Slashdot Mirror
Bush Names New Cyber Security Czar
goombah99 writes "The Washington Post reports that Cybersecurity "czar" Richard Clarke has confirmed widespread reports that he is leaving the White House, to be replaced by former microsoft security chief Howard Schmidt. He was also part of the Air Force's 'Computer Crime and Information Warfare division'. In related news, the National Strategy to Secure Cyberspace has received Bush's signature and will be released to the public in the next few weeks. Clark's blunt staements on the to the need to avoid erosion of privacy rights is rumored to have rubbed the administration the wrong way, prompting his exit. Anyone know how Schmitt will view the relative security of closed versus open source?"
Nothing says "Security" better to me than "Former Microsoft Security Chief".
...start to shared the same bodies.
Oh shit. We're in trouble.
Blarf.
screen of death
Our top story - Previous cyberspace advisor sacked after coming worringly near to sticking up for rights of normal Americans. Now replaced by Microsoft "security" manager in amusing henhouse/fox style situation. Corporations breathe freely again. Film at 11.
"To any truly impartial person, it would be obvious that I am right."
a reality, since he is put incharge, I wonder why he left Microsoft. Why was he picked. How is he going to cope with Linux in the workspace.
Mod me as a troll, I don't care... this is absurd. Microsoft corporation has proven time and time again that they can't grasp fundamental security practices or concepts. Now, instead of having a boss (BillG) whose motivation is profit, we've got a security chief whose boss (GBush / JAshcroft) who wants to rob us of our civil liberties.
Bruce Schneier for Security Chief!!!!
The surest sign of intelligent life in the universe is that none of it has tried to contact us. -- Calvin & Hobbes
1) Microsoft are getting into bed with government through the back door (no pun intended)
2) Bush is short-sighted enough to thing that the person who is head of Microsoft security will bring better security than a team of specialists. Oh wait, one person is better because he can call them a czar. Buzzword-me-do.
..nothing says I know Windows is insecure like the guy who used to have to smile at the press after that weeks worm...
"To any truly impartial person, it would be obvious that I am right."
Next, RIAA advisor appointed as judge in IP case, Disney spokeperson heads the new congressional committee for copyright term balance, and Pakistan appoints Hans Blix's replacement at the head of the UN Arms Inspectors Committee.
Daniel
Carpe Diem
Nothing says "Security" better to me than "Former Microsoft Security Chief".
Look, do you want extensive experience or not? I trust this guy to have run into more security problems than just about anyone else out there.
I wonder if he leaned more toward engineering (and the godawful CryptoAPI) or policy (and the signing procedures that let Nimda get out)?
On a more realistic note, in terms of practical security benefit, the recent spending of taxpayer dollars on a set of minimum Windows security standards (the "Gold Standard") is probably one of the most cost-effective things that could have been done for nationwide security. Even if it grates those Linux/Mac OS/etc people among us the wrong way... It beats blowing more money on facial recognition at Super Bowls.
May we never see th
So, Micro$oft has finally infiltrated the US government.... We're all doomed!
Nothing says "Security" better to me than "Former Microsoft Security Chief".
What about "blinde, cripple, deaf, dumb, and stupid rent-a-cop"?
"Everything you know is wrong. (And stupid.)"
Moderation Totals: Wrong=2, Stupid=3, Total=5.
...in the light of Slammer, Nimda, CodeRed, the Saint Petersberg crackers, and Microsoft's generally horrific security record, spread out in inglorious array throughout the history of the company.
He'll probably require Gummint computers to run in 640kB, because nobody could need any more than that.
Got time? Spend some of it coding or testing
Microsoft Security gets an 'F'...
Whats good for the goose is good for the gander, i suppose.
-v
Was because he wanted more security and no one else did? Maybe?
May be White House is using MS products and this is in fact a housecall support. Can you think of anyone to fix White House servers better than the security chief from MS?
According to his biography here. From his bio, it doesn't sound like he's a dyed in the wool microsoftie.
Instead of making jokes or clamoring about how this is a bad (or good) thing, let's try to figure out what this guy is about.
Any signal out there?
My father is a blogger.
I've worked for the Dept of the Navy for 6 years now,4 years as an active marine and 2 for a navy contractor and I've seen a trend in the Navy/MC away from microsoft products and their consultation.
But then again, it doesn't mean that everything will be MS because he's a former MS officer, but it is more than possible. If anything he may have a VERY humble attitude toward things because I'm sure he's been the brunt of many criticisms from his past post.
It's no secret MS has had problems with security.
But I wonder what this will mean for upcoming copyright and piracy issues involving computer software and the like. Since he comes from a company where the doctrine is pretty strict in terms of copyrighting and such, we will see a severe change in the laws?
"Clark's blunt staements on the to the need to avoid erosion of privacy rights is rumored to have rubbed the administration the wrong way, prompting his exit"
Well if the previous guy was removed because he was in favor of keeping privacy rights a concern, this may indeed be the case.
Overall, I can't say this is a good sign.
Excuse my above ramblings, I have strep throat and it's driving me crazy.
Day by day, MS is becoming more like one of those boring typical corporations in US. Start-up -> make money -> lobbying -> get people inside Washington and build business around bureaucracy. I don't dare call MS an innovator, but come on, it's not even 20 years since MS started their business, and they are already joining the club of boring bureaucrats.
"In heaven, the Italians do the cooking, the Swiss do the accounting, the German fix the cars, the French are the lovers, and the British are the police.
In hell, the English do the cooking, the Italians do the accounting, the French fix the cars, the Swiss are the are the lovers, and the Germans are the police".
I guess we can add something about who's in charge of cyber security in either places... and I'm pretty sure where Microsoft has a bigger footprint.
Oh, I can't help quoting you because everything that you said rings true
Just to point out... According to the article, this guy was in charge of Microsoft's network's security, not Microsoft's software's security. The fact that he has been able to keep that web site, which runs on NT, from being cracked for so many years must qualify him as some sort of security god.
(If I am misinformed, and microsoft.com has actually been cracked and defaced at some point in the past, do tell...)
Schmidt's experience with "critical updates" will be handy.
Schmidt has been with the government for awhile. Who among us went to the Town Meetings to listen and (somewhat) debate the original document before it was sent to the White House? Any comments on that panel, Schmidt, or the document?
from the desk of Howard Schmidt
Subject: Plan for implementing National Cybersecurity Strategy
United States SP1
This service pack addresses the following security holes and bugs found in the current public release of United State version 2003:
- free speech buffer overruns
- memory leaks of useless patents
- higher intelectual property security
- copyright roll-over
- civil rights run away processes
- stronger backdoors for stronger crypto
- cpu race conditions
- elimination of privacy APIs
The reason so many national/multinational corporations follow this pattern is because it makes sense. Compared to most business investments on the scale they operate at it probably offers one of the best returns on the dollar -- you can't argue with the benefit of federal goodwill when you're doing things like exporting software with encryption, trying to get government contracts, or attempting to demonstrate in a federal lawsuit that you have your customers' interests at heart.
Can't remember the details but didn't microsoft have some sort of open redirection script on their site that was used to redirect unsuspecting customers to trojan-providing sites whilst purporting to be coming from microsoft.com? Or was that someone else? Can anyone confirm?
Daniel
Carpe Diem
I posted the original story. But this is an insightful clarification.
Some drink at the fountain of knowledge. Others just gargle.
He is probably still going to be working for them.
Please be serious. He may have instituted the policies to keep the site from being hacked, but certainly was not the man responsible for it. The people who worked under him and that are still working there are the ones who are doing that job.
Don't forget that the job he now has to do doesn't distinguish between network and software. It wraps them all into one, thowing hardware and various other IT technologies in the pot. So don't put him on a peddistool and call him a god before we've seen what he actually is capable of. Remember that this job involves reigning in his old emploters and convincing them to actually produce secure software that doesn't affect the Internet in general. Need I remind anyone of a certain MS SQL worm that affected everyone, including Microsoft's network last week?
I am Lord Snowbeam. Heed my call!
Quoting the last five (short) paragraphs of the story:
Is anyone else disturbed by the way first choice candidates seem to be running away from any involvement with government internet security?
Seems to me that this new IT security person appeals to MS and that is it. So, why lump the rest of us into that paradigm?
Don't get me wrong: I help run a company's IT and whatever pronouncements this new guy will make will have all the impact of a stale cocktail.
I find jokes like these as funny as the concepts they profess to support.
Dawn of the Dead
Another officer in the Bush collective.
Is it a problem? Do you need eye glasses?
I'm surprised no one remembers... http://www.google.ca/search?q=cache:_8wS23gFVycC:w ww.xent.com/sept99/0593.html+microsoft+defacement& hl=en&ie=UTF-8
To some, "computer security" means ensuring that electronic communications are entirely insecure, so they can be intercepted and stored in a database to help make sure the citizens aren't going off the rails.
To others, "computer security" means restricted hardware that filters the data it will read and write, so IP owners can exert more control.
Finally, there is the idea that "computer security" means controlling who can access your own computers and information, and how facilitating communication without tampering or snooping. But there seems to be little interest in this one.
I'd be frightened if I knew that my cibersecurity, is on the hands of Microsoft security chief...
...that will make it easier for us (well, those of us in the States at least) to scream "Biased!" when he comes up with any closed-source/Microsoft advocacy. This could actually help.
I gave up sigs almost a year ago.
does this mean that the entire US defence system is going to crash just when u guys need it?
Perhaps one of the editors could get a Slashdot interview ... i mean .. i think a large number of technical people read this site .. and it would be in his best interest perhaps to have a little Q&A with us
coming from MS he should be armed with all the real dirt on Bill, and might just (LOL) know something about all the stuff in the world that MS copy into their system. Not that I'm complaining, Win2k works for me most of the time, but they seem to have gone seriously of track since 2k!!!!
" Nothing says "Security" better to me than "Former Microsoft Security Chief".
I had hoped that the author of this quote was just being sarcastic!!!
I wonder if this guy, and his team, felt it necessary to review the source code in order to make their network more secure.
I mean, did he just accept the binaries as is and curse the fact that he didn't really know what was going on inside.
Did he give feedback to developers so they could improve exactly the points he was finding most valuable. By this I mean a very closed loop that allowed for much tighter interaction with developers than the Network Administrator at an outside company could ever dream of happening.
Or, did his guys regularly review software code in order to insure that nothing odd was happening. If so, how valuable was this to making sure the network was secure.
Point being, if it is te last one, then even Microsoft sees the value of Open Source and many eyes.
He was canned because he wanted to protect individual rights, and had limits on how far he'd go against the citizen?
That alone should scare the hell out of people. Who is taking his place is minor compared to that.
Or did I mis-read it thru the awful grammar?
---- Booth was a patriot ----
According to the schmitt bio: Prior to joining..., Mr. Schmidt was the Chief Security Officer for Microsoft Corporation, Redmond, WA. While there, he oversaw the Security Strategies group, insuring the development of a trusted computing environment via auditing, policy, best practices and incubation of security products and practices.
this does not sound like network security per se to meWe all tend to guilty of going-with-what-we-know. So his past is a relevant to gussing his future policy. Thus his involvement with microsoft and aspects of trusted computing are troubling. Another statement from his bio that i'd like to know more about is
Mr. Schmitt ....has been instrumental in the creation of public/private partnerships and information sharing iniatives
what sort of information sharing? Sharing as in the TIA's notion of it? or sharing as government databses need better integration? Given his FBI and Airforce 'crime information warfare' background it is probably safe to assume that he would see lack of integration as an impediment to law enfocement would like better sharing of confidential data amongst law inforcement. Not an entirely bad idea if safe gaurded and until it reaches the TIA sort of level.
Other than second guessing what I exepct will be the promotion of policy I wont like, the remainder of his Bio plainly says he is technically qualified for both the techincal, policial, manegerial, and policy aspects of cyber security. Few people would be as qualified to adminsitrate the office. I think I would just feel better if he were the deputy and someone else was setting policy.
Some drink at the fountain of knowledge. Others just gargle.
Nothing says "Security" better to me than "Former Microsoft Security Chief".
Nothing says lame journalism like cheep potshots at Microsoft employees.
I know I'm going to hell, I'm just trying to get good seats.
*****
Before joining Microsoft, he was a Supervisory Special Agent, Director of the Air Force Office of Special Investigations, Computer Forensic Lab and Computer Crime and Information Warfare. (HQ AFOSI/CCI). Under his direction he established the first dedicated computer forensic lab in the government. The AF specialized in conducting investigations into intrusions in government/military systems by unauthorized persons in counter intelligence and criminal investigations.
Before AFOSI he was with the FBI at the National Drug Intelligence Center (NDIC) where he headed the Computer Exploitation Team as a Computer Forensic Specialist. As one of the early pioneers in the field of computer forensics and computer evidence collection, he continues to provide training support to an international audience dealing with the new challenges around computer evidence collection and processing.
He was a City police officer from 1983-1994 with the city of Chandler Police Dept. Arizona. He served on the SWAT team, organized crime and narcotics investigations and field sergeant. While there he was detailed to the FBI academy teaching classes in the use of computers in criminal investigations for approximately 2 years.
Howard has over 31 years public service having served with the US Air Force in various roles from 1967-1983 both active duty and in the civil service. He has served in the military reserves since 1989 and currently serves as a Credentialed Special Agent, US Army Reserves, Criminal Investigation Division (CID). He has testified as an expert witness in federal and military courts in the areas of computer crime, computer forensics and Internet activity.
He holds a Bachelors Degree in Business Administration, (BSBA) and a Master of Arts in Organizational Management (MAOM). He also has a Technician class Ham Radio License, and a Single Engine Land pilots license.
******
Hey folks, remember before you kneejerk -- there are more types of security than what programmers think of when they hear the term.
~REZ~ #43301. Who'd fake being me anyway?
For all the people whose blood boils at the mere mention of Microsoft's name: give this man some credit for leaving the company. And, as others here have pointed out, what better laboratory for the study of cyber warfare than MS? Could YOU have handled that heat as long as he did?
It's only funny until someone gets hurt. Then, it's hilarious.
Hydrogen cars will require a completely new infrastructure. This infrastructure will cost a HUGE amount of money.
Not his job, while I agree if you disagree with your boss you get fired.. this is more then that.
The fact that his boss seems to be against personal freedom, as evidenced by this guys removal, it should set off alarms in everyone's head, that the government wont tolerate personal rights and freedoms... in any form.
---- Booth was a patriot ----
I fully agree that MS has a terible record on security, but I do have one qustion for you. How much freedom did this guy actually have at MS to make decisions. How often did the bussiness end of MS override his decisions becouse there were more proftible ways to do things, they saw no need to spend extra time making something more secure, or they thought that doing something was just such a good idea.
I could even see his working at MS being an adavantage somewhat. My understanding of MS right now is that it is very political. He is probably used to working with a very narrow scope of freedom of action, since security has never been a major concern there. If this is so they he has had a lot of practice to get ready for working directly for Bush. The bottom line is I do not like having some one from MS in that job, but I am goign to wait to deride him till I have seen what he does with the position.
"Whenever you find that you are on the side of the majority, it is time to reform." -- Mark Twain
... and pay particular attention to Schmidt's testimony before the House Committee on Energy and Commerce... Microsoft is doing a fine job... increase penalties for cyber-crime... increase funding for law enforcement... but keep the government out of the industry.
According to this story, '...the attack "was 100% preventable." This view was shared Howard Schmidt, cyber security adviser to US President George W. Bush, who on Monday suggested that six months was more than enough time for systems administrators to plug the hole.'
Gee,
Now I am scared. If Bush believes that a former Microsoft Security chief can
handle our nations cybersecurity, Then our President is ill informed. Look at Microsoft's history. I believe the xbox is Microsoft's way of testing Palladium, and xbox has all ready been hacked.
That he is just as incompetent in this job as he was at Microsoft
Don't Tread on OpenSource
The last time Microsoft's networks were attacked was the recent attack of the Slammer worm. It seems they didn't patch all their SQL servers.
This website lists 23 defacements of Microsoft web sites since the beginning of 1999.
One of the most embarrassing attacks was in 2000 when Russian crackers got into the servers that housed Microsoft's source code and waltzed around in there for up to three months!
Microsoft uses their own products, and thus are subject to the same security holes as their customers. Their network security and the insecurity of their products are pretty much one and the same: a joke. Anyone in charge of Microsoft's non-security has no business being the deputy, let alone the man in charge, of our nation's computer security.
But then, this isn't an issue of ability. As the article makes clear, the qualifications for the job are more about agreeing with the president than about securing anything.
"At this moment, it has control of systems all over the world. And...we can't do a damn thing to stop it."
Miyasaka, "Godzilla 2000 Millennium" (Japanese version)
It's all about Fear.
What? People thinking and exchanging news and information on the web? Horrors! They might all be saying bad things about us, (the Powers That Be)! We must put a stop to this!
The best part is that, after all is said and done, after all the fire works and torture and human carnage, the bastards will lose. You cannot channel that much destructive force without being destroyed. Such minds deteriorate as they cling to their nice comfy illusions of grandeur, (and they are illusions. Everybody knows that Bush is a coke-snorting moron, no matter how hard he tries to pretend otherwise, no matter what sly tricks he participates in, his brain remains a piece of cheese. And he continues to rot.)
In the end, the darkness is self-consuming. It's like a black hole; that's the perfect metaphor, actually. The perfect symbol. Selfishness wants and takes and takes until it collapses under its own weight. Selfishness is the frightened child which wants to cling to (and control) its mother, and damn it, climb back into the womb if at all possible. Because the bright and beautiful world is just too damned frightening. (Beware the clingy child.)
Beauty and the Unknown are for the strong and bright-eyed children, who grow accordingly, and seek outwards; never to control, but to test themselves against the world and grow stronger and more capable of participating in the wonders they seek.
Selfishness and Fearfulness, by contrast, seek ultimately, to return to the dark warmth of sleep, and there disintegrate into dream and into nothingness. --And that's fine, (Let 'em vanish!). The only problem being that they can't bear to think there is a bright and beautiful world out there populated with heros and the brave. --Simply, because the contrast between the worms and the brave is a painful one! Nobody wants to be a fearful worm; especially not the worms; especially not the worms! --They have the least ability of all in dealing with hard truths. They are not about growing or changing; they are about warm illusions and control. A brave man winces at his faults but then sets about the task of fixing them. While, a coward cringes in horror at his faults, and seeks to tell himself stories where really, he, is the hero, and then he goes about trying to enforce this image upon all those around him; to maintain the illusion. And all the while, in reality, he degenerates further while the Brave Man grows ever stronger.
Like I have said many times before, Good Guys Always Win. Always. Always. (Despite the millions of messages to the opposite we are bombarded with daily by the Fear-controlled media! Despite the deep cultural programming which begs women to seek 'bad' boys while in the same stroke, casts a homosexual in the role of Smallville's 'Superman') But you watch. You'll see. It all pans out in the end. There will be carnage and there will be blood, but in the end, the worms will turn to mud and vanish, and the heros and the brave will remain. --I firmly believe in reincarnation and in many lives, and that the Heros and the Brave will continue; that Death is just a train station platform. I also believe that the worms will return as well, although in a reduced form, (thanks to Karma). The only way to destroy a soul is for it to continually participate in debauchery and petty fear, until it regresses, finally, into primal matter. Let 'em regress. Let 'em go. Let the little worm people try to control the world and the internet, let them try to control thought itself. (And if it's an MS clone who'll be running things over at the White House, then you can bet they'll keep a thumb on the pulse of such net indicators as Slashdot; Are you listening, you chumps? I am talking about YOU.)
The forces of Fear will cause friction for a time, and they can influence thought, even to a large degree. But only for a time. And not the minds of the strong, who will only shake their heads. And then, finally, they will pass. Good riddance.
Chumps.
-Fantastic Lad
To others, "computer security" means restricted hardware that filters the data it will read and write, so IP owners can exert more control.
:)
No, that's "Trusted Computing."
A computer is "Secure" when it does what it was designed to, as instructed by its owner and only those the owner permits to use it.
A computer is apparantly "Trusted" when a third party can be sure that their software working with their files won't be corrupted by the owner of the machine who it happens to be running on.
If you don't want your PC to be "trusted", or to run "trusted" apps, then don't.
classically what would happen is that the government will pay for the infrastructure and then it will be handed over to private ownership. the price paid by the purchaser is normally a small fraction of the original cost. so basically the government takes tax payers money, builds stuff, gives the stuff to some old rich white man.
-- john
"He has one particularly valuable characteristic that no other federal security leader has in that he has actually fought the bad guys both in defending the networks at Microsoft..."
Obviously, this should read: "He has one particularly valuable characteristic that no other federal security leader has in that he has actually fought [for] the bad guys both in defending the networks at Microsoft and within the government"
To make laws that man cannot, and will not obey, serves to bring all law into contempt.
--E.C. Stanton
No no, that's the updated edition.
The United States Service Release 2 (or USSR2 for short).
However it doesn't include patches for:
memory leaks of useless patents.
That'll come in a service pack later this year.
What is a republic of free citizens doing with a Czar? Or do I assume too much about the USA? Or are we just a squalid rabble, demanding bread and circuses and safety?
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
So much fear and uncertainty because this man once worked for Microsoft. Tell me, does Microsoft implant microchips in all employee brains to control them? Is the U.S. government suppose to automatically prevent all former Microsoft employees from ever holding a government job? Are we to eliminate the tens of thousands of former Microsoft employees from the job pool? What about fomer Sun employees? Apple? Redhat? So many people accuse Microsoft of FUD regarding Linux. From where I sit, this is a little like the pot calling the kettle black.
Second, if he was ever head of MS security, he is used to dealing with extremely difficult situations and has handled his share of disasters. Overall, that job would provide great experiance understanding the tradeoffs made between functionality, ease of use and security. Also, a good understanding of how some software companies resolve security issues and how to lead an effort to address security flaws in software. Probably an ideal background overall.
I had the opportunity to meet and interview Clarke when he came to my school last year to give a speech as part of a post-9/11 outreach program to CS faculties around the nation. (In fact, I wrote an article about it for our school newspaper, if you're interested.) He really handled himself well. The crowd was more or less 100% engineering and CS faculty, grad students, and the type of smart undergrads that would actually care about such a thing, in other words a tough crowd to play to. And I think everyone was a pretty skeptical at the outset that any government official would know his ass from a hole in the ground when it comes to IT policy, so-called "cybersecurity" (blech), and such. But he did! After he spoke he gave about a 40 minute Q&A where people asked him all sorts of tough and sometimes really esoteric questions concerning software patents, the DMCA, network security, hell, something about quantum computing even came up. His knowledge was impressive and, even more heartening, when he didn't know the answer he just said so rather than bullshitting. All in all I left with a good feeling that this guy was the White House's go-to man for IT policy and would be protecting our computers from the terrorists. Now it sounds like he got fired because he wasn't quite fascist enough for the Bushies, which is really depressing. Guess I should have seen it coming all along.
I think there is a world market for maybe five personal web logs.
One of the windowsupdate.microsoft.com servers was 0wn3d by Code Red the other year. Does that count?
The only way the typical /.er can pick up a chick is with a forklift. -- AC
...that he was just 'let go' from Microsoft so that he can now take place as the new Cybersecurity Czar. Why does this info make me shudder in 101 different ways?
-- -=innocent ramblings from the mind of an insomniatic programmer=-
Maybe you mean the:
www.microsoft.com/blabla@fakemic.com
In this case www.microsoft.com is a username for the other domain
About 15 years ago, I was working on for a consulting firm (which shall remain nameless here ;-) that does mostly government contract work. I was one of a small group that was assigned the task of analyzing and reporting on security issues with the growing collection of commercial networked small computers. My task was mostly collecting and/or writing security-test software.
After a couple of months, the security guys discovered some of the things that I'd collected (or written). I was summarily fired.
During the discussions, my boss observed that I was perhaps lucky that they didn't decide to prosecute me. He thought that there were two reasons they merely fired me: 1) I was doing the job that I'd been assigned, and 2) They were afraid that my lawyer would merely demand that all the evidence against me be presented in court.
Within six months, all the rest of the group had quietly resigned. I'm still in occasional contact with some of them. None of us has ever accepted another security-related job.
Computer security is of growing importance. But nobody with much experience in it is likely to accept a government job. I wouldn't avise anyone to take such a job, unless you know that you have the power and money to defend yourself when the inevitable happens.
(It might be interesting to hear from others with similar experiences. Of course, the poster boy for this whole topic is Randal Shwartz. Google him and read all about it.)
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
Wasn't Richard Clarke the guy who predicted the Al Qaeda threat to the Bush team when Clinton left office, and had an aggressive roll-back plan ready, but was basically ignored by Bush, Condi and everyone else? If they had listened to him, they might have averted 9/11...
Has there ever been a henhouse that Bush hasn't appointed a corporate fox to guard? I haven't seen one yet.
When I hear about a the "Drug Czar" I am reminded about the "war on drugs" that has already cost us plenty of civil liberties and caused a violent and expensive black market for drugs.
The idea of a "Cyber Security Czar" frightens me even more, especially given the fact that the Bush Administration doesn't seem to care jack squat for the rights and privacy of American citizens.
The fact that it seems they dismissed the old Cyber Security Czar because he was actually sticking up for the privacy of citizens (and thus not working towards Bush's vision of a facist-style government in which citizens are reduced to flag-waving serfs with no actual rights) scares me quite a bit.
"You spoony bard!" -Tellah
IIRC, Microsoft moved to their own products relatively recently. Before that they used Unix for their server systems.
No, that's "Trusted Computing."
Thats O.K, we're working on the version 11 dictionary which will remove those pesky phrases for you. Now everything is "Computer Security". Its double plus good!
I have an early edition at my home; why don't you pop 'round and borrow it?
Like... "You will be punished if you try to find a bug in our absolute secure system!" :)
I think Howard is a putz. He will be a nice, obedient yes-man for the Bushies (the Roves?) in their quest to narrow rights and liberties.
It will be a shame to see someone as forthright as Richard Clarke leave office.
Anonymous "Cyber" security professional
It bothers me a lot that we accept the term "czar" as applied to American leadership.
The leaders upon whom we bestow the appellation
"Czar" are not even elected. What's next? The Shah of Agriculture? The Reichsfuhrer of commerce? The Emperor of the Interior? Grand Poobah of Energy?
-fb Everything not expressly forbidden is now mandatory.
Well, I was intrigued by this because I had thought that they had been running apache for a while. However, I went over to netcraft and found this page, http://uptime.netcraft.com/up/graph/?host=www.micr osoft.com Seems IIS is able to take the load. I'm no microsoft fan, but I was impressed.
So what was so great about Clarke? goombah99 says Clarke made "blunt staements on the to the need to avoid erosion of privacy rights" and that's all fine and good, I suppose.
However, everyone here seems entirely unaware that Clarke is the same dumbass that tried to warn everyone of the prospect of a digital Perl Harbor. In this keynote adddress, Clarke exploits the 9/11 tragedy to stir up peoples' fears by saying that the U.S. is vulnerable to the "functional [electronic or Internet based] equivalent of four 767s crashing into buildings, not the little car bomb." To me, he just seems like a big time fearmonger.
Apparently, the only kind of statement Clarke knows how to make is the blunt kind. I'm not surprised he's leaving.
Furry cows moo and decompress.
You specialize in the irrelevant? He wasn't sysadmin of MS's web division, he steered the design priorities for MS product security. Now ask the relevant question: when was the last time a MS product was compromised?
According to the article, this guy was in charge of Microsoft's network's security, not Microsoft's software's security
Not like those two things could be related. dumbass.
VMyths rantings often discuss this fellow.
Saskboy's blog is good. 9 out of 10 dentists agree.
lol...
...
;)
ms former security chef
*mpfff*
kewl choice
the first thing is to install *next generation WhatEver* on any box
if you notice an increase in the number of worms spread through the US Postal Service, make sure you download the American Security Update (v.96) patch.
"Ladies and Gentlemen of the United States, let me just say this: If you are running any Microsoft products... and I mean any, a mouse, a keyboard, Map, Notepad -- ANYTHING! Stop! Wipe your harddrives clean. Destroy the hardware. I used to work there and the stuff really sucks. It is poorly designed, has massive security holes and listen I know this will sound crazy, but it all reports to a central MySQL Database! And listen this whole Linux thing, it's a ruse! It's just more MS crap they are beta testing. Now listen, everyone just go buy a Mac and a copy of Lotus Notes and everything will be OK. Thank you and good night."
This
..how does your statement jibe with this, about their intranet, the NMCI:
m l
http://www.gcn.com/22_2/mgmt_edition/20910-1.ht
--partial paste from article---
By comparison, NMCI officials and EDS are dealing with a filing cabinet full of used carbon paper. When they opened the drawer on the Navy's IT infrastructure, they encountered a veritable junkyard of ancient networks (about 1,000) and legacy systems (about 100,000)--a situation that has caused major delays in the rollout.
Both Navy officials and EDS managers agree that it would have been better to have had a handle on the scope of the department's legacy IT assets much earlier, but it still might have been impossible to do a thorough inventory.
"I don't know that anybody could have ever visualized all of that until you actually dug in, especially in an organization that is as diverse as the Navy," said Bill Richard, NMCI program executive for EDS.
The Navy's Ehrler concurred. "The message we got from industry was when you get into these types of contracts nobody has a clear handle on what exactly they own," he said. "That's just part of the pain you've got to go through in deploying a [managed-services] contract like this."
"In hindsight it would have been nice to have had a better enterprise, corporate-level view [of the IT environment]," added Rear Adm. Charles L. Munns, NMCI director for the Navy. "I think we got a snapshot of it during year 2000. That was our first real effort to understand what we have. That's what made us understand that we really needed an intranet."
100,000 legacy applications
"You can look back at where the hurdles have been and talk about what might have been done differently but I don't know that we could have done it any other way," he said. "We needed a rallying point and that was the intranet. That's what got us to start to think corporatively."
The department's tangle of 100,000 legacy applications have been the biggest hairball.
"I don't think we recognized the magnitude of the change we were embarking on," said Rear Adm. Charles L. Munns, the Navy's NMCI director
To get control of the situation, Munns last summer created a group of 24 functional application managers to make decisions about legacy applications. They quickly began killing apps that wouldn't work in a Microsoft Windows 2000 environment, were redundant or didn't meet NMCI security standards. Richard said this was a crucial step toward getting NMCI back on track.
--, I see them wanting to intergrate and streamline, that actually makes sense, but it looks to me like a microsoft based across the board move. What am I not reading correctly here?
--sorry about the step throat. The new wild oregano-based over the counter capsules are supposed to be great on boosting the ole immune system.
I guess you've never met anyone who quit a job because they hated their employer's ethics. I certainly have. I'm also mature enough to realize that not every ex-Microsoft employee is in the pocket of Bill Gates. I'm sure that more then a few of them hate his guts.
I saw Clarke speak on Tuesday- I was encouraged by his statement on privacy rights, as well as his assertion that we (consumers and the federal government) shouldn't buy crappy software. I think he actually used the word "crappy", and he was definitely referring to MS (this was like 2 days after Slammer). He called for microsoft to actually demonstrate some improvement in security from that PR stunt last Feb.
But alas.
I wish I colud say I was surprised...
america, microsoft? what's the difference?
I sent an email to the President and Vice-President saying "I don't often make my opinion known on these subjects, but have you lost your mind? Making Microsoft's ex security chief the cyber-security czar is like making Barney Fife head of the FBI." Everybody on Slashdot should. Maybe someone will realize that maybe it wasn't the smartest move.
Wonder when this fellow will do a "Bill Bennett".
Microsoft on security:
Blame your customers for not applying patches soon enough....but forget to mention you haven't applied them yourself.
Blame your customers for not being trained enough on your software products.....but don't let them catch on that they've been beta testing final realeses for bugs you supposedly fixed awhile back.
Bush uses linux for the Whitehouse.gov site (Bush uses Macs also) and the Department of Homeland Security swithched from Win2k/MS SQL to Linux/Oracle. It looks like the government TRUSTS Linux/Unix for security, but to return the favor for campaign contributions selected someone from Microsoft.....to contain the Microsoft security problem.
"You helped our nation celebrate its bicentennial in 17 -- 1976." --George W. Bush, to Queen Elizabeth, Wash
But do you really expect to make the transition to Hydrogen WITHOUT the support of the oil companies? It won't happen. As much of an idiot Bush is, he's smart to get the oil companies on board with Hydrogen.
I'm usually a "sacrifice no liberties" kinda guy, but if I've gotta let oil companies continue to have power in order to significantly reduce pollutants in the U.S., i'd do it. I'm actually much less worried about oil companies than I am about many, many other things right now.
Not necessarily. That's why the oil industry needs to be in on it. They have the gas stations and delivery trucks. And if there really is a chance of changing to hydrogen, the oil companies already know it, and are doing everything they can to position themselves to be the new hydrogen industry.
Without the oil industry the transition would either never happen or take a very long time.
"Those who consume the bulk of goods are those who make them. We must never forget this secret of our prosperity."
In Soviet Russia he would have been shot.
Yeah, we've gone from a long-time, brilliant, and completely ignored proponent of better security against terrorism, information warfare and other means of asymmetric warfare to an arguably incompetent defender of infrastructure who will be listened to. Great.
For your security, this post has been encrypted with ROT-13, twice.
Iraq *is* chairing the UN conference on disarmament. Seriously.
What does this mean for Linux in Security offices?
YRII
You've got to be kidding Nothing says monopolistic, security flawed, over-priced capitalism, greed, and personal interest greater than public interest than "Former Microsoft Security Chief". But, hey, Bill probalby paid for this president so he should get what he wants
Uh, I think it was a joke...
A chief of security job is about ***MAKING SURE THE COMPANY IS SECURE***. First and formost, in a physical sense. These days, also in computer sense. It was ***NOT*** in any way, shape or form his job to ensure the product that the company makes has no security code. (Also, in case of M$, his job was made more difficult in that there was obviously company internal pressure to use their own products to perform his job, which - how should I put it mildly - may not have been the optimal choice :)
:) and cyber (someone broke into their network and stole beta code for Windows), and how he dealt with resultant issues. (I.E., not only whether someone could break in, but how was he able to make sure the method could not be repeated). Again, additional adjustement needs to be made due to pressure on M$ security to use in-house developed software which sux.
:)
Therefore, his competence should have been evaluated solely on the amount of SECURITY FAILURES that M$ as a company had, both physical (someone broke in and stole Gates' favourite chair
Before all of "bush bad, MS bad, Marx good" slashdotniks start yelling about "he was a security chief for M$ and the holes in Windoze mean that he is not good at his job", please use your brains for a change!!! (And no, I have no great love for M$, I just use my brains from time to time
-DVK
"The right to figure things out for yourself is the only true freedom everyone shares. Go use it"-R.A.Heinlein
I tend to view any powerful person suspiciously and behave with caution around them.
Recently I attended a "cyber-security town hall" in which Clark was the main guest.
Frankly, I was pleasently surprised. He was *not* the raving fascist I expected him to be. He was a good old fashioned Republican. It was funny, he was wearing a blue suit, white shirt, and red tie.
He said that it was his goal to secure our nation's interest while avoiding the creation of Big Brother. He seemed to realize that BB would negatively impact him personally (even as one of the elite), not to mention the rest of us.
And now barely a week later he is gone. "to spend more time with his kids" like Hilary. (yea right).
Haha! Yup, the US is going to hell now.
Anyone know how Schmitt will view the relative security of closed versus open source?"
Yes, I do know.
He likes Open Source. Put your fears to rest. Yes, he worked for the Borg, but they never assimilated him. In fact, he was VERY happy to get out of there.
I know him, and I know some other people who know him better than I do. He's a lot closer to our views than he is to Micro$oft's.
In times of universal deceit, telling the truth gets you modded -1 Troll
Why does this sound like Tom Clancy's: Netforce?
Let's see. Violate Anti-Trust Laws, get a slap on the wrist, then a government job dealing with what your former company has always sucked at. I believe Yakkov Smirnoff (?sp) said it best when he said "What a country!"
Iraq *is* chairing the UN conference on disarmament. Seriously.
Their co-chair for February is Iran too. As much as Iran dislikes the U.S. right now, the chance to screw over Iraq is just too good for them.
Heh. Once again, alphabetical seating order puts you right next to people you hate for the rest of your career. It reminds me of high school.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
... in three to eight years we will have a machine with the general ... The machine will begin ...
intelligence of an average human being
to educate itself with fantastic speed. In a few months it will be
at genius level and a few months after that its powers will be
incalculable
-- Marvin Minsky, LIFE Magazine, November 20, 1970
- this post brought to you by the Automated Last Post Generator...