Wow, what a week! I have been the lucky one in our team to have the honour of patching all our servers this month. With 6 hotfixes + 1 out of band, it kept me up late into the nights on Wed and Thurs. Have to work on patching 3 of our Windows clusters this weekend. I have been listening to a few podcasts this week during my drive to and fro work. I enjoy listening to Leo and the panel gets together. I have been listening to a few TWIT and SecurityNow sessions this week. I truly enjoy listening to the TWIT sessions when Leo has Cory Doctorow on the panel. Simply said, Corey is amazing. I can listen to him talk and he keeps me engaged. I have been listening to the same podcasts which have him on, and I hear and learn something new everytime. The guy is smart, geeky and knows how to talk. Oh yeah! The word of the week that I picked up from him is “explicable”. Check him out in the TWIT session 68 ”Chavvy” that had him talking about WIPO, broadcasting rights and stuff. Wow, Corey you are amazing. Also heard the SecurityNow session 58 with Steve Gibson talking about the VML vulnerability. While it was an informative session, I think Leo and Steve ought to be careful about simply asking listeners to attempt a fix/workaround for a vulnerability without assessing/guaging an impact. I mean, yes, unregistering the VGX.dll or applying a private hotfix may reduce the attack possibility, but, after the official patch is released by Microsoft, would the users (especially the home users) know how to unregister the DLL? Also recommending users to apply a private hotfix from a 3rd vendor….I am not sure if those are good things to convey in a podcast, especially knowing that you have a wide audience. You can see that a few of the listeners have posted comments on the site asking for directions on how to uninstall the private hotfix. I am sure Leo/Steve understand that when an official hotfix is released, MS always recommends backing out any changes made to mitigate the risk before applying the hotfix. I am not sure how many users have had issues knowing how to backout the changes before applying the fix, but I think Steve/Leo ought to assess things a bit more before making any recommendations. We listeners appreciate all the information, but, the caveats ought to be conveyed so that the listeners understand the risks and weigh the options on whether to close the hole immediately or wait for the hotfix to be officially released by MS. I have always monitored the MSRC blog and I think the Security guys at MS do a great job of keeping everyone informed on a vulnerability, their assessment and the status of a hofix, if they need to released one out-of-band.
Another podcast that I heard this week was the one from Podtech.net. It was Jennifer Jones interviewing Robert Scoble in Marketing Voices. The Robert Scoble. It is an excellent session and if anyone wants to know and understand how blogging can make a difference, especially when it comes to reaching out to a consumer/customer and providing them a service, this is the sesssion to listen to! Robert’s thoughts and reasons (except for the “Don’t blog” comment 
) are right on the money. I wish he was interviewed by someone a bit more experienced though. How about Leo Laporte interviewing Robert Scoble? Now, that would be awesome!! Nothing against Jennifer Jones (the lady who interviewed Robert), but, you can tell that she is new to the whole thing. I could not even understand what she said and implied in the last sentence at the end of the session. And hey Jennifer, take it easy, enjoy and have fun in your podcasts. Robert was so relaxed and enjoying himself, but, boy you were trying to make it serious/boring. But, overall, it was a good session. Had fun listening to Robert. “The rewards go to the risk takers. If the risk goes down, the rewards go down”. So very true! I work for an organization that has a very minimal presence in blogspace. For the life of me, I can’t understand how they can afford to stay off. There are so many things that an organization can do, to make an impact and provide exemplary customer service. As Robert says, start small and get better!
Just downloaded a couple of Videoblogs from ScobleShow. I hope Robert starts posting some “audio only” content for guys like me, who don’t get to see videoblogs as often as getting to hear audio podcasts. Podcasts, heard Leo mention that Apple is trying to control how and where the word “podcast” is used. It’s a joke. What does a company not do, to protect its interest… Oh well, Leo I am cool with Netcasting too. Podcast or Netcast, I am sure gonna listen to a new TWIT session every week. Hey, try and bring Corey on for every session, if you can. He is da man! You know there is someone listening always! Until next time…!
Just noticed that there is a link out to a posting at grc.com by Steve Gibson/SecurityNow talking about the backout/re-registering procedures for VGX.dll.
