Slashdot Mirror

← Back to Stories (view on slashdot.org)

Howard Schmidt Resigns As Cybersecurity Advisor

Posted by timothy on from the thanks-for-all-the-snacks dept.

scubacuda writes "CNN and others report that former Microsoft chief of security Howard Schmidt has resigned as White House cybersecurity adviser. 'With the historic creation of the Department of Homeland Security, the transfer of many of the responsibilities from the Critical Infrastructure Protection Board and the release of the strategy, I have decided to retire after approximately 31 years of public service and return to the private sector,' Schmidt said in his April 21 e-mail."

29 of 133 comments (clear)

  1. Does he count 'Microsoft' as public service? by Anonymous Coward · · Score: 5, Funny

    I mean, I know we saw plenty of "What's good for Microsoft is good for America" rhetoric during the anti-trust trial, but that would be a bit over the top.

  2. What? by SixDimensionalArray · · Score: 5, Insightful

    I might be way off here, but didn't he just recently ACCEPT this position and he's already resigning?

    1. Re:What? by PD · · Score: 5, Funny

      You're probably thinking of the privacy officer that came from DoubleClick. Another obvious choice. The Department of Oxymoronic Mandarins must be well funded this year.

      --
      If tits were wings it'd be flying around.
    2. Re:What? by Blaine+Hilton · · Score: 4, Insightful
      This is probably a sign that the current administration has really bad cyber security plans. I know they really are not doing too much for homeland security too. They have all these billions of dollars, but it doesn't seem that it's going for any real protective measures.

      Go calculate something

    3. Re:What? by Motherfucking+Shit · · Score: 4, Insightful
      I might be way off here, but didn't he just recently ACCEPT this position and he's already resigning?
      Yep. His predecessor resigned, too, just three months ago, citing the Slammer worm as his reason for leaving. It seemed like a bad excuse at the time, and it seems even worse now, after two people have resigned that position this year.

      My hunch is that either:

      a) Whoever's in the office of Cybersecurity Adviser is basically the designated fall guy. We'll see this person pushed out (e.g. fake resignation) whenever there's a "cyber attack" that he "should have seen coming."

      b) Both men accepted this position, realized that the plans they're supposed to implement are just feel-good actions which aren't going to really accomplish anything security wise, and decided to get out.

      c) Both men accepted this position, were asked to do something they couldn't morally/personally agree to do (perhaps some sort of TIA-style project, or overzealous "figure out how to route the entire internet through the NSA" plan) and decided to get out.

      d) The government doesn't pay me enough to put up with all this shit.

      e) Some combination of the above.

      Granted, all of these are speculation, but I imagine the true answer is probably e). It'll be interesting to see how long the next one lasts.
      --
      "BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
  3. Imagine... by Anonymous Coward · · Score: 5, Funny

    ...a Beowulf cluster of these resignations!

  4. Wow! by stevens · · Score: 4, Interesting

    2 whole months!

    I wonder what really made him quit?

    1. Re:Wow! by zulux · · Score: 4, Funny

      2 whole months!

      I wonder what really made him quit?

      Buffer overflow - he actually got six years of work done in those two months.

      Too bad most of it was jibberish.

      --

      Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.

    2. Re:Wow! by Chester+K · · Score: 5, Funny

      I wonder what really made him quit?

      He finished his job. The Internet is now secure. Thanks, Howard Schmidt!

      --

      NO CARRIER
    3. Re:Wow! by Karl_Hungus · · Score: 4, Funny

      2 whole months!

      I wonder what really made him quit?


      Maybe they forgot to reboot him?

      --

      --
      Freeper Logic
  5. Cumulative by Anonymous Coward · · Score: 3, Informative

    "Howard has over 31 years public service having served with the US Air Force in various roles from 1967-1983 both active duty and in the civil service. He has served in the military reserves since 1989 and currently serves as a Credentialed Special Agent, US Army Reserves, Criminal Investigation Division (CID). He has testified as an expert witness in federal and military courts in the areas of computer crime, computer forensics and Internet activity."

    1. Re:Cumulative by benna · · Score: 3, Funny

      OK, that was a bit too informative. Are you him or something?

      --
      "It is not how things are in the world that is mystical, but that it exists." -Ludwig Wittgenstein
    2. Re:Cumulative by Anonymous Coward · · Score: 5, Funny

      No, I read the articles linked in the Slashdot story.

    3. Re:Cumulative by kuroth · · Score: 5, Funny

      >No, I read the articles linked in the Slashdot story.

      Look buddy, if you're going to be pulling shit like that, I'm afraid you're just going to have to leave.

  6. Good Job! by barista · · Score: 4, Funny

    Good Job. We all know how secure Microsft products are.

    I nominate Hillary Rosen to be the next Cybersecurity advisor

    /troll
    /sarcasm

    1. Re:Good Job! by Kruid · · Score: 3, Funny

      Bite Your Tongue!!! Be careful what you wish for !

      --
      Your mind moves quicker than a nun's first curry. - A. Rimmer
  7. Finally someone realized... by jbwiv · · Score: 5, Funny

    I can just imagine the look on their faces...

    "Wait a minute...this guy was the Chief of Security for who?!?"

  8. oh, the irony by shawnywany · · Score: 5, Funny

    the security advisor resigns via e-mail? doesn't anyone find this a little bit ironic? :)

  9. I fear for our nation's safety by Anonymous Coward · · Score: 4, Funny

    WTF? He's only been there for like 2 months. Why was he fired? This is truly disapointing for the welfare of our government's computer systems. Who else could possibly be more qualified than the former Chief Security Officer for Microsoft Corporation?

  10. Culture Clash is the Reason by DASHSL0T · · Score: 5, Funny
    After repeatedly informing coworkers about how much I Love You.vbs and numerous emails about his daughter Melissa.vbs, Mr. Schmidt was on thin ice.

    Apparently his suggestion to replace Dr. Pepper with Code Red in all the vending machines was the final straw.

    --
    Freedom Is Universal
    Linux-Universe
  11. Actually a loss to the Government by D3TH · · Score: 5, Insightful

    Having worked with Howard during his time with the Air Force, and having followed his career in the private sector and post-Air Force public service, this is really too bad.

    For those who don't know (which I assume is most of you), Howard was a pioneer in the area of computer evidence analysis, first as a 'local' police officer, and then as a federal Special Agent. It's important to note that his time at Microsoft had nothing to do with their products (this in response to all those "we all know how secure Microsoft products are" trolls out there).

    He and his wife are avid computer users, and Howard was one of the few people I've ever encountered at his level in Government service that could talk to you about technology and computers with any degree of real understanding. He built his own machines (at least when I was working with him) and was taught classes on low-level file system internals and disk layouts.

    He became involved with computer crime at a time when only hard-core hackers (not crackers) were really playing around with computers, and paved the way for many others who are themselves pioneers in the information security community, both in the public and private sectors. The atmosphere created and fostered during his time at the Air Force allowed many people to grow and learn, and many of them are not only members of the InfoSec community, but the open-source community as well.

    I'd better quit before this turns into blatant fanboyism, if it hasn't already. My intent is not to deify him, I just want all of you who've only heard him give nicely formatted press conferences or canned interviews to know that there's more to him than that. I'm not sure if you could really find someone better to be involved with the goings-on at that level, but I'm absolutely certain that you can find many many worse.

    --
    ---
    1. Re:Actually a loss to the Government by Anonymous Coward · · Score: 3, Insightful

      If he's so great then what was he on about with all those interviews where he insisted that Microsoft was completely focused on security? It was only a couple of years later when everyone at Microsoft resigned the fact that they didn't have a clue about security and took time off to try to figure it out.

      Canned interviews are quite telling because it puts a face on the hype. He was either saying things he didn't understand or he was knowingly selling a myth.

    2. Re:Actually a loss to the Government by D3TH · · Score: 3, Informative

      Since it's obvious from your reply that you didn't bother to read my entire post, I'm going to guess you're a troll. But since you're getting modded up, I figured I'd better point out why you're wrong. From my original post, to which you replied:

      "It's important to note that his time at Microsoft had nothing to do with their products"

      While Microsoft has it's share of problems with network and internal security, the problems that you CAN'T lay at his feet, if I understand his position there correctly, are those that relate to IIS etc.

      Secondly, I didn't comment as to his performance in his last position, or even at Microsoft. I spoke just to his background and suitability based on my experience. I never said he was a nice guy, or that he was smart, just that when I worked directly with him, he was significantly more clueful than the majority of the other people I've interacted with at his level. Since I haven't been interacting with his most recent office, I can't comment as to whether or not he did or didn't do a good job. But you know what, I doubt you're qualified to do so either. If you are, let me know why and I'll be glad to apologize.

      You're not sorry to see him go, eh? I'm sure that will break his heart. Maybe you'll get lucky and the predication further down in this thread will come true, and Hillary Rosen will be tapped as his replacement.

      --
      ---
  12. "My work here is done" by overshoot · · Score: 4, Funny
    he announced, riding off into the West (well, to Redmond anyway).

    In other news, Microsoft announced that they had just been awarded a number of new Homeland Secuirity contracts.

    --
    Lacking <sarcasm> tags, /. substitutes moderation as "Troll."
  13. he was fired because by toddhunter · · Score: 5, Funny

    He didn't do the Austin Powers double quote thing with his fingers each time he said 'cyber'

  14. Cool....a job opening. by becktabs · · Score: 4, Funny

    I really need some work.

  15. Did Schmidt resign due to Microsoft's failure? by NZheretic · · Score: 5, Informative
    The endemic failure of Microsoft toward the security of it's own products, services and customers is reason enough to bring Howard Schmidt's leadership in the area of cyber-security into question.

    For example, Microsoft was notified of the issues, concerning only Microsoft implementation of its JVM, on September 2nd 2002 and after SEVEN MONTHS on April 9th 2003, Microsoft have issued an update to fix the problem.

    Such a delay with such a serious vulnerability is so abysmal that it borders on the absurd.

    Quality and security are measures which only mean something when compared relatively to another.

    There is no absolutely secure, therefore you must expect, that once a vulnerability is made known to the vendor, the vendor should do their utmost to close the Window of Exposure ( http://www.counterpane.com/window.html ) as soon as possible.

    For example, with the lastest SAMBA vulnerability, once notified, the SAMBA developer owned up to the mistake and the SAMBA project released a patch within 48 hours. Within aother 24hrs, redhat had already backported the patch into their distributions RPMs. Similarly any major security issues in Mozilla and Netscape browser are also fixed and updateable within a couple of days

    Meanwhile, there are currently 13 KNOWN unpatched vulnerabilities in Microsoft's Internet Explorer ( http://www.pivx.com/larholm/unpatched/ ).
    Some DANGEROUSLY EXPLOITABLE have not been fixed in over a year ( http://security.greymagic.com/adv/gm002-ie/ ). That Microsoft has not rewritten the scripting system embedded with IE so that it is sandboxed by default is bad enough, but to have such major unpatched vulnerabilities exposed for months is abysmal.

    Other inherent vulnerabilities, such as the Shatter attack ( http://security.tombom.co.uk/moreshatter.html ), Microsoft has known about since 1994!

    Even if the API/call flaw is inherently unfixable, that is plenty of time for Microsoft to implement a safer methord/systemcall/API, adapt it's own applications to use the safer methord and depreciate the unsafe API.

    It also appears that Microsoft 's own implementation of SMB is vulnerable and Microsoft has known about it for over eight years ( http://developers.slashdot.org/comments.pl?sid=599 60&cid=5681769 ), but Microsoft either choose not to, or cannot fix the problem themselves.

    Microsoft is clearly not closing the vulnerabilities they are aware that exist in their products and services.

    A year after after Bill Gate's Email promoting securtiy over functionality, Microsoft by choice, remains neither secure or trustworthy.

    Microsoft's attitude towards the security of it's products, service and customers is abysmal.

    From Jason Coombs' A response to Bruce Schneier on MS patch management and Sapphire ( http://www.securityfocus.com/archive/1/315158 )

    Microsoft Baseline Security Analyzer (MBSA) and Microsoft's version of HFNetChk both failed to detect the presence of the well-known vulnerability in SQL Server exploited by Sapphire, which is one of the reasons so many admins (both inside and outside MS) had failed to install the necessary hotfix. MBSA and HFNetChk are Microsoft's official patch status verification tools meant to be used by all owners of Windows server boxes ...

    ......In addition to designing MBSA to avoid scanning for SQL Server vulnerabilities, failing to update mssecure.xml reliably and in a timely manner, deprecating HFNetChk by pushing the MBSA GUI as its preferred replacement, and hiding the details of the technical limitations

  16. We've made a wrong turn somewhere. by eidechse · · Score: 4, Insightful

    As evidenced by the fact that this: "We are concerned that the cybersecurity issue is losing visibility inside the White House," said Harris Miller, president of the Information Technology Association of America. "In this case, the 'bully pulpit' opportunity to influence the development of a truly secure cyber infrastructure and associated best practices will be lost." is one of the main opinions expressed in this article. We've elevated commerce to such a position that the perspective of a trade group is of primary importance when reporting on government and security. I know this isn't new. Business has played a large role in politics and civics (if the two can be separated) for at least the last 2000 years, but it seems especially egregious when Miller laments the loss of the "bully pulpit" as if he just got outpid for a Super Bowl commercial slot.

  17. Re:So when the Windows update servers got pantsed. by D3TH · · Score: 5, Insightful

    It's easy to sit on the sidelines and snipe, but the fact of the matter is you've done nothing to address my original post. Instead of nitpicking my statement about his position not being related to products, it would be nice if you had addressed my point, which is simply that during the time that I worked with him, he was significantly more clueful than the other administrators I've interacted with at his level.

    Since it's doubtful you were employed at Microsoft during his tenure there, and even less likely to have been privy to any policy or other decisions he made while there, its fairly disingenuous for you to now judge him on the content of a few news stories. I suppose that's always the problem with any position related to security, people never hear about the incidents that DIDN'T happen.

    Regardless, I'm not here to defend Howard's performance per se just to give my opinion, having worked directly with him (unlike you?) that there are certainly worse people they could tap for the job (see post below re: Hillary Rosen).

    --
    ---