BufferOverrun

There's a chat with Mike Nash on Monday. He really drives a ton of what's going on with security at Microsoft, so this is definately worth attending.

From the chat page:

Discussion on Trustworthy Computing and security at Microsoft with Security Business Unit Vice President Mike Nash. Come with your questions on security products, initiatives and issues for Mike.

June 16, 2003
10:00 - 11:00 A.M. Pacific time
1:00 - 2:00 P.M. Eastern time
17:00 - 18:00 GMT
18:00 - 19:00 BST

Click here on Monday. Links to all the TechNet chats can be found here. Here's the Add to Calendar link.

I have argued with my friends that Start Trek the Next Generation, is just slightly off when it comes to portraying the Borg. As I see it, we'll be a lot more like the Borg than we will the crew of the Enterprise. I see a future that's somewhat like the one that Cory Doctorow describes in Down and Out In the Magic Kingdom, that is technology that's invisible, but completely pervasive.

So that's where the SPOT Watch comes in. I'm really excited about this new technology. I can't wait to use it. And I can't wait for the tech from this, to propagate out to the rest of us.

The bottom line is that it will happen and we will be Borg-like. (Hopefully better looking though.)

This is cool.

Ed Kaim Developer Center Home

Security is getting to be everyone's job at work. Today, this e-mail was sent out by content manager Matt Lusher to the publishing teams at MSDN.

"I was just fixing a security issue with sample code in a technical article today and realized it’s the second time in the past couple of weeks I’ve found such things in articles or standalone code samples. In both instances, the author demonstrated connecting to a SQL database using the sa login with no password. It seems that lots of people think it’s no big deal to do this in sample code, on the theory that the login is not integral to the point they’re making, and of course any real programmer knows not to do this in a production application. Well, as we know, our audience is not so universally hip to security issues, and tends to cut and paste code directly into their apps without thinking about it at all. Upshot: we need to be diligent about looking for security issues, as best we can identify them, when we review articles and code, and make sure we don’t allow MSDN to unwittingly advocate unsafe coding practices."

People here are serious about this stuff, and that's a very good thing. If you notice security issues in an MSDN article, please take a minute to hit that Contact Us link at the bottom of the page and let us know.