Re: [ISN] Re: Microsoft MCSE training faulted

From: InfoSec News (isnat_private)
Date: Sun Aug 26 2001 - 02:51:59 PDT

  • Next message: InfoSec News: "[ISN] Linux Advisory Watch - August 24th 2001"

    Forwarded by: Richard Forno <rfornoat_private>
    Part of the problem is that vendors see 'certification' as another big
    revenue source...remember the days when computers and software shipped
    with buccoo documentation, and the Z89 had pull-out schematics???
    Now you might get a 10-page PDF file, half of which is the disclaimer
    of liability, with directions to visit the vendors' website for
    further help.
    Win31, DOS, shipped with 2" thick users guides that folks could learn
    from and use as a resource. Now you get next to nothing.
    Thus, folks use software they probably don't know as much about as
    they should......some might argue a product that's been shipped
    incomplete, without the documentation.
    So you pay some MCS-whatever to come in and fix what you should have
    known in the first place.
    FWIS, "security" training should not focus on how to lock NT, Unix,
    whatever - rather, it's principles that apply ACROSS computer
    platforms that draws on the security functions of the various products
    and doesn't operate in a vacuum. Security is 90% great system
    administraton and 10% specialized knowledge. This article has got it
    backwards!  More specifically, good security starts with effective
    software development and testing, of which MS has zero, contrary to
    their marketing minions. (IMO, what they sell on the shelves as
    'retail' is actually a final wide-scale beta test).
    It's all about business, and developing revenue streams.
    rick /
    > From: InfoSec News <isnat_private>
    > Reply-To: InfoSec News <isnat_private>
    > Date: Fri, 24 Aug 2001 03:46:11 -0500 (CDT)
    > To: isnat_private
    > Subject: [ISN] Re: Microsoft MCSE training faulted
    > Forwarded from: Felix von Leitner <leitnerat_private>
    > Thus spake InfoSec News (isnat_private):
    >> ml
    >> Lack of focus on security in professional training seen as factor in
    >> spread of viruses
    > Excuse me?
    > Is it _Outlook_ and _IIS_ and _IIE_ and _VBE_ that get infected all
    > the time or is it MCSEs or the code they wrote?
    > The only one who needs security training here is Microsoft.
    > Felix
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Sun Aug 26 2001 - 07:40:03 PDT