I happened to stumble across a little oddity today with the MSN Spaces site that raised some alarm bells in my mind.  In fact, it was one of those "holy crap - what do I do now" moments.  My immediate thought was that the MSN Spaces team needed to know about this PDQ, and I for SURE wasn't going to post my suspicions about a hole on one of their blogs for all to see [which is why I'm not giving details here either].

So how do I get in touch with the team in a private way when I don't know their email addresses?  Answer: Scobleizer.  Robert Scoble (MS blogger and Channel 9 host/ interviewer/ camera man) as made it a point to put his cell number on his blog's homepage, something I always thought was dumb but he defends; and claims it's not abused.  He completely proved his point today ... I called him and laid out my concerns.  He immediately offered to relay the message on to Mike Torres on the Spaces team were I to send RS a summary of what I had found.  He also said to give Mike a call (gave me a number to find him at) and suggested the secure@microsoft.com email address for vulnerability submissions.  I left Mike a message and fired off an email with a screen shot of what I had found to Robert and the Secure alias.

20 minutes later I had an email from Robert letting me know he got the note and copying Mike and MC.  A little over an hour after my initial calls and email I got a tracking number from the Secure team.  5 minutes later I got an actual reply from the Spaces guys saying they were aware of the problem, and detailed that it wasn't really as bad as it looked (which it's not).  We've had some more email threads throughout the day keeping me posted as to their progress on the issue, etc.  4+ hours later I haven't heard anything back yet from the Secure team.

Now I'm not going to say the Secure team is slow ... from what I've seen of them they're very thorough and respond personally to each issue (there was a Channel 9 series on this team a while back - but I'm not going to find it right now).  But this is another great point of what a blog can do for your company - CUSTOMER SERVICE! 

Blogging is not just about marketing and getting your message across, it creates a community of people who are passionate (one way or the other) about your product.  It allows customers to feel like that have an "inside source" with your organization that they know and are familiar with ... even though they've never actually met them, emailed, or spoken on the phone.  And you give your product team, who in the IT space is usually holed up in cubeland isolated from the customers, an outlet to reach out and communicate with the people they're really working for.  Bring these two together and the synergy is amazing - a "closed" issue before the tradition mechanisms of handling the problem have really begun to churn.

More and more every day I'm getting hooked by this blogging thing; it really is the next "killer app" on the net.  Now we just have to find a way to squeeze 36 hours into a day so we have plenty of time to read all those feeds!

Special thanks to Robert Scoble, Mike Torres and Michael Connolly.