01:22 PM
Connect Directly

Microsoft Security In 140 Characters Or Less

When Microsoft's JG Chirapurath said he would stick to Twitter's maximum capacity of 140 characters for his responses in our twitterview last week, he wasn't kidding.

When Microsoft's JG Chirapurath said he would stick to Twitter's maximum capacity of 140 characters for his responses in our twitterview last week, he wasn't kidding.My interview with Chirapurath, senior director of Microsoft's identity and security business group, via Twitter last week was fun, interesting, and frustrating -- all at the same time. I'd never conducted a twitterview before, so this was a refreshing change of venue. JG deftly condensed his responses into bite-sized answers -- some that provided insight into Microsoft's strategies, and others that left me wishing I had more than the 30 minutes we had allotted (lesson learned) so I could drill down more on some of the topics.

And the natural Twitter-time lag time between my tweeted questions and his tweeted responses felt like dead-air moments in a television interview.

But one thing I learned from the twitterview format is that while it limits the verbiage, it doesn't leave much room for marketing speak, and its informality makes it a little more personal. It forces stripped-down responses that cut to the chase.

Aside from not carving out enough time for the twitterview, another mistake I made was forgetting to address JG at his Twitter account, @MS_Forefront, in my first few tweets. Anyway, I'm open to any suggestions to improve the experience, so feel free to hit me with some ideas @DarkReading.

Will Dark Reading twitterview again? Absolutely.

Anyway, in case you missed it or want a recap, here's a "twitterscript" of the interview last week:

DarkReading Kelly Jackson Higgins here for Dark Reading, with JG Chirapurath, sr director of Microsoft's ID & security biz grp. Hi JG. #MSFTtweet 2:30 PM May 6th via web

DarkReading Welcome everyone to our twitterview. #MSFTtweet 2:32 PM May 6th via web

DarkReading JG, are you ready to start? #MSFTtweet 2:33 PM May 6th via web

MS_Forefront @DarkReading ready when you are ... I feel 140 charac pithy this AM ^JGC 2:35 PM May 6th via CoTweet

DarkReading Great. What struck me among the anncmnts yesterday by MSFT was the support for 5 different vendor AV engines. Why multivendor? #MSFTtweet 2:37 PM May 6th via web

DarkReading (and feel free to go over 140--I'll remain pithy) .;-) #MSFTtweet 2:37 PM May 6th via web

MS_Forefront@DarkReading - Multivendor coz no one vendor can catch or see all the threats out there. This is the way to go #MSFTtweet 2:39 PM May 6th via CoTweet

DarkReadingWill we see more of this mulitivendor strategy by MSFT in other products? If so, can you say which ones? #MSFTtweet 2:40 PM May 6th via web

MS_Forefront @DarkReading 4 sure in the sec. FPE/FOPE already uses it. TMG uses cloud with info from industry to enable web filtering. ^JGC #MSFTtweet 2:42 PM May 6th via CoTweet

DarkReadingThere's been a lot of discussion of the future of signature-based scanning. How does MSFT see the role of signatures evolving? #MSFTtweet 2:45 PM May 6th via web

MS_Forefront@DarkReading There's always a role for it but the key trend is aggregating thrt int - we vendors have to work 2gether better ^JGC #MSFTtweet 2:48 PM May 6th via CoTweet

DarkReadingOne of our readers asks what advantage is of Forefront Protection for SharePoint 2010 --doesn't it rely (mainly) on signatures? #MSFTtweet 2:49 PM May 6th via web

MS_Forefront@DarkReading 3 thngs. Deep integ w/ SP2010 & BPOS.Prvnts users from up/dwnldng infect docs. Multiengines. Ups the game IMHO ^JGC #MSFTtweet 2:53 PM May 6th via CoTweet

@MS_Forefront How does the new Active Directory FS 2.0 work with CardSpace, and how will it with CardSpace 2.0? #MSFTtweet 2:55 PM May 6th via web

MS_Forefront@DarkReading we're delivering a Cardspace CTP that enables released ADFS 2.0 in WinServer to issue InfoCards ^JGC #MSFTtweet 3:00 PM May 6th via CoTweet

DarkReading@MS_Forefront (Shifting gears a bit here): What is the status of the U-Prove crypto technology MSFT announced at the RSA con? #MSFTtweet 3:03 PM May 6th via web

MS_Forefront@DarkReading - cntng to invest. Rlsd CTP @ RSA int U-Prove with ADFS, WIF. Rlsd a 2nd spec via OSP dscrbng int using WS* & InfoCards. ^JGC 3:08 PM May 6th via CoTweet

MS_Forefront @DarkReading - Got to run. Thanks very much. This was a lot of fun. Let's do this again soon. ^JGC #MSFTtweet 3:09 PM May 6th via CoTweet

DarkReading@MS_Forefront Thank you for your time, JG. We'll have to carve out more time next time. #MSFTtweet 3:11 PM May 6th via web

-- Kelly Jackson Higgins, Senior Editor, Dark Reading Follow Kelly (@kjhiggins) on Twitter: Kelly Jackson Higgins is Executive Editor at She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-10-25
The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406.

Published: 2014-10-25
The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files.

Published: 2014-10-25
EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force a...

Published: 2014-10-25
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call.

Published: 2014-10-25
CRLF injection vulnerability in IBM Tivoli Integrated Portal (TIP) 2.2.x allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.