×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

MS Chief Security Officer to work for White House

chrisd posted more than 12 years ago | from the h4x0rs-r3j01c3-m4dl3y dept.

News 355

NerveGas writes "An Interesting People message reports that Howard Schmidt, Microsoft's Chief Security Advisor, will be leaving MS to work as a security adviser for the White House. With the track record that Microsoft has in the area of computer security, this strikes me as a very bad move." CD: you'd think people would examine the job someone did at thier previous job before offering them a new one. Isn't this is like putting Capt. Hazelwood in charge of an oil tanker?

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

355 comments

glark (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2646461)

glark

Job qualifications (5, Funny)

shlong (121504) | more than 12 years ago | (#2646462)

you'd think people would examine the job someone did at thier previous job before offering them a new one.

What you mean like the job GW did in Texas? This guy should fit right in.

Re:Job qualifications (1, Funny)

Anonymous Coward | more than 12 years ago | (#2646475)

In that case, he should be the right man for the job. Sure wouldn't want Al Gore handling this crisis..."We mourn for the potted ferns lost in the terrible attacks by humans on Sept 11..." Sheesh...

Re:Job qualifications (1, Funny)

Anonymous Coward | more than 12 years ago | (#2646639)

In that case, he should be the right man for the job. Sure wouldn't want Al Gore handling this crisis..."We mourn for the potted ferns lost in the terrible attacks by humans on Sept 11..." Sheesh...

Yeah. Wanting to get us off oil so we wouldn't have to be in Saudi Arabia in the first place is another kooky left-wing socialist tree-hugging conspiracy, right? Here, I'll speak to you in language you can understand: You have misoverestimated your ability to remove your head from your Clymer.

BTW, it was humans who attacked us, you idiot, not space aliens or hobgoblins or beavers or monkeys with four asses or pixies or santa claus(TM) or the tooth fairy or jesus or allah or the easter bunny. Sheesh? Go fuck yourself.

huh? (1, Flamebait)

autopr0n (534291) | more than 12 years ago | (#2646670)

What does Gore's (supposed) affinity for potted plants have to do with 9/11?

Gore had a hell of a lot more experience then Bush Jr before the election, which was the point of the above poster.

Re:huh? (1, Interesting)

Anonymous Coward | more than 12 years ago | (#2646692)

Yeah, 8 years of experience letting Osama bin Laden blow up whatever he wanted. 8 years of experience passing the DMCA.

Gore's pretty much publicly agreed with everything Bush has done about 9/11 so far, so Gore voters don't have much room to complain that their guy would do any better.

It's all part of the same kind of thinking. (5, Interesting)

Futurepower(tm) (228467) | more than 12 years ago | (#2646632)


"CD: You'd think people would examine what someone did at his previous job before offering him a new one." [Corrections to grammar and spelling added.]

It's all part of the same kind of thinking. Bomb Afghanistan to save it. (I'm talking about the first bombing by the U.S. government [1983], not the second and third.)

Hire someone from a company known for its inability to make secure software, and put him in charge of what his company always did poorly.

But, of course, maybe he is not really leaving Microsoft, but just working with a government that doesn't believe in privacy to assure that Microsoft software will always be compromised by the government.

Look on the bright side. With Microsoft in the White House, no one who truly wants software security will be running Microsoft products.

--
Links to respected news sources show how U.S. government policy contributed to terrorism: What should be the Response to Violence? [hevanet.com]

Re:It's all part of the same kind of thinking. (5, Insightful)

b0r1s (170449) | more than 12 years ago | (#2646704)


Hire someone from a company known for its inability to make secure software, and put him in charge of what his company always did poorly.


Who would you prefer?

  1. Someone from openssh, which just released a new version to correct a remote exploit? [oreillynet.com]
  2. A linux hacker who cant figure out how to handle syn cookies? [oreillynet.com]
  3. Someone from lotus, who cant protect their documents [oreillynet.com]
  4. A webalizer coder who cant remember to filter out cross site scripting? [oreillynet.com]
  5. Maybe an IBM coder? [oreillynet.com]
  6. Cisco is flawless, right? nope [oreillynet.com]
  7. Redhat must be perfect, they make linux! oh wait [oreillynet.com]
  8. SGI/IRIX is flawless, they never have security proble... oh, nevermind [oreillynet.com]
  9. How about a linux kernel hacker, they sure must be perfect! They'd never allow a root exploit into a stable kernel! [oreillynet.com]


Getting the point yet? Everyone has holes. Everyone releases patches. It just happens that microsoft designs their code for ease of use, and because of that there happen to be a lot of unqualified microsoft admins. This isnt a MS problem. This is a side effect of their popularity.

Re:Job qualifications (0)

Anonymous Coward | more than 12 years ago | (#2646727)

The crackheads come out at night, yes the crackheads come out at night.

I'm sure your some sort of poli sci major. Go back to your Cracker Jacks and quite spouting off at the mouth like a moron. Colorado is a long way from Texas ya freak a geek nothing.

First policy: Dump Windows (1, Troll)

rjamestaylor (117847) | more than 12 years ago | (#2646468)

Or at least firewall all Windows computers away from the Internet and outlaw Outlook (except, maybe, crippled Outlook 97 running on a WinNT 3.51 server -- no chance for MIME-header virms there).

It'll b interesting to see what he does.

Lookout for the helicopters at DEF CON 10 (1, Funny)

mlafranc (315895) | more than 12 years ago | (#2646485)

Honest George! It's ALL their fault!

I can just see it happening.

Re:First policy: Dump Windows (0, Redundant)

b0r1s (170449) | more than 12 years ago | (#2646667)

You people (anti ms zealots) really do amaze me sometimes. You assume everything has holes because it's windows. You assume anything that isnt windows is perfect and immune from exploits.

Let's look at pure facts.

This week, a remote root exploit was discovered in wu-ftpd. Have ALL of you patched your servers? Also last week, another windows worm surfaced. Looking at the two, which is more serious? Obviously the remote root exploit is far worse, chalk one up for windows.

You might say: "but you can patch wu-ftpd" or "you can run other ftp servers", to which I can respond "you can patch windows" and "you dont have to use outlook, nor do you have to use the 'preview panel'".

Everyone at slashdot is going to laugh and point fingers, sit back and say that windows is not secure so this man must be a fool. Why wont the people at slashdot, who are supposed to be intelligent free thinkers consider that windows, like EVERY OTHER OPERATING SYSTEM ON THE PLANET, is only as secure as the admin running the system, and any untrained staff running bad code with extra privileges can ruin any system?

Windows has flaws and exploits. So do linux, *bsd, and solaris. Patches come out. People who patch are survive, those that do not get rooted. This isnt something limited just to unix: it holds true for windows as well. A knowledgable admin, who keeps up with security updates [slashdot.org], can keep any system sufficiently secure. Microsoft products are no exception.

Re:First policy: Dump Windows (0, Troll)

Osty (16825) | more than 12 years ago | (#2646678)

outlaw Outlook

<rant>God damned hippy bleeding-heart liberal socialist bastards. Everytime there's something you don't like or agree with, you start shouting, "There should be a law!", and, "Let's outlaw that!" But as soon as something you feel is vital is threatened by law (oh, I dunno, say anything threatened by the DMCA?), you start whining about government. You can't have it both ways.</rant>


And on a side note, Outlook has had patches that will strip executable content from messages (Outlook XP does this by default). Outlook is a very good PIM app (it's more than just e-mail. Perhaps you're thinking of Outlook Express?), and there's really nothing that compares (okay, so Evolution has pretty much copied the look&feel straight from Outlook, but it's beta software, and still doesn't support all that Outlook does).

Oh Great (1, Funny)

Anonymous Coward | more than 12 years ago | (#2646471)

"Howard Schmidt, Microsoft's Chief Security Advisor"

oxymoron?

we're in trouble if he's helping at the while house.

Who better to help you implement Magic Lantern (5, Funny)

Chuck Chunder (21021) | more than 12 years ago | (#2646473)

than one of the people involved in allowing the very exploits you want to exploit to exist in the first place?

;)

Huh? (3, Troll)

Anonymous DWord (466154) | more than 12 years ago | (#2646474)

Was he responsible for all the holes in Microsoft code over the years? No? But you're going to hold him to that because... Or was that just another random MS flame? How do you figure you know anything about what this guy can or cannot do?

Re:Huh? (2, Insightful)

Hektor_Troy (262592) | more than 12 years ago | (#2646494)

It's like this:
Would you rather trust:

1) The Chief Financial Officer in a company that constantly just breaks even
2) The Chief Financial Officer in a company that constantly rakes in cash as if they had a money tree AND the Philosopher's Stone.

or

1) The head of the local mobster offering you proctection
2) The local police chief

Re:Huh? (-1, Flamebait)

Anonymous Coward | more than 12 years ago | (#2646507)

Stop making so much sense. This is Slashdot, for crying out loud - not a real news site which checks facts and tries to minimize bias!

--Due to excessive bad posting from this IP or Subnet, comment posting has temporarily been disabled. If it's you, consider this a chance to sit in the timeout corner. If it's someone else, this is a chance to hunt them down. If you think this is unfair, please email jamie@mccarthy.vg.

Re:Huh? (0)

Hermanetta (55229) | more than 12 years ago | (#2646530)

mod this down please :-)

Re:Huh? (0)

Anonymous Coward | more than 12 years ago | (#2646547)

What do you find so terrible about my post? Even someone who likes Slashdot must admit that they often do not check facts, and that they wear their bias rather openly.

--Due to excessive bad posting from this IP or Subnet, comment posting has temporarily been disabled. If it's you, consider this a chance to sit in the timeout corner. If it's someone else, this is a chance to hunt them down. If you think this is unfair, please email jamie@mccarthy.vg.

Re:Huh? (-1, Troll)

Anonymous Coward | more than 12 years ago | (#2646622)

mod this fuckin cock gobbler down

responsibility (5, Insightful)

vscjoe (537452) | more than 12 years ago | (#2646571)

Was he responsible for all the holes in Microsoft code over the years?

As security advisor at Microsoft, his job presumably was to define policies that keep those holes from getting into the software and/or to keep Microsoft's sites secure. Microsoft's products are full of holes and their services have suffered major security compromises, so he can't have been very effective.

Since his new role will be similar in nature, it seems reasonable to suspect that he will be equally ineffective at defining national policies to protect our national security infrastructure.

Re:responsibility (5, Interesting)

Anonymous Coward | more than 12 years ago | (#2646600)

I don't think there's any way to know how effective he is as an individual without reading his resume, interviewing him, and talking to a number of his associates. This is something which the government has most likely done, whereas most Slashdot readers simply read the word "Microsoft" and conclude that the man is incompetent, evil, or both.

In a company that large, there will be both fuck-ups and genuinely good workers. I know some extremely talented people working at Microsoft. I also know some losers there. I don't know which side of things this guy is on, but you have to figure that only a few companies have people with enough experience with huge, varied networks to take on this role for the federal government. And Microsoft it very likely to be one of them.

Re:responsibility (3, Insightful)

Paul Komarek (794) | more than 12 years ago | (#2646682)

While most of what you say sounds reasonable, one thing really caught my eye: "only a few companies have people with enough experience with huge, varied networks". The problem with Microsoft is that they only have experience with huge, homogenous networks; they were blindsided by the internet; they thought remote admin was a bad idea until recently; their network hacks (netbios, for instance) stink on large networks.

I think Microsoft is very *unlikely* to have much useful exerperience with "huge, varied networks". What really gets me is that they seem to *like it this way*.

-Paul Komarek

Re:responsibility (3, Insightful)

mshomphe (106567) | more than 12 years ago | (#2646700)

But, this is part of a general 'revolving door' phenomenon between business and government: work in one area of the private sector, retire, join the government, work on legislation for that area. This is problematic because it leads to the legislation being skewed towards that business (and away from the consumer), and makes the government appear more insular.

One has to wonder what effect this person's tenure with Microsoft will have on his job performance; much in the same way that we had to wonder about Dick Cheney's Haliburton/Enron/oil industry ties when he was coming up with the administration's energy policy. It's a valid concern and one that should be raised.

Well (0, Flamebait)

sllort (442574) | more than 12 years ago | (#2646476)

I'm a dirty karma whore for posting it, but, here's a web interview with Harold Schmidt [washingtonpost.com] I recall from the Washington Post.

I'll spare you reading it for the best quote:

"Howard Schmidt: The security threat I most often see is failing to install security patches on a timely basis. Weak passwords is next inline ".

I wonder if he meant hotfixes or just Service Packs.

MS Security Guy probably didn't write code... (3, Funny)

abh (22332) | more than 12 years ago | (#2646490)

I know how we all love to flame Microsoft, but if the guy was the head of MS Security, odds are he was an executive who never wrote a line of code.


He's guaranteed not to have anything to do with holes in MS products.


A better thing to look at would be how often was Microsoft's network hacked.

Re:MS Security Guy probably didn't write code... (2)

Ridge2001 (306010) | more than 12 years ago | (#2646543)

A better thing to look at would be how often was Microsoft's network hacked.

Oh, you mean like here [nwsource.com] and here [infoworld.com] and here [theregister.co.uk] and here [zdnet.co.uk] and here [zdnet.co.uk] and here [zdnet.co.uk] and ...

Re:MS Security Guy probably didn't write code... (2)

DarkZero (516460) | more than 12 years ago | (#2646560)

Don't you remember six months to a year or so ago when Microsoft discovered that a hacker group had had access to their network for over three months and had downloaded just about the entire network from them during that time? Whether or not he's responsible for the security holes, he still isn't right for the job. Microsoft got 0wn3d on his watch, and they got 0wn3d for an extraordinarily long amount of time in comparison to most network intrusions.

Re:MS Security Guy probably didn't write code... (1)

linzeal (197905) | more than 12 years ago | (#2646690)

They got owned in europe are you sure europe is under this guy's reign?

Reminds me of star trek TNG. (3, Funny)

nuintari (47926) | more than 12 years ago | (#2646492)

No one would think a kligon would make a good ship's counseler, and I don't think that an android would make a very good captain.

So you think the White House chose him at random ? (5, Interesting)

Rosco P. Coltrane (209368) | more than 12 years ago | (#2646493)

I submit that Schmidt is in fact very very well placed to know about most if not all vulnerabilities and (possibly) backdoors in Micro$oft products. I bet the guy will be working actively on methods to snoop on Windows users, extract their data and intall trojans in their systems (Magic Lantern anyone ?).

Here's a guy who was working for the largest software monopoly in history and now works as security honcho for the most powerful government in history, with people like Ashcroft in it. Makes my nose bleed just thinking about it. The more I see what's happening in Micro$oft's giant sphere of influence, the more I'm glad to be a Linux user, that's for damn sure.

Re:So you think the White House chose him at rando (3, Informative)

doodleboy (263186) | more than 12 years ago | (#2646609)

Among other things, the EULA at passport.com/Consumer/PrivacyPolicy.asp?lc=1033.NE T says: Passport will disclose personal information if required to do so by law or in the good-faith belief that such action is necessary to... Act under exigent circumstances to protect the personal safety of users of Microsoft, the .NET Passport Web Site, or the public.

How interestingly broad, given that in light of recent terrorist activities any "exigent circumstances" could be said to be met as a matter of course. And there is no doubt that all the information that's bound to be stored on .Net servers could be sifted and profiled in many fascinating ways by the intelligence community.

Kinda makes you wonder how it all fits together, given the walk Microsoft got on the anti-trust case.

Sounds similar to the Blood banks idea... (1, Flamebait)

ConsumedByTV (243497) | more than 12 years ago | (#2646495)

That idea: To have all people with AIDS give blood to help 9/11 victims...

Re:Sounds similar to the Blood banks idea... (0)

Anonymous Coward | more than 12 years ago | (#2646634)

Huh? And who's idea is that?

New Opportunity (1)

stealthyburrito (454298) | more than 12 years ago | (#2646496)

Perhaps Schmidt sees this as an opportunity to have leadership role assigned to him, and obtain actual results.

Can you blame one person for the security holes in an entire company (well, maybe you can...)? Maybe he wasn't getting cooperation at M$, and thinks the public sector is where the real thrills are.

Then again, maybe he is an idiot.

Checking on someone's previous work. (4, Funny)

Chuck Chunder (21021) | more than 12 years ago | (#2646501)

CD: you'd think people would examine the job someone did at thier previous job before offering them a new one.
<cheap shot> Yeah, you might [google.com].</cheap shot>

Laughing myself to sleep tonight. (0)

Anonymous Coward | more than 12 years ago | (#2646666)

That's the funniest, most subversive post I've ever read. You're beautiful, man.

Re:Checking on someone's previous work. (0)

Anonymous Coward | more than 12 years ago | (#2646716)

Well done. Someone should spider and track whether "their" is ever used by Chris ;). Still, CD reports with flair. Kudos.

What type of work? (2, Interesting)

pjbass (144318) | more than 12 years ago | (#2646506)

So it's easy to flame this guy because of working for the Evil Empire and have been related to things like Code Red and Nimda. But what is his real function going to be? Sure, the article mentions he will be on the cyber-security team for Pentagon global network security, but that is a really broad statement. Is he going to be in charge of firewalls, access lists, high-level network security checks, or making sure that each government employee's Outlook doesn't flood the Pentagon's network (sorry, had to insert a flame...)? I think it would be interesting to find what his specific function is, then allow the flames to burn.

Look on the bright side. (0)

Murmer (96505) | more than 12 years ago | (#2646508)

It will be the cracker community's first real chance to affect government policy in years.

Bad move? Has MS ever been (1)

t0qer (230538) | more than 12 years ago | (#2646511)

Hacked? (a little)
Ransacked?
Attacked? (yes im sure it has)
Blown up?? No????

I've read many of hackers pages that m$.com is the Ultimate challenge. Although some sub sites have been hacked, they've never really managed to kill the front page.

Same thing goes with the campus itself. Bill Gates office was built with 6 foot concrete walls to double as a bomb shelter. It is fully equipped with enough food, water, and electricity to keep it fully self contained for 100 years.

STRANGELOVE
Mr. President, I would not rule out the chance to preserve a nucleus of human
specimens. It would be quite easy... heh heh...
(rolls forward into the light)
at the bottom of ah ... some of our deeper mineshafts. The radioactivity would
never penetrate a mine some thousands of feet deep. And in a matter of
weeks, sufficient improvements in dwelling space could easily be provided.
MUFFLEY
How long would you have to stay down there?

STRANGELOVE
Well let's see now ah,
(searches within his lapel)
cobalt thorium G.
(notices circular slide rule in his gloved hand)
aa...nn... Radioactive halflife of uh,... hmm.. I would think that uh...
possibly uh... one hundred years.

On finishing his calculations, he pulls the slide rule roughly from his gloved
hand, and returns it to within his jacket.

MUFFLEY
You mean, people could actually stay down there for a hundred years?
STRANGELOVE
It would not be difficult mein Fuhrer! Nuclear reactors could, heh... I'm
sorry. Mr. President. Nuclear reactors could provide power almost
indefinitely. Greenhouses could maintain plantlife. Animals could be bred
and slaughtered. A quick survey would have to be made of all the available
mine sites in the country. But I would guess... that ah, dwelling space
for several hundred thousands of our people could easily be provided.

MUFFLEY
Well I... I would hate to have to decide.. who stays up and.. who goes down.

STRANGELOVE
Well, that would not be necessary Mr. President. It could easily be
accomplished with a computer. And a computer could be set and programmed to
accept factors from youth, health, sexual fertility, intelligence, and a cross
section of necessary skills. Of course it would be absolutely vital that our
top government and military men be included to foster and impart the required
principles of leadership and tradition.

Slams down left fist. Right arm rises in stiff Nazi salute.

STRANGELOVE
Arrrrr!
(restrains right arm with left)
Naturally, they would breed prodigiously, eh? There would bemuch time, and
little to do. But ah with the proper breeding techniques and a ratio of
say, ten females to each male, I would guess that they could then work their
way back to the present gross national product within say, twenty years.
MUFFLEY
But look here doctor, wouldn't this nucleus of survivors be so grief stricken
and anguished that they'd, well, envy the dead and not want to go on
living?

STRANGELOVE
No sir...

Re:Bad move? Has MS ever been (1)

Pinball Wizard (161942) | more than 12 years ago | (#2646556)

interestingly enough, back in the days when the DDOS attacks were taking yahoo and amazon down, MS managed to stay up. Then again there was that escapade where it was discovered their four DNS servers were on the same class C network segment. Its a big company. They undoubtedly have both people who know what they are doing and others who need a cluestick application.

No surprise here, really. (1)

amphgobb (148975) | more than 12 years ago | (#2646516)

Um, your capitalist overlords are not interested in which product has the better security. They are interested in forming strategic partnerships with other evil organizations. Like, when the ID card implementation comes, do you really want some wacko cryptome-reading Linux hacker running the show? No, you want the Borg.

This doesn't mean you can try to hack it (-1)

Anonymous Pancake (458864) | more than 12 years ago | (#2646524)

Thanks to new terrorism laws, hackers will recieve even harsher sentences than child molestors. So don't even try to hack the white house because if you do there will be men knocking at your door and you may be shot on site.

Just Like Slashdot (-1, Flamebait)

Anonymous Coward | more than 12 years ago | (#2646529)

... or having people who can't spell or form a grammatically correct sentence can run Slashdot.

The cheap and easy joke: (0)

Anonymous Coward | more than 12 years ago | (#2646531)

...and one that I'll probably get bitch-slapped for making:

"It's like asking the terrorists where they want to go today."

more info on Schmidt (3, Informative)

Pinball Wizard (161942) | more than 12 years ago | (#2646533)

Here is some info on Schmidt [microsoft.com] at microsoft.com. Looks like he has an admin-level job rather than a software engineering job. So I wouldn't blame him for how poorly coded Microsoft products are. He's involved with best practices on setting things up securely, not watching over programers making sure there's no buffer overruns in the code. Although administration and programming must overlap when it comes to real security there's only so much you can do if you're not deeply involved with the code.

Re:more info on Schmidt (0, Troll)

linzeal (197905) | more than 12 years ago | (#2646684)

Correct, thats why security freaks like theo are the only way to go. Humane or not to the people below.

Christ (0)

Anonymous Coward | more than 12 years ago | (#2646537)

Chris, you're a fucking idiot. Welcome to my killfile (where you'll be joining Michael, Katz and Jamie). Seriously, sir: get a motherfucking life.

Actually a good find (2, Insightful)

SerpentMage (13390) | more than 12 years ago | (#2646539)

I think the guy was not in charge of MS security in terms of software development, but IT infrastructure. And in that case it was a really good find. This guy managed fort Microsoft and MS knew how to keep its internal network in pretty good shape... Even with all of the gadgets and VPN's that they have.

Not sure whether to laugh or cry (2, Informative)

Ambassador Kosh (18352) | more than 12 years ago | (#2646540)

Given how badly the government did on its last security evaluation they are hiring the company with about the worse security track record ever to help them? Isn't this like the blind leading the blind? Well I guess this gives a good indication as to what kind of "penalty" MS will get from the trial since it looks like they have managed to buy off the current administration.

This just seems like one of the most phenomenolly stupid ideas the government could make with respect to computers though given the current adminstration I am sure they could figure out some way to outdo themselves. Though I really don't want to see what they do to outdo themselves.

Hmm I heard Mars is nice this time of year ;)

pretty unfortunate (3, Interesting)

vscjoe (537452) | more than 12 years ago | (#2646551)

Well, maybe he quit Microsoft in disgust and is trying to do the right thing: push for open source, peer-reviewed, secure systems. But, more likely, he has been imbued with Microsoft corporate policy, still has a financial and personal interest in the company, and has never known another way of doing things besides the Microsoft way.

If the latter is the case, there is a good chance that this guy will follow the easy and obvious (to laymen) path and push Windows. After all, NT was created by someone with decades of experience and it is 'C4' certified (or whatever). It has zillions of security features, even more so than VMS, so how could it not be secure? And it is used by some of the most security conscious companies in the world. And what's good for Microsoft is good for America anyway. At least those will be the arguments that will likely be heard around the White House when issues about what software infrastructure the armed services and US government should use.

This will be followed by calls for keeping source code for criticial infrastructure under wraps, "like Microsoft is already doing", because "we don't want to give the terrorists the blueprints to our advanced technology". He'll probably preach the Microsoft mantra that open source is dangerous, unsafe, and un-American. And he'll likely conflate "security" RIAA style (fair use hijacking) with national security and point to how badly the RIAA and MPAA has been "hurt" by "security problems" resulting from "open source hackers" and how Microsoft, in contrast, keeps content "secure" and protects copyright holder's rights.

Altogether, this appointment is likely going to hurt open source efforts, as well as national information security.

Give him a little credit (1)

StarTux (230379) | more than 12 years ago | (#2646554)

Why is he leaving? Who knows what he might of wanted to be done, only to be over ruled by some higher authority or senior department.

If the security at the White House goes to hell we'd know why probably.

Matt

At least we're safe from pirated ham! (1)

Jartan (219704) | more than 12 years ago | (#2646557)

"He holds a Bachelors Degree in Business Administration, (BSBA) and a Master of Arts in Organizational Management (MAOM). He also has a Technician class Ham Radio License, and a Single Engine Land pilots license." quoted from this site [go2vanguard.com] on Mr. Schmidt.
How exactly does someone with college education like that get to become a cyber security advisor? He was a police officer too. Maybe I'm reading to much into stereotypes but this sure dosn't sound like the kind of guy I'd want protecting me from a nerdy kid who lives in his basement with a cafinee IV making root kits.
Jartan

This guy is clueless (5, Informative)

Animats (122034) | more than 12 years ago | (#2646558)

Here's a 1998 interview [washingtonpost.com] with the guy. He's not a technical guy. He used to be a computer crime investigator with the USAF. There's a fair amount of stuff by him on the web, mostly the usual Microsoft line of "it's all your fault, not ours".

Notice in the 1998 interview that he denies that viruses in mail attachments are a problem.

Re:This guy is clueless (0)

Anonymous Coward | more than 12 years ago | (#2646654)

Well, it IS mid-1998 we're talking about here...

Re:This guy is clueless (0)

Anonymous Coward | more than 12 years ago | (#2646664)

I like his MS software insecurity answer much better. All I have to do now is figure out how another installed software package is responsible for a buffer overflow problem...

Easy on him guys... (5, Informative)

Mustang Matt (133426) | more than 12 years ago | (#2646561)

He was a security ADVISOR...

He could have given Microsoft all the advice in the world and if they were too lazy to implement the appropriate security measures it's not his fault.

Maybe the position at the government was his oppourtunity to get to a better place that would actually listen to him.

Re:Easy on him guys... (1)

philipsblows (180703) | more than 12 years ago | (#2646576)

Actually, that "Advisor" title is just a misstatement in the slashdot posting. Read the Microsoft bio on the guy (already pointed to in another post here, but I'll copy it... here [microsoft.com]), which starts off with

As chief security officer for Microsoft Corp., Howard Schmidt...

Re:Easy on him guys... (0)

Anonymous Coward | more than 12 years ago | (#2646608)

yeah maybe..

look at our current state of affairs (1)

xavii (92017) | more than 12 years ago | (#2646565)

he can't do any worse in the area of computer security than our president and his administration are doing for national security.

xavii aka bob

Whitehouse defacing (1)

iconian (222724) | more than 12 years ago | (#2646568)

Maybe finally he'll stop the defacing of whitehouse.com with pornographic images.

Not really. (5, Funny)

ChrisBennett (18205) | more than 12 years ago | (#2646577)

Isn't this is like putting Capt. Hazelwood in charge of an oil tanker?

Actually, no. Captain Hazelwood was drunk at the wheel before the accident. Apparently he was a fine captain when sober. Microsoft has bad security whether or not you consider them to be drunk.

Re:Not really. (0)

Anonymous Coward | more than 12 years ago | (#2646623)

I just wanted to point out, ChrisBennet, that your post made me chuckle more than anything I've seen on Slashdot for the past year. Points are deserved for subtlety alone.

Re:Not really. (1)

Karl_Hungus (180893) | more than 12 years ago | (#2646672)

Isn't this is like putting Capt. Hazelwood in charge of an oil tanker?

Actually, no. Captain Hazelwood was drunk at the wheel before the accident. Apparently he was a fine captain when sober. Microsoft has bad security whether or not you consider them to be drunk.


I think it's more like promoting him to captain of a nuclear-powered ICBM-equipped submarine after showing us what he could do with the Valdez.

"passport" control (1)

AtomicBomb (173897) | more than 12 years ago | (#2646587)

In the future, I wonder if people will need to authenticate themselves using .net when passing through custom. :-)

Serious, I do not really think Schimdt's appointment is that bad. Esp in the past, it is not at all difficult to find CEO/senior managers etc with a military background. Many of them can still do a good job without turning the companies to a barrack... For people as higher up, personal character may be more important...

::sigh:: (2, Flamebait)

DarkZero (516460) | more than 12 years ago | (#2646589)

So they'll steal the civil liberties of all of their citizens, and even more from immigrants, in the name of security... but do they bother to do a background check on their new computer security advisor? Of course not. That's just... predictable. I wanted to say sad, surprising, or shocking, but really, it's just predictable.

Oh, and for those that claim that this guy isn't responsible for the holes in Microsoft software, and that thus this guy is actually pretty good at his job of protecting MS's network: You're half right. He DOESN'T have anything to do with the Microsoft software security holes. However, he was the one in charge of protecting Microsoft's network during the incident six months to a year ago when a hacker group hacked into Microsoft's network, completely 0wning the whole thing, and Microsoft didn't find out about it until the group had already been making regular visits to the network for three months, downloading the majority of the network (possibly the entire thing, I don't think anyone's really sure) during that time. And while some may wave that off as "one intrusion in X amount of time", remember that these guys got in and then kept making REGULAR VISITS to the Microsoft network without anyone noticing for three months. So while only one group managed to do it, it sounds like they managed to keep doing it on an almost daily basis. That makes for a pretty bad security record, and it would've been a huge fucking disaster if this had been done during the upcoming era of widespread .NET and Passport services, or only a "somewhat large fucking disaster" during the current era of consumer and business consumer information being regularly logged through XP's activation madness.

I guess this proves that from now on, the government will be too busy looking at our computers to even take a passing glance at the situation of their own.

MSGS 2K (1)

Lawst (242846) | more than 12 years ago | (#2646593)

You will soon need a Passport account to contact your senator's office. You will also need a Pentium 4 with 256MB of RAM and WinXP so that, once you do connect to your senator's office, you will be able to run Microsoft Government Simulator 2002 without locking up ;)

Fantasic (0)

Anonymous Coward | more than 12 years ago | (#2646599)

Just fucking great. Put all of my hatred for M$ on the ethical side away, and they definitely suck with security. You know, this is the kind of shit that makes me wanna go fuck a hentai chick.

Corporate security != electronic security (3, Interesting)

Xeger (20906) | more than 12 years ago | (#2646604)

I haven't done any digging yet, but it is my assumption that as head of security he will be in charge of physical security policy at Microsoft installations: who has access to which rooms, and at what times of day. How many cameras to put in the bathroom stalls. How many parabolic surveilance microphones to hide in the trees. How many pits full of punji stakes, vipers and bear traps to place around the Redmond campus.

In other words, Big Brother stuff. Spook stuff.

That is what a chief security officer does in the traditional corporate environment. He will have an underling (or several) who handle electronic security for him. If he knows what's good for him he'll realize that he shouldn't try and play a game he knows nothing about, and he'll let his underlings have free reign.

Not that it will do any good, of course. As long as Microsoft uses its own software, it will always be vulnerable to the same exploits with which it burdens the rest of the world.

/. home of the stupid anology (5, Insightful)

Suppafly (179830) | more than 12 years ago | (#2646619)

CD: you'd think people would examine the job someone did at thier previous job before offering them a new one. Isn't this is like putting Capt. Hazelwood in charge of an oil tanker?


First off, being the white house I'm sure they throughly examined everything about him.. I had a friend apply for a fairly low position with the DoD and they interviewed his friends and family as well as giving him a lie detector test.


Secondly, this is hardly compareable to the Exxon Valdez thing..


Third who are you to say he did a bad job at MS?
Other then just taking at cheap shot as MS, you have no info about his job performance or even what he specifically did while working at "The Great Evil"


Maybe its just me, or maybe theres a reason you dont see chrisd listed in the hof anywhere..

Choice of words? (1)

Iamthefallen (523816) | more than 12 years ago | (#2646624)

From linked article:
BV: Is there an Echelon?
RC: No. I don't know anything called Echelon. I've never seen anything called Echelon. ...

Isn't it funny that he uses "anything called" instead of "anything like" or "anything such as what echelon is supposed to do"?

Pro MS Voice Inside Administration (1)

i1984 (530580) | more than 12 years ago | (#2646630)

Irrespective of whether or not he is/was any good at security, and aside from any inside knowledge he may have as an MS security advisor, it's hard to believe that he is not well steeped in MS corporate culture. Now with an apparently strong voice inside the Bush Administration, it's logical to assume that the Administration will be even more pro-MS. Even if his position doesn't directly set policy, a Microsoft-aligned philosopy may seep in to policy decisions.

Microsoft and the Administration both seem to think they're each about the best things that have ever happened to eachother, and now they may be even better friends.

MS security, of all things...

I wish... (0, Offtopic)

maunleon (172815) | more than 12 years ago | (#2646631)

We could moderate topics. Yet another random Anti-MS flame. What does have a person in charge of internal IT infrastructure have to do with security holes in IIS and Outlook?

I wonder if the whole topic would be marked offtopic. It's too silly to qualify as Troll.

Re:I wish... (2)

NerveGas (168686) | more than 12 years ago | (#2646658)

What does have a person in charge of internal IT infrastructure have to do with security holes in IIS and Outlook?

Ultimately, he's one of the people that dictates where they will draw their balance between cost and security. Sure, they could spend time and money educating their programmers about security concepts, and sure, they could spend a lot of time and money doing code reviews - but do they? Only a little. And he's one of the people that make those decisions.

Is that who you want handling national security policies? "Well, yeah, there's a pretty big hole there, but we don't think that most people will find out about it, especially if we don't tell them about it."

steve

Job Opening at Microsoft? (1)

Newt-dog (528340) | more than 12 years ago | (#2646638)

There's a (hehe) job opening at Microsoft (hehe) for a Chief Security Advisor. (hehe)
Any Takers! (all Linux moles please apply!)

Newt-dog

My comment. (2)

loraksus (171574) | more than 12 years ago | (#2646648)

hahahahahhahahahahaha!!!
Seriously though, this is rather ominous.
Take MS's awesome track record and keep it in mind, this isn't going to be a MS flame on their fucked security though. He was an advisor, which meant people didn't necessairly listen to him.

Now, we all know that the new guy will be completely impartial? Right?
Bullshit, not only does the DOJ let MS go damn near scott free, but now the white house appoints a former employee to tell them how to work security.
Great, name him "Director of Computer Honesty" too, rename the DOJ to "The Ministry of Peace" to keep with the theme (or was it truth, it's been a while since I read the book).

You know, this might not be that bad - if sysadmins can't patch their servers because the government doesn't allow publication of exploits, it will make hackers / skript kiddies jobs easier. It will escalate to a point where there will be so much bullshit, that sysadmins will all just post their shit anyways, consequences be damned - or just host exploits in Rwanda, Iraq, or some other nation.

This is not to say that his experience will be a total fuckup - he does have a few interesting ideas, and I think that he realizes that what is under his control can never be broken into, which is nice (a realist, instead of some bitch from marketing).
His administration will be a mix of good and bad things, though his support of ammending the freedom of information act certainly makes my worried.

Give him a break (1)

jhealy (91456) | more than 12 years ago | (#2646653)

Holy Lord, Slashdot... give the dude a break. He's the security advisor for their stuff, he doesn't write the code... and on top of it, he was in charge of security for some of the highest traffic sites ever! TOUGH!

This is just insane (2)

autopr0n (534291) | more than 12 years ago | (#2646657)

I suppose we can hope for the best. We know this guy wasn't responsible for the code itself, but rather M$'s IT infrastructure. And Microsoft's has been pretty good at not being hacked, (or at least having their websites defaced) Although one intrusion did take place (and it was major)

Aside from that, though, what bothers me is the security ideology espoused by Microsoft (and as others mentioned, this guy), the whole 'security-through-obscurity' thing. These people seem to think that building software is like building a house, it can't really be secure, just tight enough so that you don't have to worry, but we know that isn't the case. I mean, Microsoft is a successful company, but they're security is just crap. And when they're called on it they blame others. This is not the kind of attitude that we need to manage a secure government system. I mean we can't just send the FBI in to confiscate the computers of 'suspected' hackers if they're funded by another country.

Bleh, this government sucks. 9/11 has just made them more paranoid and retarded.

Suspicious (1)

Conspire (102879) | more than 12 years ago | (#2646668)

Well, as a classical conspiry freak, I reckon:

1. All the real influence and decisions that this guy has in the white house will not be made public, so we won't really ever know what he is doing.

2. He will still be loyal to MS, afterall, most government people don't stay in government forever. What better way to climb the MS corporate ladder than to leave, get lots of power in the government, and then go back to MS. Not to mention the great signing bonus that is actually a payoff for how much he helped get MS into lucrative government software contracts.

3. What better way to kill open source, than send in an MS general onto a government security council?

Unfortunately, we will probably all never know the real effects, due to statement one.

That's a good news (2)

jsse (254124) | more than 12 years ago | (#2646673)

/. will no longer be regarded as an major anti-MS. Now they will also call us anti-Government!

Wait a minute...

Software upgrades for everyone! (2)

austad (22163) | more than 12 years ago | (#2646683)

I heard he's going to be in charge of the MS Supreme Court 2002 installation. And there are also rumors of a switch to MS Advanced Senate. Unfortunately, the upgrade to MS President Express has been postponed because it kept dying.

security is not a technical position (1, Insightful)

Anonymous Coward | more than 12 years ago | (#2646698)

security positions in governments and corporations alike are always political, never involving an ounce of technical clue. he'll fit right in.

teehee (-1)

Fucky the troll (528068) | more than 12 years ago | (#2646708)

Isn't this is like putting Capt. Hazelwood in charge of an oil tanker?

Or putting Captain Cab in charge of a Cab.

Murdock is my hero.

Move to *nix (1)

Robert Frazier (17363) | more than 12 years ago | (#2646714)

Perhaps he simply got tired dealing with windows security and sees this as a way to broaden his horizens without appearing negative about windows.

Or, being charitable, perhaps he has made a bundle, and wants to make a public contribution.

Best wishes,
Bob
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...