I was reminded of Bruce Schneier's recent Cypto-Gram Newsletter today.  His editorial goes out of the way to be out of date and just plain wrong. By his second paragrpah he has completely discreditted himself. He takes quotes out of context, like culps comment on the UPNP bug being "the first network based, remote compromise" in (client) Windows by giving server vuln examples. He also mentions a IE bug that "Microsoft is busy ignoring". Who wants to bet he actually asked secure@microsoft.com about it? Unfortunatly he gets away with that one because ms vuln people don't release a bulltien untill it's confirmed, and there is evidence of the vuln in the wild or there is a good workaround for the bug (the patch that fixes would count). (fyi: the patch for thoose issues have already come out now, and thanks to the "Information Anchary" reporting, people have been vulnerable to script kitty attacks with it as microsoft was creating and testing the fix). The most serious thing about his rant is the way he takes a real issues and combines them with things that were solved years ago (like the office macros paragraph) and things that he is completely guessing about and treating like fact (centralized customer databases). Finally it the end he links to a series of one sided sources.

In the end, you should stick to the stuff he is an expert about, like encryption, when you listen to his writting, and go elsewhere for editorials about Microsoft and security (there are plenty). Remebering at least one of the integrity rules myself, I'm a test developer in windows networking (but not speaking for Microsoft).
3:47:01 PM    comments ==

Last night I ate at Serafina. The food was okay, the ambiance was nice. Suggestion: stick to the appetizers.
11:48:35 AM    comments ==

I went to install the .NET frameworks killer app, Terrarium, and found that it requires admin rights to run it at least because it wants write writes in program files. I wrote my feedback and will have to wait for the people behind it to get a clue. At work I don't run as administrator, do you?
10:50:03 AM    comments ==

CNET news is reporting that Linda Stone is leaving Microsoft. (Although she emailed me that the WSJ article is much more acurate.) I'm sadden that she is leaving because she brought a lot of really intresting speakers to microsoft for talks. I personally went to hear (or watched live): Malcolm Gladwell, Eric Schlosser, Lawrence Lessig, Tim O'Reilly and David Farber because of her series and I look forward to listening many of the other talks archived at msrn. I wish her luck in whatever she chooses to do (or not do :) ) in the future.
10:19:41 AM    comments ==