More than one person whined and begged for help and tools on this. Thankfully, our very own queen of spyware was able to corner some key people and get a useful dialog going. I'm encouraged that she'll get somewhere.

This ended the official part of the day, so we chatted a while with the sponsors of the MVP program, and then headed out to dinner.

They had a lovely open bar, and I ran into the hottie from the Security Response Center (Terri) that I shared dinner with at the Global MVP Summit in April - this was a pleasant surprise. I told her "I called you a hottie on BroadbandReports", and she said "and like 1000 people didn't send me that" :-)

It was a good, but very long, day, and I'm about ready to crash. We are on the bus tomorrow at 7:15 for another day, and I hope to report again in the evening.

Good night.

Steve
--
Stephen J. Friedl � Unix Wizard � Microsoft MVP � Tustin, California USA � my web site]]> http://www.dslreports.com/forum/remark,11822408 Wed, 10 Nov 2004 03:04:34 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11822401 Link Logger : Lets try a little rotation at least.

Blake

]]> http://www.dslreports.com/forum/remark,11822401 Wed, 10 Nov 2004 03:02:37 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11822394 Link Logger : Ok so here are a couple of pictures (unedited) from today as it was a long busy day (7am - 10pm). NOTE I'm using an CoolPics 990 and I will be the first to say the flash is weak. There are at least three DSLReport folks in these pics, can you spot/name them all?

Blake
--
Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel

]]> http://www.dslreports.com/forum/remark,11822394 Wed, 10 Nov 2004 03:00:14 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11822372 Owlbet :

said by NanDog

:

And in response to Joseph, let's hope St. Helens keeps her mouth shut!

Shhh! Our volcano (Mt. Spurr, Alaska) has awakened from a slumber. Please don't tell her to shut up. ;)
--
Rocky is, was, and always will be Dawg E. Dawg.]]> http://www.dslreports.com/forum/remark,11822372 Wed, 10 Nov 2004 02:50:06 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11820227 NanDog : Hope you all enjoy your time here in the Great Pacific North"wet"! You know, the local Native Americans have a saying that translates as "if you can see Mt. Rainier, it's going to rain; if you can't see Mt. Rainier, it's raining!" :D

Actually, it looks as if you lucked out on the weather. The local shamans are calling for fog in the mornings and sunbreaks in the afternoons for the next couple days. And in response to Joseph, let's hope St. Helens keeps her mouth shut!]]> http://www.dslreports.com/forum/remark,11820227 Tue, 09 Nov 2004 21:42:05 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11817269 Steve : Just got back from an extended lunch: though I'm a Security MVP, I have been recruited by the print/imaging group as a "secondary competence", so they took me to lunch. I also write printer software, so it was nice to touch base.

I have been taking tons of notes, and I hope to write a ton of stuff much later tonight on what we covered. Most of what we've heard has been very good, though I might have a snotty thing or two to say about the Sender-ID licensing debacle.

Microsoft put all of the Powerpoint slides on the 128MB USB flashdrive, so I'll have material to reference :-)

Steve
--
Stephen J. Friedl � Unix Wizard � Microsoft MVP � Tustin, California USA � my web site]]> http://www.dslreports.com/forum/remark,11817269 Tue, 09 Nov 2004 16:59:24 EDT Re: Weather Forecast - IE warm front http://www.dslreports.com/forum/remark,11816660 Link Logger :

said by Reverend Ike :
... after 45 years Blake is still learning English as his first language

Either that or it was the 6:30am start here today, as typically I don't do mornings...

Blake
--
Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel]]> http://www.dslreports.com/forum/remark,11816660 Tue, 09 Nov 2004 16:02:24 EDT Re: Weather Forecast - IE warm front http://www.dslreports.com/forum/remark,11816368 Reverend Ike :

said by Link Logger

:

... after 45 years Blake is still learning English as his first language ...

Good thing Babelfish has that Canadianese to English translation option ...]]> http://www.dslreports.com/forum/remark,11816368 Tue, 09 Nov 2004 15:33:15 EDT Weather Forecast - IE warm front http://www.dslreports.com/forum/remark,11815856 Link Logger : Weather forecast from the North West. Extreme warm front will be moving out from Redmond at 1pm local time as the topic of discussion will be IE. Body armour will be available as this one will be lively for sure.

Anything that anyone wants brought up besides the obvious?

Edit -> after 45 years Blake is still learning English as his first language...

Blake]]> http://www.dslreports.com/forum/remark,11815856 Tue, 09 Nov 2004 14:39:44 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11815492 Daniel :

said by Steve

:

First thing will be the keynote from Mike Nash, a VP of security, and many of us have worn "Mike Nash Blue" shirts - apparently it's some kind of thing he's known for, so many of us have played along with this little joke.

Stay away from the punch, man. And don't take any pills that are offered; they're trying to go Borg on your ass.
--
cat knowledge | grep understanding]]> http://www.dslreports.com/forum/remark,11815492 Tue, 09 Nov 2004 13:53:44 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11815407 jvmorris : Blake,

You guys just hang in there and say what you feel needs to be said, as you see it. That'll work just fine. We sort of look on those of you (from BBR/DSLR) as being our reps in this Conclave and we know you'll do what you can to the best of your abilities.

It's fun to hear about the freebies, the dinners, and (eventually) the parties, but I think we all know that you're all working hard on these issues. That will do quite nicely.

And if Mt. St. Helens blows, well . . . ;)
--
Regards, Joseph V. Morris]]> http://www.dslreports.com/forum/remark,11815407 Tue, 09 Nov 2004 13:41:07 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11815297 Link Logger : I am here and have my camera with and I should have gotten pictures of the fight we just had over spam mail during a presentation by Manav Mishra, it was great. Microsoft is working on it, but they did take some heat over limitations, but those limitations are in very difficult areas. They did bring a number of team members from their anti-spammer group as they did want to hear what was said and they got it. Workgroups to follow on this topic, which boxing qloves will handed out in.

Blake
--
Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel]]> http://www.dslreports.com/forum/remark,11815297 Tue, 09 Nov 2004 13:24:52 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11814432 jvmorris : Ooooh, Space Needle! :D

Did Blake make it? Do we get night shots over Seattle from the Space Needle? Will Mt. St. Helens blow while you're up there? . . . Film at 11!

And, one question I forgot to ask on the MVP summit: Does MS subsequently put up any of the presentations or Q&A sessions afterwards somewhere on their website?
--
Regards, Joseph V. Morris]]> http://www.dslreports.com/forum/remark,11814432 Tue, 09 Nov 2004 11:35:04 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11814415 jaykaykay : "And CalamityJane looks great today" Letch!!!:D ]]> http://www.dslreports.com/forum/remark,11814415 Tue, 09 Nov 2004 11:32:52 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11814056 Steve : OK, we're here: shuttles ran from the hotel to the Microsoft Conference Center, and we're gathering in the St. Helens room. There are maybe 50 MVPs snarfing down breakfast and going through our swag bags (a nice portfolio, a USB flash drive, some books) and meeting each other. There may be more Microsofties than there are MVPs.

First thing will be the keynote from Mike Nash, a VP of security, and many of us have worn "Mike Nash Blue" shirts - apparently it's some kind of thing he's known for, so many of us have played along with this little joke.

We're having sessions on spam/phishing/sender ID (about the latter I intend to ask some questions about "licensing"), network access security, spyware ( CalamityJane

is looking forward to that one!) and IE.

Tonight we're going to dinner at the Space Needle, and I brought my binoculars. It's been a very nice crowd so far.

And CalamityJane

looks great today :-)

Off to the opening session...

Steve
--
Stephen J. Friedl � Unix Wizard � Microsoft MVP � Tustin, California USA � my web site]]> http://www.dslreports.com/forum/remark,11814056 Tue, 09 Nov 2004 10:45:09 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11813674 hpguru : You guys better put duct tape over your mouths to protect you from security threats. :D
--
How long till your job gets exported to Shanghai???]]> http://www.dslreports.com/forum/remark,11813674 Tue, 09 Nov 2004 09:51:50 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11813132 CalamityJane : Yeah, you gotta watch that lingo in airports for sure! ;)]]> http://www.dslreports.com/forum/remark,11813132 Tue, 09 Nov 2004 08:14:51 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11812178 Name Game :
said by CalamityJane :

I'm here :)

My experience so far is, great Mexican dinner with lots of handsome bodyguards all to myself again (for tonight anyway);)

AND picked up two new victims of browser hijacks on the trip up that have my email addy for help in removing the scum

Just be careful next time when you yell out I am an expert hijacker. We don't want you making Christmas decorations with Martha. :D

»forum.gladiator-antivirus.com/up···2277.jpg
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/]]> http://www.dslreports.com/forum/remark,11812178 Tue, 09 Nov 2004 02:04:36 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11811333 MapleLeaf : Have a great trip, guys, and come back with interesting stories for all of us :D
--
Remember, I'm pulling for you - we are all in this together...]]> http://www.dslreports.com/forum/remark,11811333 Mon, 08 Nov 2004 23:36:03 EDT Re: Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11811111 CalamityJane : I'm here :)

My experience so far is, great Mexican dinner with lots of handsome bodyguards all to myself again (for tonight anyway);)

AND picked up two new victims of browser hijacks on the trip up that have my email addy for help in removing the scum
--
It takes a disaster to make a woman out of a female
Gladiator Security Forum
Proud Member of ASAP (Alliance of Security Analysis Professionals)]]> http://www.dslreports.com/forum/remark,11811111 Mon, 08 Nov 2004 23:09:31 EDT Microsoft MVP SecuritySummit thread http://www.dslreports.com/forum/remark,11805421 Steve : Microsoft is hosting a handful of Security MVPs for a mini Security Summit in Redmond this week, and I figured we needed a thread to talk about it. I hope the others that are going will check in (though we're all staying at the same hotel: we ought to run into each other now and then).

Unlike the Global MVP Summit in the spring (thread here), which had ~2000 participants, this one is much smaller, maybe 50 or 60. This is limited to security topics and MVPs, and from the rough agenda I've seen, it should be interesting.

I think there is nearly no chance that we'll see Bill Gates (bummer), but our host will be Mike Nash, the VP of the Security Business & Technology Unit.

Microsoft always takes good care of us: we're having dinner at the Space Needle on Tuesday night. It doesn't start until tomorrow, but I'm sure that some of us will post our experiences. I expect that Blake ( Link Logger ) will post pics again.

Off to the airport...

Steve
--
Stephen J. Friedl � Unix Wizard � Microsoft MVP � Tustin, California USA � my web site]]> http://www.dslreports.com/forum/remark,11805421 Mon, 08 Nov 2004 12:28:30 EDT