Well, in case you don’t subscribe, I’m now the official editor of the Microsoft Technical Audience Security Newsletter. It’s nice to actually get a security professional as the actual owner of the newsletter, and hopefully I’ll be able to weed out the material that’s not related to our topic. That being said, we also want to start including some material that is pertinent to you not only in a “hard skill, how do I install/configure Microsoft’s Product X?”, but we also want to be sure that we have some good information out there that will assist you in the current economic situation that we now find ourselves. Yes, even the once booming world of information security has been hit by the bad economy. To that end, I would like to start covering some things like professional career advice, how to build those business skills, how to tweak your resume, etc. I think these will all be of great benefit.
Also, I want to hear your valid feedback. Don’t email me about how you ‘re sent in money to some Nigerian prince and you haven’t seen your money since. Also, don’t fire up an email to ask me why your machine tends to BSOD with a STOP 0x7E when you install that driver you wrote in your garage. If I don’t see valid suggestions about topics to discuss or ways to make this security newsletter better….it’s getting deleted.
This month we’re talking about database security. Good ‘ol SQL Injection. Get ready….it’s going to be a fun ride.
Also, I want to hear your valid feedback. Don’t email me about how you ‘re sent in money to some Nigerian prince and you haven’t seen your money since.
Valid feedback; I'm about to write articles; I've done some preliminary work to test my ability to write -in english- and be considered valuable. If I write an article it has to be worthwile !!! Besides, I don't want to 'be foolish' or -worse- be taken lightly.
Thinking of DirectAccess as "a 5,000 mile CAT-5 cable" isn't doing it for me; I'd worry about that even more!
Some details would be nice about how/why it's safe to allow an additional access route that doesn't *appear* to require the same level of authentication as the old VPN route.
I'm sure I'm not the only one...