It took forever, but I’m in Tokyo. Ten hours on a plane I expected. I didn’t expect the two hours late departure and I didn’t realize it was an hour and a half train ride to the hotel from the airport. But I’m here now and I had a relatively good night sleep (I never sleep great on the road). I’ve got some time to look for souvenirs this morning, then I have meetings this afternoon and tomorrow morning before flying out to Kuala Lumpur tomorrow.
On the flight out, I ended up next to Jesper Johansson from Microsoft’s Security Business Unit. He writes the Security Management column on Technet and had two of the top ten presentations at TechEd US. He spent most of the plane ride working on his “How to Get Your Network Hacked in 10 Easy Steps” presentation. He showed me his demo, where he hacks a Win2k/SQL2k machine using a SQL injection attack. Anybody still using concatenation to generate SQL commands? I realized that was bad before meeting Jesper, but now I’ve seen just how bad. I’m glad we’re out there showing people how this stuff works, if nothing else in order to make them realize what they can do to identify and mitigate security risks. I want Jesper to write some security infrastructure architecture articles for Architecture Center and/or JOURNAL.
Also ran into Mark Hindsbo, who works down the hall from me. He’s in town, like me, to meet with the Japanese subsidiary, though he’s not going on to TechEd. It was nice having someone around who had been to the MSFT Japan office before (the hotel is in the same building) and to chat with on the train.