[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ossig] [Fwd: MNCC"S Evening Talk on 24 May 2005 - crosoft's current and future security initiatives]

On Mon, May 16, 2005 at 03:10:26PM +0800, Dinesh Nair spoke thusly:


>*\Jason Yuen* has over 8 years of experience in the field on IT Security.
>Graduated with a Bachelor of Business degree from the University of
>Technology, Sydney, he is a Certified Information Systems Security
>Professional (CISSP) as well as a Certified Information Systems Auditor

Jason gave the Microsoft speech at the recent e-Governance seminar @
Sheraton. He was okay, at least not too much marketing and expounded on
actually going through your logfiles (Event Viewer specific of course). I
did find these points amusing however:

a) His comparison of the advantages of open & closed software, security
wise. The usual debatable FUD. MS has a dedicated security team going
through its code, yada yada rather than a bunch of globally dispersed
programmers doing this on their free time. I wish they would get their
facts straight, a number of companies actually get paid to audit source
code for FOSS.

b) First started talking about ISA server and its goodness. Then how
applications like to tunnel out surreptiously, which ISA can stop. He must
have forgotten Microsoft's RPC-over-HTTP implementation. 

I expected more details on how Microsoft was being security transparent, or
at least advancing security internally (rather than the usual PR statement)
but that was not forthcoming. [1]

That's all I can remember, was freezing my buns off.

[1] To be fair, I didn't stand up and ask either ;)

To unsubscribe: send mail to ossig-request@mncc.com.my
with "unsubscribe ossig" in the body of the message