Re: [ISN] Re: Microsoft MCSE training faulted

From: InfoSec News (isnat_private)
Date: Sun Aug 26 2001 - 02:51:59 PDT

Next message: InfoSec News: "[ISN] Linux Advisory Watch - August 24th 2001"

Previous message: InfoSec News: "[ISN] Updated release"
Maybe in reply to: InfoSec News: "[ISN] Re: Microsoft MCSE training faulted"
Next in thread: InfoSec News: "Re: [ISN] Re: Microsoft MCSE training faulted"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Forwarded by: Richard Forno <rfornoat_private>

Part of the problem is that vendors see 'certification' as another big
revenue source...remember the days when computers and software shipped
with buccoo documentation, and the Z89 had pull-out schematics???

Now you might get a 10-page PDF file, half of which is the disclaimer
of liability, with directions to visit the vendors' website for
further help.

Win31, DOS, shipped with 2" thick users guides that folks could learn
from and use as a resource. Now you get next to nothing.

Thus, folks use software they probably don't know as much about as
they should......some might argue a product that's been shipped
incomplete, without the documentation.

So you pay some MCS-whatever to come in and fix what you should have
known in the first place.

FWIS, "security" training should not focus on how to lock NT, Unix,
whatever - rather, it's principles that apply ACROSS computer
platforms that draws on the security functions of the various products
and doesn't operate in a vacuum. Security is 90% great system
administraton and 10% specialized knowledge. This article has got it
backwards!  More specifically, good security starts with effective
software development and testing, of which MS has zero, contrary to
their marketing minions. (IMO, what they sell on the shelves as
'retail' is actually a final wide-scale beta test).

It's all about business, and developing revenue streams.


rick 
infowarrior.org / incidentresponse.com



> From: InfoSec News <isnat_private>
> Reply-To: InfoSec News <isnat_private>
> Date: Fri, 24 Aug 2001 03:46:11 -0500 (CDT)
> To: isnat_private
> Subject: [ISN] Re: Microsoft MCSE training faulted
> 
> Forwarded from: Felix von Leitner <leitnerat_private>
> 
> Thus spake InfoSec News (isnat_private):
>> http://www.computerworld.com/cwi/stories/0,1199,NAV47-68-84-91_STO63028,00.ht
>> ml
> 
>> Lack of focus on security in professional training seen as factor in
>> spread of viruses
> 
> Excuse me?
> 
> Is it _Outlook_ and _IIS_ and _IIE_ and _VBE_ that get infected all
> the time or is it MCSEs or the code they wrote?
> 
> The only one who needs security training here is Microsoft.
> 
> Felix



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
of the mail.

Next message: InfoSec News: "[ISN] Linux Advisory Watch - August 24th 2001"
Previous message: InfoSec News: "[ISN] Updated release"
Maybe in reply to: InfoSec News: "[ISN] Re: Microsoft MCSE training faulted"
Next in thread: InfoSec News: "Re: [ISN] Re: Microsoft MCSE training faulted"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Aug 26 2001 - 07:40:03 PDT