Hi, I am a Program Manager with the Microsoft PKI team focusing on the
next generation Certificate Server. Our team is currently working on
the next version of the Microsoft Certification Server to be shipped
with the next Windows Server release. We are in the process of
defining Certificate Server's manageability features and we would
welcome your input and feedback. We want to get first hand input from
PKI customers like you to help define our manageability feature set.
Specifically, these are the 4 areas we would appreciate input on:

Performance Counters (new to Certificate Server): What perfmon
counters would you like to monitor in your environment if they were
available?
Event Logging: What new events would you like to see added?
Security Audit: What did we miss in our current audit log?
Run time trace log (enabled with "certutil –setreg –f debug" or
"certutil –setreg ca\debug 0xffffffe3"): Have you used this feature?
Is it helpful? Do you need additional level of tracing capability?

We'd appreciate any feature requests, feedback or input in the above 4
topic areas. Preferably we'd you to include one scenario for each
feature requested to help us understand how a particular feature could
be useful in what situation. Please send your list of features request
to feichua@nospamplease.microsoft.com. Note: you will need to remove
the "nospamplease." from the e-mail address before sending. We promise
to look at every single request we receive and prioritize accordingly
based on the scenarios you provide. I cannot promise an individual
response to everyone, but I will acknowledge your submission and make
best efforts to respond with feedback and questions if appropriate.
Feel free to forward this message to other PKI users/admins as
appropriate.

Thanks for your time and I look forward to all your feedback. We are
committed to deliver the best feature set based on you needs.


Fei Chua

Program Manager, Windows Certificate Server

"Fei Chua"
wrote in news:6f29d792.0409292234.4d109294@posting.google.com:
> Hi, I am a Program Manager with the Microsoft PKI team focusing on the

> ... Please send your list of features request
> to feichua@nospamplease.microsoft.com. Note: you will need to remove
> the "nospamplease." from the e-mail address before sending. ...


One, why would a Microsoft employee that is submitting a post related to
their employment be posting through Google Groups (as shown in the PATH
header) rather than through Microsoft's own NNTP server?

Two, Microsoft doesn't provide sufficient spam filtering to allow you to
use an unmunged e-mail address? Doesn't bode well for Microsoft if even
they can't figure out how to filter out the spam.

Three, why would a Microsoft employee be specifying a Hotmail e-mail
address in the From header of their post? You post with an unmunged
Hotmail e-mail address but want replies sent to a munged microsoft.com
e-mail address.

Four, the NNTP-Posting-Host shows you sent your post from a cable
account at Comcast (24.17.196.233 = c-24-17-196-233.client.comcast.net).
Microsoft has suddenly required their employees to make public
announcements from their home cable accounts?

So we have someone claiming to be a Microsoft representative who posts
through Google (instead of using Microsoft's own news server) from a
Comcast cable account who used a Hotmail account to register for a
Google Groups account and wants replies sent to a munged e-mail address
at Microsoft because they must not be capable of handling the spam and
virally-ladden e-mails that might arrive due to posting in newsgroups.

--
_________________________________________________________________
******** Post replies to newsgroup - Share with others ********
Email: lh_811newsATyahooDOTcom and append "=NEWS=" to Subject.
_________________________________________________________________

his name apear to be valid, but his adress ....


don't bother!

All,

Fei is a Program Manager in the PKI team and all the information in the
e-mail is correct.
It is possible that Fei is out of the office and cannot use his corporate
accounts, hence his use of hotmail and another posting service, but the
message content and sender are all genuine.

--

Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use these
newsgroups

"Roch Viviene" wrote in message
news:eYrW%23LtpEHA.3252@TK2MSFTNGP14.phx.gbl...[color=blue]
> his name apear to be valid, but his adress ....
>
>
> don't bother!
>
>[/color]

And how do we know that you're not 78 year old retired Finnish meteorologist
living in Helsinki?

Steve


"Mike Brannigan [MSFT]" wrote in message
news:%23shLq7tpEHA.3592@TK2MSFTNGP14.phx.gbl...[color=blue]
> All,
>
> Fei is a Program Manager in the PKI team and all the information in the
> e-mail is correct.
> It is possible that Fei is out of the office and cannot use his corporate
> accounts, hence his use of hotmail and another posting service, but the
> message content and sender are all genuine.
>
> --
>
> Regards,
>
> Mike
> --
> Mike Brannigan [Microsoft]
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights
>
> Please note I cannot respond to e-mailed questions, please use these
> newsgroups
>
> "Roch Viviene" wrote in message
> news:eYrW%23LtpEHA.3252@TK2MSFTNGP14.phx.gbl...[color=green]
> > his name apear to be valid, but his adress ....
> >
> >
> > don't bother!
> >
> >[/color]
>
>[/color]

Fei is in my team and I am his manager. Microosft employees can interact
with the newsgroups any number of ways. I happen to use the NNTP server,
others prefer to use Google or our other internal web tools. The fact is,
spammers harvest e-mail addresses from newsgroups and spam blocking software
and capabilities, although very strong and capable in Microsoft products,
still do not prevent the load from actual hitting our servers which must be
rejected.

If anyone has any question regarding the validity of his post, please feel
free to contact me. I am sure my history on these newsgroups will vouch for
itself.

--


David B. Cross [MS]

--
This posting is provided "AS IS" with no warranties, and confers no rights.

[url]http://support.microsoft.com[/url]

"Mike Brannigan [MSFT]" wrote in message
news:%23shLq7tpEHA.3592@TK2MSFTNGP14.phx.gbl...[color=blue]
> All,
>
> Fei is a Program Manager in the PKI team and all the information in the
> e-mail is correct.
> It is possible that Fei is out of the office and cannot use his corporate
> accounts, hence his use of hotmail and another posting service, but the
> message content and sender are all genuine.
>
> --
>
> Regards,
>
> Mike
> --
> Mike Brannigan [Microsoft]
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights
>
> Please note I cannot respond to e-mailed questions, please use these
> newsgroups
>
> "Roch Viviene" wrote in message
> news:eYrW%23LtpEHA.3252@TK2MSFTNGP14.phx.gbl...[color=green]
>> his name apear to be valid, but his adress ....
>>
>>
>> don't bother!
>>
>>[/color]
>
>[/color]

"Steve" <56steve19_at_hotmail_dot_com> wrote in message
news:%238kxygupEHA.800@TK2MSFTNGP14.phx.gbl...[color=blue]
> And how do we know that you're not 78 year old retired Finnish
> meteorologist
> living in Helsinki?
>
> Steve[/color]

Well,

Look at some of the data in the header on MY post

Firstly I'm posting using Outlook Express so you get a real header.
Now look at my posting host. NNTP-Posting-Host: tide71.microsoft.com
213.199.128.147
If you do a reverse lookup
[url]http://www.checkdomain.com/cgi-bin/checkdomain.pl?domain=213.199.128.147[/url]
you will see that I am posting directly to one of our newshosts inside the
Microsoft corporate network in the Dublin datacenter.

You could also look at the TechNet chats that I have been involved in as a
subject matter expert on Windows Server 2003/Active Directory/Group
Policy/Windows XP etc.
[url]http://www.microsoft.com/technet/community/chats/trans/default.mspx[/url]
I was involved in one last night (the transcript will be up in a couple of
days) on Group Policy
I will also be on the one today
[url]http://www.microsoft.com/technet/community/chats/default.mspx[/url]
and again on Friday - feel free to drop by and post any relevant questions.

I think that just about covers off the "who am I" bit.
--

Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use these
newsgroups

"Steve" <56steve19_at_hotmail_dot_com> wrote in message
news:%238kxygupEHA.800@TK2MSFTNGP14.phx.gbl...[color=blue]
> And how do we know that you're not 78 year old retired Finnish
> meteorologist
> living in Helsinki?
>
> Steve
>
>
> "Mike Brannigan [MSFT]" wrote in message
> news:%23shLq7tpEHA.3592@TK2MSFTNGP14.phx.gbl...[color=green]
>> All,
>>
>> Fei is a Program Manager in the PKI team and all the information in the
>> e-mail is correct.
>> It is possible that Fei is out of the office and cannot use his corporate
>> accounts, hence his use of hotmail and another posting service, but the
>> message content and sender are all genuine.
>>
>> --
>>
>> Regards,
>>
>> Mike
>> --
>> Mike Brannigan [Microsoft]
>>
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights
>>
>> Please note I cannot respond to e-mailed questions, please use these
>> newsgroups
>>
>> "Roch Viviene" wrote in message
>> news:eYrW%23LtpEHA.3252@TK2MSFTNGP14.phx.gbl...[color=darkred]
>> > his name apear to be valid, but his adress ....
>> >
>> >
>> > don't bother!
>> >
>> >[/color]
>>
>>[/color]
>
>[/color]

what a feedback....


maybe Vanguardx make a joke and you need to take it as is

sugestion: every user in this newsgroups could be authentificated with a
certificate, or only who wants to. with this everyone who wants could show
his real identity, and could be verified.

if is possible?

Vanguardx,

Maybe MS applied SP4 on their servers and MS nntp service (that ships as
part of IIS on Win2ks) was gone (puff) like mine (and my organization's)
when I applied the same SP... The reason for this, as MS stated in their
site, was that it was a beta release, and so, not needed! (using some
other fancy words).

Needless to say that most of the organization's workflow (the droped one)
was using MS nntp service until that SP was applied.

Also needless to say is that it was not stated in the software
installation procedure that it was a beta release appart from that usual
EULA that states "... bla bla this software *AS IS*" (pls note: not *AS
WAS*!) before one opens the product.

I still don't know quite well how to face this since I still apply SPs and
patches on a stated "finished product release".

Maybe SP5 (if ever) will wipe out the entire win2ks?

Regards,
rusga

PS: All legal and contractual MS software and SP cds.


On Thu, 30 Sep 2004 03:46:33 -0500, Vanguardx wrote:
[color=blue]
> "Fei Chua"
> wrote in news:6f29d792.0409292234.4d109294@posting.google.com:[color=green]
>> Hi, I am a Program Manager with the Microsoft PKI team focusing on the[/color]
> [color=green]
>> ... Please send your list of features request
>> to feichua@nospamplease.microsoft.com. Note: you will need to remove
>> the "nospamplease." from the e-mail address before sending. ...[/color]
>
>
> One, why would a Microsoft employee that is submitting a post related to
> their employment be posting through Google Groups (as shown in the PATH
> header) rather than through Microsoft's own NNTP server?
>
> Two, Microsoft doesn't provide sufficient spam filtering to allow you to
> use an unmunged e-mail address? Doesn't bode well for Microsoft if even
> they can't figure out how to filter out the spam.
>
> Three, why would a Microsoft employee be specifying a Hotmail e-mail
> address in the From header of their post? You post with an unmunged
> Hotmail e-mail address but want replies sent to a munged microsoft.com
> e-mail address.
>
> Four, the NNTP-Posting-Host shows you sent your post from a cable
> account at Comcast (24.17.196.233 = c-24-17-196-233.client.comcast.net).
> Microsoft has suddenly required their employees to make public
> announcements from their home cable accounts?
>
> So we have someone claiming to be a Microsoft representative who posts
> through Google (instead of using Microsoft's own news server) from a
> Comcast cable account who used a Hotmail account to register for a
> Google Groups account and wants replies sent to a munged e-mail address
> at Microsoft because they must not be capable of handling the spam and
> virally-ladden e-mails that might arrive due to posting in newsgroups.
>[/color]

.... Am I blue? Not quite. There are many colors in the rainbow. Red is one.

Regards,
rusga

On Wed, 29 Sep 2004 16:22:30 +0100, rusga wrote:
[color=blue]
> Vanguardx,
>
> Maybe MS applied SP4 on their servers and MS nntp service (that ships as
> part of IIS on Win2ks) was gone (puff) like mine (and my organization's)
> when I applied the same SP... The reason for this, as MS stated in their
> site, was that it was a beta release, and so, not needed! (using some
> other fancy words).
>
> Needless to say that most of the organization's workflow (the droped
> one) was using MS nntp service until that SP was applied.
>
> Also needless to say is that it was not stated in the software
> installation procedure that it was a beta release appart from that usual
> EULA that states "... bla bla this software *AS IS*" (pls note: not *AS
> WAS*!) before one opens the product.
>
> I still don't know quite well how to face this since I still apply SPs
> and patches on a stated "finished product release".
>
> Maybe SP5 (if ever) will wipe out the entire win2ks?
>
> Regards,
> rusga
>
> PS: All legal and contractual MS software and SP cds.
>
>
> On Thu, 30 Sep 2004 03:46:33 -0500, Vanguardx wrote:
>[color=green]
>> "Fei Chua"
>> wrote in news:6f29d792.0409292234.4d109294@posting.google.com:[color=darkred]
>>> Hi, I am a Program Manager with the Microsoft PKI team focusing on the[/color]
>> [color=darkred]
>>> ... Please send your list of features request
>>> to feichua@nospamplease.microsoft.com. Note: you will need to remove
>>> the "nospamplease." from the e-mail address before sending. ...[/color]
>>
>>
>> One, why would a Microsoft employee that is submitting a post related
>> to their employment be posting through Google Groups (as shown in the
>> PATH header) rather than through Microsoft's own NNTP server?
>>
>> Two, Microsoft doesn't provide sufficient spam filtering to allow you
>> to use an unmunged e-mail address? Doesn't bode well for Microsoft if
>> even they can't figure out how to filter out the spam.
>>
>> Three, why would a Microsoft employee be specifying a Hotmail e-mail
>> address in the From header of their post? You post with an unmunged
>> Hotmail e-mail address but want replies sent to a munged microsoft.com
>> e-mail address.
>>
>> Four, the NNTP-Posting-Host shows you sent your post from a cable
>> account at Comcast (24.17.196.233 =
>> c-24-17-196-233.client.comcast.net). Microsoft has suddenly required
>> their employees to make public announcements from their home cable
>> accounts?
>>
>> So we have someone claiming to be a Microsoft representative who posts
>> through Google (instead of using Microsoft's own news server) from a
>> Comcast cable account who used a Hotmail account to register for a
>> Google Groups account and wants replies sent to a munged e-mail address
>> at Microsoft because they must not be capable of handling the spam and
>> virally-ladden e-mails that might arrive due to posting in newsgroups.
>>[/color]
>[/color]

"Roch Viviene"
wrote in news:OqaggWvpEHA.3868@TK2MSFTNGP15.phx.gbl:[color=blue]
> what a feedback....
>
>
> maybe Vanguardx make a joke and you need to take it as is[/color]

Not a joke. I felt it was suspicious that Fei was posting through
Google Groups that got registered using a Hotmail account but wanted
e-mails to go to the Microsoft domain but his post was made when he was
using Comcast account.

As far as Steve's comment regarding the validity of Mike, well, Mike
already popped my balloon in responding to Steve to take a look at the
NNTP-Posting-Host header.

--
_________________________________________________________________
******** Post replies to newsgroup - Share with others ********
Email: lh_811newsATyahooDOTcom and append "=NEWS=" to Subject.
_________________________________________________________________

"Roch Viviene"
wrote in news:%233LA$ZvpEHA.2684@TK2MSFTNGP11.phx.gbl:[color=blue]
> sugestion: every user in this newsgroups could be authentificated
> with a certificate, or only who wants to. with this everyone who
> wants could show his real identity, and could be verified.
>
> if is possible?[/color]

Yes, you can digitally sign your posts. Unfortunately Outlook Express
doesn't know how to properly handle PGP digital signatures and shows the
PGP hash data inside the message body instead of as an attachment. I've
even seen where PGP-signed messages show as a blank body and the message
is in a .txt attachment (i.e., OE moved all the body into an attachment
instead of just the MIME parts for the digital signature). Presumably
(i.e., hopefully) OE knows how to handle x.509 certs correctly since
that's the only type of certs it really knows how to handle.

There's a "Sam" that posts in comp.mail.misc that always PGP digitally
signs his posts, you end up seeing a blank body for his post, and you
have to open the .txt attachment to see what he said. OE doesn't obey
the "Content-Disposition: inline" directive, when specified or implied
(since "attach" should be the default behavior) when "Content-Type:
application/pgp-signature". In other words, OE has problems with
MIME-signed messages when PGP is used
([url]ftp://ftp.rfc-editor.org/in-notes/rfc3156.txt[/url]), so instead of showing
those MIME parts with disposition "inline" it instead isolates them as
attachments. For example, the raw data for a message (bracketed below
between the underscore lines) might be:

________________________________________

Mime-Version: 1.0
Content-Type: multipart/signed;
boundary="=_mimegpg-commodore.email-scan.com-3514-1096456268-0002";
micalg=pgp-sha1; protocol="application/pgp-signature"


This is a MIME GnuPG-signed message. If you see this text, it means
that
your E-mail or Usenet software does not support MIME signed messages.

--=_mimegpg-commodore.email-scan.com-3514-1096456268-0002
Content-Type: text/plain; format=flowed; charset="US-ASCII"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

This is the message that you are supposed to see within the [pre]view
window of your NNTP client.

--=_mimegpg-commodore.email-scan.com-3514-1096456268-0002
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQBBWphMx9p3GYHlUOIRAgqGAJ9GyGI+qo0M22QtGIgnNmBQPGJFFgCfddZq
9teEz4KYNF42URLnAtudl7s=
=cOZh
-----END PGP SIGNATURE-----

--=_mimegpg-commodore.email-scan.com-3514-1096456268-0002--
________________________________________

The disposition of "inline" should have showed the message body within
your client's view window. The default disposition is "attach" so the
other MIME part (for the PGP signature) should have been displayed as an
attachment in your client. I've seen OE screw up in two different ways.
One has OE treating it all as disposition=attach (i.e., ignores the MIME
part with disposition=inline) and you have to read the message as a .txt
attachment. The other is with OE showing it all in the body of the
message, so you have to wade past the first non-MIME part, see the
disposition=inline part (which is the message), and then wade past the
PGP signature part (which should've been an attachment). Even Outlook
has problems regarding inline content
([url]http://support.microsoft.com/?id=814111[/url]).

I haven't seen many folks signing their newsgroup posts. Sam was an
example of how PGP does it (as Sam has configured it), and OE doesn't
correctly handle PGP-signed messages. I don't have an example of
someone posting with x.509-signed messages to see how OE handles those
or what MIME coding is used for those. If signing gets more prevalent
to identify posters then it would also be nice if OE got fixed to handle
them correctly. I, for one, don't want all the PGP signature "trash"
mixed in with the message.

The other problem with digital signatures is that they don't always
identify the sender. If you use Thawte freemail certs, you are never
identified except by your e-mail address (which could be a disposable
freebie webmail address or even an e-mail alias). Unless you bother to
go through their Web-o-trust mechanism to get more information put into
your Thawte cert then it is really a bogus cert. About the only thing a
Thawte cert is good for is to encrypt your message sent to someone that
already knows you (i.e., to them you are a trusted sender). The digital
"signature" in a Thawte cert is worthless. Anyone can get one and never
really identify who they are.

--
_________________________________________________________________
******** Post replies to newsgroup - Share with others ********
Email: lh_811newsATyahooDOTcom and append "=NEWS=" to Subject.
_________________________________________________________________

"David Cross [MS]"
wrote in news:OdzIuvupEHA.648@tk2msftngp13.phx.gbl:[color=blue]
> Fei is in my team and I am his manager. Microosft employees can
> interact with the newsgroups any number of ways. I happen to use the
> NNTP server, others prefer to use Google or our other internal web
> tools. The fact is, spammers harvest e-mail addresses from
> newsgroups and spam blocking software and capabilities, although very
> strong and capable in Microsoft products, still do not prevent the
> load from actual hitting our servers which must be rejected.
>
> If anyone has any question regarding the validity of his post, please
> feel free to contact me. I am sure my history on these newsgroups
> will vouch for itself.
>
> --
>
>
> David B. Cross [MS]
>
>
> "Mike Brannigan [MSFT]" wrote in
> message news:%23shLq7tpEHA.3592@TK2MSFTNGP14.phx.gbl...[color=green]
>> All,
>>
>> Fei is a Program Manager in the PKI team and all the information in
>> the e-mail is correct.
>> It is possible that Fei is out of the office and cannot use his
>> corporate accounts, hence his use of hotmail and another posting
>> service, but the message content and sender are all genuine.
>>
>> --
>>
>> Regards,
>>
>> Mike
>> --
>> Mike Brannigan [Microsoft]
>>
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights
>>
>> Please note I cannot respond to e-mailed questions, please use these
>> newsgroups
>>
>> "Roch Viviene" wrote in message
>> news:eYrW%23LtpEHA.3252@TK2MSFTNGP14.phx.gbl...[color=darkred]
>>> his name apear to be valid, but his adress ....
>>>
>>>
>>> don't bother![/color][/color][/color]

I would've thought there were standard procedures for releasing
Internet-based announcements (e-mail or usenet) from Microsoft that
would allow readers to qualify that the message was indeed from
Microsoft. My ISP (Comcast) contracts out some of its customer support
to eCareOnline. eCareOnline would periodically issue announcements
which proffered themselves to be official announcements from Comcast
regarding my service. When I looked at the headers, it was evident that
these officical announcements did not originate from a Comcast domain so
they were considered bogus or phishing e-mails (but all the real URL
links were to Comcast). I complained to my ISP because anything
"official" from them sent via e-mail should originate from their domain;
otherwise, such e-mails were suspect. They changed to allow eCareOnline
to submit "official" messages through Comcast's mail servers so
recipients would see those official messages as originating from
Comcast. With so much spam and scam going on which uses e-mail and
newsgroups, it behooves the company to ensure that anything issued as an
official announcement look like it actually came from them.

With this post, I saw Fei posting through a Google Groups account that
was registered using a Hotmail account but which got posted from a
Comcast account using a munged Microsoft e-mail address. That looked a
bit suspicious as the only thing "Microsoft" in this post styled to be
an official announcement was the munged e-mail address they purported as
theirs in the body of the message. Sometimes users get impersonated in
the newsgroups but you can get a consensus regarding their identity if
you check their other posts. Fei didn't have prior posts to qualify
against (and I discounted the one other post over at alt.fashion.men).
Sorry for all the hoopla but I was picturing some unsuspecting Microsoft
employee getting slammed with e-mails they didn't initiate or had
nothing to do with.

--
_________________________________________________________________
******** Post replies to newsgroup - Share with others ********
Email: lh_811newsATyahooDOTcom and append "=NEWS=" to Subject.
_________________________________________________________________

"Vanguardx" wrote in message
news:%23KPVL9%23pEHA.3896@TK2MSFTNGP15.phx.gbl...
[color=blue]
> With this post, I saw Fei posting through a Google Groups account that was
> registered using a Hotmail account but which got posted from a Comcast
> account using a munged Microsoft e-mail address. That looked a bit
> suspicious as the only thing "Microsoft" in this post styled to be an
> official announcement was the munged e-mail address they purported as
> theirs in the body of the message. Sometimes users get impersonated in
> the newsgroups but you can get a consensus regarding their identity if you
> check their other posts. Fei didn't have prior posts to qualify against
> (and I discounted the one other post over at alt.fashion.men). Sorry for
> all the hoopla but I was picturing some unsuspecting Microsoft employee
> getting slammed with e-mails they didn't initiate or had nothing to do
> with.
>
> --
> _________________________________________________________________
> ******** Post replies to newsgroup - Share with others ********
> Email: lh_811newsATyahooDOTcom and append "=NEWS=" to Subject.
> _________________________________________________________________
>[/color]

Judging by the suspicious nature of your post, I guess a lot of trolling
goes on in the groups you read Vanguardx

"Willk"
wrote in news:415dd08c$0$97360$892e0abb@auth.newsreader.octanews.com:[color=blue]
>
> Judging by the suspicious nature of your post, I guess a lot of
> trolling goes on in the groups you read Vanguardx[/color]

Well, this is a *security* newsgroup (and, by its nature, unmoderated).
I also visit the mail, spam, spyware, and [anti-]virus newsgroups. I've
also seen several impersonations.

--
_________________________________________________________________
******** Post replies to newsgroup - Share with others ********
Email: lh_811newsATyahooDOTcom and append "=NEWS=" to Subject.
_________________________________________________________________

"Vanguardx" wrote in message
news:uo8gxYAqEHA.2696@TK2MSFTNGP15.phx.gbl...[color=blue]
> "Willk"
> wrote in news:415dd08c$0$97360$892e0abb@auth.newsreader.octanews.com:[color=green]
> >
> > Judging by the suspicious nature of your post, I guess a lot of
> > trolling goes on in the groups you read Vanguardx[/color]
>
> Well, this is a *security* newsgroup (and, by its nature, unmoderated).
> I also visit the mail, spam, spyware, and [anti-]virus newsgroups. I've
> also seen several impersonations.[/color]


Thus my post earlier in the thread. I didn't actually think that Mike
Brannigan {MSFT} was a Finnish meteorologist, but someone that doesn't take
the time to check (or doesn't know what to check) wouldn't know that.

Just a reminder for some of the less savvy that everything that is read on
Usenet shouldn't always be taken at face value.

Steve

"Steve" <56steve19_at_hotmail_dot_com> wrote in message
news:O5tNaNHqEHA.3708@TK2MSFTNGP10.phx.gbl...[color=blue]
>
> "Vanguardx" wrote in message
> news:uo8gxYAqEHA.2696@TK2MSFTNGP15.phx.gbl...[color=green]
>> "Willk"
>> wrote in news:415dd08c$0$97360$892e0abb@auth.newsreader.octanews.com:[color=darkred]
>> >
>> > Judging by the suspicious nature of your post, I guess a lot of
>> > trolling goes on in the groups you read Vanguardx[/color]
>>
>> Well, this is a *security* newsgroup (and, by its nature, unmoderated).
>> I also visit the mail, spam, spyware, and [anti-]virus newsgroups. I've
>> also seen several impersonations.[/color]
>
>
> Thus my post earlier in the thread. I didn't actually think that Mike
> Brannigan {MSFT} was a Finnish meteorologist, but someone that doesn't
> take
> the time to check (or doesn't know what to check) wouldn't know that.
>
> Just a reminder for some of the less savvy that everything that is read on
> Usenet shouldn't always be taken at face value.
>[/color]

And at the same time, one must also consider the boundaries of what might be
regarded as a legitimate post without needing to check the headers.

I for one, can not see the reason for an 'impersonator' to make that post
(allthough I notice it was crossposted). Agreed, you should not take
everything on face value in the newsgroups but the content of the original
post, I feel did not warrant such a reply.


[color=blue]
> Steve
>
>[/color]

"Willk"
wrote in news:415ea7aa$0$73245$892e0abb@auth.newsreader.octanews.com:[color=blue]
>
> I for one, can not see the reason for an 'impersonator' to make that
> post (allthough I notice it was crossposted). Agreed, you should not
> take everything on face value in the newsgroups but the content of
> the original post, I feel did not warrant such a reply.
>[/color]

Why do a-holes post lists of legitimate e-mail addresses in usenet
posts? To get those recipients slammed with spam and infected e-mails.
Same could hold true for an imposter that wanted to deluge someone at
Microsoft while also frustrating Microsoft's users. The Internet is
full of pueriles. Fei didn't have enough prior posts for readers to
qualify that the post was actually his, and with all the different
non-Microsoft domains used to submit the post then it was a bit iffy
that it was a valid post. If you have ever received any phishing
e-mails, you'll realize that a message stylized as an official
announcement doesn't make it so.

"Vanguardx" wrote in message
news:ON3uOyKqEHA.3760@TK2MSFTNGP09.phx.gbl...[color=blue]
> "Willk"
> wrote in news:415ea7aa$0$73245$892e0abb@auth.newsreader.octanews.com:[color=green]
>>
>> I for one, can not see the reason for an 'impersonator' to make that
>> post (allthough I notice it was crossposted). Agreed, you should not
>> take everything on face value in the newsgroups but the content of
>> the original post, I feel did not warrant such a reply.
>>[/color]
>
> Why do a-holes post lists of legitimate e-mail addresses in usenet posts?
> To get those recipients slammed with spam and infected e-mails. Same could
> hold true for an imposter that wanted to deluge someone at Microsoft while
> also frustrating Microsoft's users. The Internet is full of pueriles.
> Fei didn't have enough prior posts for readers to qualify that the post
> was actually his, and with all the different non-Microsoft domains used to
> submit the post then it was a bit iffy that it was a valid post. If you
> have ever received any phishing e-mails, you'll realize that a message
> stylized as an official announcement doesn't make it so.
>[/color]

As far as phished emails go, most are very easy to spot for all but the most
naive users. The idea that someone would try to impersonate a Microsoft
employee at this level is quite frankly ridiculous.

However, a cross-posted message (for example) asking for complaints toward
Microsoft (to a valid MSFT recipient) may be feasible, and on these grounds
I agree with your argument. With the Sender ID program in mind, perhaps
Microsoft should reconsider their policy on making public statements via
these channels.

I think they did... where's Fei?

On Sat, 2 Oct 2004 22:33:14 +0100, Willk wrote:
[color=blue]
>
> "Vanguardx" wrote in message
> news:ON3uOyKqEHA.3760@TK2MSFTNGP09.phx.gbl...[color=green]
>> "Willk"
>> wrote in news:415ea7aa$0$73245$892e0abb@auth.newsreader.octanews.com:[color=darkred]
>>>
>>> I for one, can not see the reason for an 'impersonator' to make that
>>> post (allthough I notice it was crossposted). Agreed, you should not
>>> take everything on face value in the newsgroups but the content of
>>> the original post, I feel did not warrant such a reply.
>>>[/color]
>>
>> Why do a-holes post lists of legitimate e-mail addresses in usenet
>> posts?
>> To get those recipients slammed with spam and infected e-mails. Same
>> could
>> hold true for an imposter that wanted to deluge someone at Microsoft
>> while
>> also frustrating Microsoft's users. The Internet is full of pueriles.
>> Fei didn't have enough prior posts for readers to qualify that the post
>> was actually his, and with all the different non-Microsoft domains used
>> to
>> submit the post then it was a bit iffy that it was a valid post. If you
>> have ever received any phishing e-mails, you'll realize that a message
>> stylized as an official announcement doesn't make it so.
>>[/color]
>
> As far as phished emails go, most are very easy to spot for all but the
> most
> naive users. The idea that someone would try to impersonate a Microsoft
> employee at this level is quite frankly ridiculous.
>
> However, a cross-posted message (for example) asking for complaints
> toward
> Microsoft (to a valid MSFT recipient) may be feasible, and on these
> grounds
> I agree with your argument. With the Sender ID program in mind, perhaps
> Microsoft should reconsider their policy on making public statements via
> these channels.
>
>[/color]

"rusga" wrote in message
news:opse7q0nvyeqwqha@207.46.248.16...[color=blue]
>I think they did... where's Fei?
>[/color]

Fei's waiting for the responses he asked for.
There is no requirement for him to post again here as he had made his
request and is now dealing with the responses.
--

Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use these
newsgroups

"rusga" wrote in message
news:opse7q0nvyeqwqha@207.46.248.16...[color=blue]
>I think they did... where's Fei?
>
> On Sat, 2 Oct 2004 22:33:14 +0100, Willk wrote:
>[color=green]
>>
>> "Vanguardx" wrote in message
>> news:ON3uOyKqEHA.3760@TK2MSFTNGP09.phx.gbl...[color=darkred]
>>> "Willk"
>>> wrote in news:415ea7aa$0$73245$892e0abb@auth.newsreader.octanews.com:
>>>>
>>>> I for one, can not see the reason for an 'impersonator' to make that
>>>> post (allthough I notice it was crossposted). Agreed, you should not
>>>> take everything on face value in the newsgroups but the content of
>>>> the original post, I feel did not warrant such a reply.
>>>>
>>>
>>> Why do a-holes post lists of legitimate e-mail addresses in usenet
>>> posts?
>>> To get those recipients slammed with spam and infected e-mails. Same
>>> could
>>> hold true for an imposter that wanted to deluge someone at Microsoft
>>> while
>>> also frustrating Microsoft's users. The Internet is full of pueriles.
>>> Fei didn't have enough prior posts for readers to qualify that the post
>>> was actually his, and with all the different non-Microsoft domains used
>>> to
>>> submit the post then it was a bit iffy that it was a valid post. If you
>>> have ever received any phishing e-mails, you'll realize that a message
>>> stylized as an official announcement doesn't make it so.
>>>[/color]
>>
>> As far as phished emails go, most are very easy to spot for all but the
>> most
>> naive users. The idea that someone would try to impersonate a Microsoft
>> employee at this level is quite frankly ridiculous.
>>
>> However, a cross-posted message (for example) asking for complaints
>> toward
>> Microsoft (to a valid MSFT recipient) may be feasible, and on these
>> grounds
>> I agree with your argument. With the Sender ID program in mind, perhaps
>> Microsoft should reconsider their policy on making public statements via
>> these channels.
>>
>>[/color]
>[/color]

"Willk" wrote in message
news:415f1e9d$0$73250$892e0abb@auth.newsreader.octanews.com...[color=blue]
>[/color]


[color=blue]
>
> As far as phished emails go, most are very easy to spot for all but the[/color]
most[color=blue]
> naive users. The idea that someone would try to impersonate a Microsoft
> employee at this level is quite frankly ridiculous.[/color]

Exactly what level is this?


Steve

Hi, this is Fei again,

I want to thank folks who sent us feedback. We appreciate that very
much! I have sent acknowledgements your feature requests and we are
actively working on getting those features into the next version of
the certificate server.

For those who doubt the authenticity of my original post from
[email]feichua@nospam.hotmail.com/feichua@nospam.microsoft.com[/email], I encourage
you to email me at the MS address. That will solve the mystery once
and for all. I do apologize for not replying to the newgroup earlier.
And BTW, I use Google Groups instead of a standard news reader because
I like its searching and capability. Sorry if that confuses people.

Once again. Thank you very much! Looking forward to working with you
again soon.

-Fei Chua
Microsoft PKI Program Manager


"Mike Brannigan [MSFT]" wrote in message news:...[color=blue]
> "rusga" wrote in message
> news:opse7q0nvyeqwqha@207.46.248.16...[color=green]
> >I think they did... where's Fei?
> >[/color]
>
> Fei's waiting for the responses he asked for.
> There is no requirement for him to post again here as he had made his
> request and is now dealing with the responses.
> --
>
> Regards,
>
> Mike
> --
> Mike Brannigan [Microsoft]
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights
>
> Please note I cannot respond to e-mailed questions, please use these
> newsgroups
>
> "rusga" wrote in message
> news:opse7q0nvyeqwqha@207.46.248.16...[color=green]
> >I think they did... where's Fei?
> >
> > On Sat, 2 Oct 2004 22:33:14 +0100, Willk wrote:
> >[color=darkred]
> >>
> >> "Vanguardx" wrote in message
> >> news:ON3uOyKqEHA.3760@TK2MSFTNGP09.phx.gbl...
> >>> "Willk"
> >>> wrote in news:415ea7aa$0$73245$892e0abb@auth.newsreader.octanews.com:
> >>>>
> >>>> I for one, can not see the reason for an 'impersonator' to make that
> >>>> post (allthough I notice it was crossposted). Agreed, you should not
> >>>> take everything on face value in the newsgroups but the content of
> >>>> the original post, I feel did not warrant such a reply.
> >>>>
> >>>
> >>> Why do a-holes post lists of legitimate e-mail addresses in usenet
> >>> posts?
> >>> To get those recipients slammed with spam and infected e-mails. Same
> >>> could
> >>> hold true for an imposter that wanted to deluge someone at Microsoft
> >>> while
> >>> also frustrating Microsoft's users. The Internet is full of pueriles.
> >>> Fei didn't have enough prior posts for readers to qualify that the post
> >>> was actually his, and with all the different non-Microsoft domains used
> >>> to
> >>> submit the post then it was a bit iffy that it was a valid post. If you
> >>> have ever received any phishing e-mails, you'll realize that a message
> >>> stylized as an official announcement doesn't make it so.
> >>>
> >>
> >> As far as phished emails go, most are very easy to spot for all but the
> >> most
> >> naive users. The idea that someone would try to impersonate a Microsoft
> >> employee at this level is quite frankly ridiculous.
> >>
> >> However, a cross-posted message (for example) asking for complaints
> >> toward
> >> Microsoft (to a valid MSFT recipient) may be feasible, and on these
> >> grounds
> >> I agree with your argument. With the Sender ID program in mind, perhaps
> >> Microsoft should reconsider their policy on making public statements via
> >> these channels.
> >>
> >>[/color]
> >[/color][/color]