lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: freouwebbe at msn.com (roberta bragg)
Subject: Security Watch Essay (was: (no subject))

 Well, lets see.  What gets published in any publication is usually an
editorial decision.  As in senior editor, or managing editor.  Then again,
they have to have something to choose from.  If no one writes anything, then
the editors have to scramble. No telling what they'll do. No telling what
they'll publish.  

I don't write to "score points" against anyone or anything.  I'll defend my
point of view, and I'll argue a point if I believe in it.  Mostly, however I
prefer to just tell a story,  provide a tip, discuss an issue,  answer a
question.  Those who read me on a regular basis know that.

Long before I became a writer I spent a couple of decades paying dues:  I
was a keypunch operator, FORTRAN, Cobol, C, C++, LISP, Delphi, dbase, VB,
Prolog, etc. programmer, project leader, systems analyst, computer
salesperson, teacher, consultant, network admin, systems admin, graduate
student in computer science, whatever. Was doing computer security before it
was kool.  You?  

Don't claim any fame. Just like providing information, sounding off.  Maybe
like you?

Apparently the authors of the monoculture piece feel that way too.  They
never responded to me.  I didn't expect them to. Did get a lot of letters
from "anonymous" that damned me for having the opposite opinion from theirs.
I did expect that. I typically don't respond to letters from "anonymous"
that simply call me names.

Keith is not my boss.  Boss implies employer/employee relationship.  No such
relationship exists. He did ask that I post, since he does not subscribe to
the list. I'm not his keeper , nor he mine -- we're both free to subscribe
to whatever lists we choose.  And not to subscribe if we chose not to.

"employee" is a legal term that implies a contract ===  a job  for wages
from which there is withholding for taxes , social security etc.  It may
even imply benefits such as health care, vacation, sick pay etc.  And while
there is no guarantee,,, you generally can count on remaining employed for
longer than it takes to write an article.  I have no such relationship with
101 or MAP.  I get to write regularly --- but its always been one article,
one column at a time...there is no contract. the last column I write ,,,
could be the one already written...   There is no obligation to me to
continue to accept for publication what I write,,,, and I have no obligation
to them to write again.  

As you point out, its pretty unlikely that subscribers to the magazine (who,
by the way, get it for free if they are an MAP. )  have no interest in the
success of MS.  Their employers purchased MS products..  They, the
subscribers, were hired to keep it working ---   of course they have an
interest it MS helping them do so.

No,  my comment about 101 doing JAVA and other magazines was not meant to
mean that MAP wasn't about Microsoft Products,,, but merely to point out
that 101 does other things..  Just as this list also talks about non-MS
vulnerabilities.  I never said that the column is not about MS products
just that it is not owned by MS.  It is not a MS publication.  Is
Full-Disclosure anti-MS?  I'd say many of its contributors are. But I'd also
say a lot of them just want to get information out in the open so that
anyone with an interest can do their best job at securing systems.  Today
it's a MS flaw, tomorrow its somebody else's..  There's a lot of noise,  and
a lot of nuggets.  Typical of a open forum.

No, my comment "if you believe ... Is a pro MS publication"  was not meant
to claim that it was an anti ms publication,, or even a neutral one..but to
ask that anyone who saw it as a publication that would only publish pro-MS
content --- take the opportunity to write something anti-MS and see it
published. 

Next question?

-Roberta 

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of
http-equiv@...ite.com
Sent: Wednesday, February 11, 2004 11:32 PM
To: full-disclosure@...ts.netsys.com
Cc: freouwebbe@....com; keith.ward@...mag.com; roberta.bragg@...mag.com
Subject: [Full-Disclosure] Security Watch Essay (was: (no subject))



How many of these little essays are you going to publish? Who will decide
which one[s] gets published.  Will it be the only one that you can reply to
that you feel you can score points against. Who are you and what is your
claim to fame?  You certainly showed your audience with your response
'directly to the authors' of "Cyberinsecurity: The Cost of Monopoly. How the
Dominance of Microsoft Products Poses a Risk to Security." 

http://www.mcpmag.com/newsletter/article.asp?EditorialsID=170

I take it that in the healthy debate than ensued the authors of that little
piece clarified their position to your satisfaction.

Why has your boss sent you? What ails him that he is incapable of posting
this little "challenge" of his himself?

It appears that the "security watch" newsletter is published only to / by
Microsoft Certified Professional Magazine Online why have you tried to
suggest that the "JAVA publication, a couple for the Feds, some for
education market" will be the audience of this as well. 

What do you mean you are not an employee? "Security Watch" is your column.
Perhaps you do it for free in order to generate goodwill amongst the
subscribers of your magazine, who all no doubt have a vested interested in
everything Microsoft. Then with a bit of luck they'll end up buying your
book[s]?

Roberta Bragg, MCSE: Security, CISSP, Security+ and contributing editor for
MCP Magazine, runs Have Computer Will Travel Inc., an independent firm
specializing in security, operating systems and databases. She's a frequent
speaker and trainer for TechMentor. 
Her newest book is MCSA/MCSE Implementing and Administering Security in a
Windows 2000 Network Exam Cram 2 (Exam Cram 70-
214) by Que Publishing. You can contact Roberta about "Psychologically
Acceptable Security" at .

"If you believe that Security Watch is a pro-Microsoft publication " -- nice
try. It's precisely this rank amateur gibberish that Microsoft employees
along with its little elves that defines it's inability to do anything
right. 

Microsoft Certified Professional Magazine Online:

<meta name="description" content="Microsoft Certified Professional Magazine
brings you the latest independent information on Microsoft products and MCP
certification programs and is relied upon by Windows, SQL Server and .NET
experts worldwide."><meta name="keywords" content="Microsoft, MCSE, MCP,
MCSD, MCP, MCSA, MCDBA, MCT, 2003, Windows, NT, XP, RSS, XML, Certification,
IT, Salary, Engineer, Windows, Internet, Certify, Exam, Test, Network,
Office, Magazine, Computer, .NET, Online">

The "Security Watch" column inside the "Microsoft Certified Professional
Magazine" catering [and relied upon mindyou]to Windows, SQL Server and .NET
experts worldwide is not 'pro' 
[whatver that is supposed to mean] Microsoft.

Get your boss out of his Microsoft logo'd Lazy Boy recliner and post and run
his debate here. On this mailing list. Where it can be debated. Not
addressed in reply one time like you did before.

And he can donate his not inconsiderable sum of a grand total of "$50.00" to
the SPCA.

Ridiculous.


--
http://www.malware.com



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ