Steve Riley on Security

Formerly of Microsoft's Trustworthy Computing Group.

TechEd 2009: Never too early to start planning

TechEd 2009: Never too early to start planning

  • Comments 14
  • Likes

What's on your mind? What do you want to learn more about? Tell me, tell me...

Oh, and for 2009 I plan to stay at TechEd US for both weeks. I want to start spending more time with developers -- they need some security love too :)

Comments
  • Hi Steve,

    Any plan of visiting Tech.Ed Australia this year or in future?

    Cheers

    Shoaib

  • Of course! I'll be in Sydney for TechEd next week, matter of fact. It'll be my sixth year for TechEd Australia.

    My full TechEd schedule for 2008 is:

    • 10-13 June: North America (completed)
    • 3-6 Aug: South Africa (completed)
    • 11-14 Aug: Southeast Asia (completed)
    • 1-3 Sep: New Zealand
    • 3-6 Sep: Australia
    • 23-25 Sep: Taiwan
    • 8-10 Oct: Hong Kong
    • 14-16 Oct: Brazil
    • 3-7 Nov: Europe

  • Hi Steve,

    Always enjoy your sessions at TechEd Australia.

    Suggestions for the next TechEd:

    1. Something similar to the session about helping your relatives and friends with security related issues. But with a different angle - raising awareness of what modern malware can do. New ways of propagation, new ways of hiding (you need to be aware of the new tricks in order to be better prepared). How can Microsoft product help. WHICH products can we use for home PCs (especially if some people still run XP)

    2. Top 10 developers' sins (in terms of insecure coding) - with the real code samples.

    3. Similar to (2) but a quick break-out session format. Show a code sample and ask "what's wrong with it".

    4. IPv6 - continuation of your theme about "a datacentre without a backend link".

    5. SDL (Michael Howard and his team) - real life experience from Microsoft. How has it really helped to reduce the percentage of bugs attributed to Microsoft.

  • g'day Steve,

    mate, as always, your presentations are the most informative, stimulating and entertaining.

    if your busy schedule allows, i'd love to see the powerpoint from your aust tech-ed "10 thingies you need to know/do/something" presentation. i try to never take notes when you're speaking because i miss too much (feel free to remove anything you don't want saved online forever)

    unfortunately i couldn't clone myself and be in 3 places at once, so i only got your last talk, next time i'll be more organised

    keep making us think, we won't do it on our own. i'm sure that every country wants to adopt you, so do we

    avagoodone

  • Gday Steve,

    Do we still need to fear online financial transactions..?? Help us to get the word out... Its ok to use your credit card online when??...well you tell us what criteria we should put in place to minimize risk and maximize availability, not as a technician but as a user and promoter of on-line services. Should it be BPay only or are we ok just to type those numbers in like there's no tomorrow, should we have a separate account for online purchases or are our identities so at risk that we should steer clear of any sites that aren't amazon or ebay..??

    These are my concerns and maybe others feel the same..??

    I know you like to freak us out with your analysis so bring it on we like horror stories.

    Regards as always,

    KJM

  • Steve, I spoke with you at TechEd in Orlando this year about this subject.  Personally - I like to see live demos... Yes yes, I do like the "Marcus" sessions which some of you might think is just learning to hack, but I get a lot out of it and I also understand that "Demos always fail."  You always have great subjects, and I'm certain whether or not you decide to do live demos, it'll be good.  Subjects: How safe are your healthcare records, more about two factor authentication -vs- passwords -vs- pass phrases.  More on Domain Isolation and IPV6.  How about some thoughts on blocking traffic from certain countries (if your business permits it).

    Rich

  • I'd like something on why the world must move to IPv6 - we need to get this thing moving!

    The 21st century networking presentation this year was a good example of why people should consider it because up to now the only reason people know about IPv6 is because one day in the future IPv4 will run out.

  • Hey Steve...I caught your Friday afternoon session on the next gen network @ TechEd 2008 Orlando...

    Did you ever get a white paper done on it???

    I would like more of these types of sessions...

    Thanks...Mike

  • YADmitry-- yeah, next year I want to spend some of my time with developers. Seems like the majority of intrusions these days is through buggy custom apps, so we need to give developers some more security love. And I'm also considering a very deep dive into IPv6 for admins (can I just say I hate the phrase "IT pros"? haha)

    andrew-- check the new "Resources for you" on the right-side of this page...it's got links to PPTs and videos. Thanks for your kind words.

    Kenneth-- I'm not sure I can give you a short answer here. I don't fear online transactions, I conduct them all the time. I'm certainly confident in SSL; but I'm less confident in all the various applications I might be interacting with -- what with the seemingly unending parade of cross-site scripting and format errors (these are always application bugs, not OS or network bugs). I'm sensing that maybe there's a presentation topic here, probably more for developers than for admins or end-users, though...

    Rich-- Don't get me wrong, I love Marcus. I know he's fun! But somebody's gotta clean up after him, ya know? *Big heavy sigh, huge grin*

    Tez-- yep, more support for an IPv6 talk. Down to the bare metal :)

    Michael-- alas, not yet. Conference season has kept me busier than I predicted. I hope to get this done early next year.

  • No Worries...

    I've been so busy with my book that I haven't even touched my notes/info from TechEd:(

  • Actually this is really bad thread mining, BUT ... three years ago Jasper did a demo to TechEd in New Zealand around security problems with front end code, (he used SysInternals tools and a few others to gain Admin rights on the DC) it made the developers sit up and take notice that they had some responsibility in this area too.

    Any chance of a Riley version of that demo again?

  • Hi Mr. Riley, any dates or plans for Teched 2009 Europe? if so where and when please??

    Keep up the fantastic work you do.

    Thanks

  • I am also interested in your Europe Teched appearance.  Any info yet?

  • Steve, at Teched Australia 2008 you did a session on making all PC's internet connected and shrinking the corporate firewall to only enclose key services.

    It would be great to have an update to that with real world examples of how to do it properly.

    You did mention you were going to do an article on it but i can't find it so assuming either you are way too busy or i'm too poor at searching for stuff.

    Regards.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment