Slashdot Mirror
Former MS Security Strategist Joins Mozilla
Handset writes "Former Microsoft security strategist Window Snyder is joining Mozilla to lead the company's effort to protect its range of desktop applications from malicious hacker attacks. eweek.com reports that Snyder, who was responsible for security sign-off for Microsoft's Windows XP Service Pack 2 and Windows Server 2003, will spearhead Mozilla's security strategy and improve its communications with external hackers and bug finders."
a human trojan has been inserted into Mozilla?
glad Safari uses the khtml engine...
I predict someething about the next version of Firefox being more spyware friendly.
Will the Mozilla fans throw their arms up in disgust (An MS Security expert - that's a contradiction!) or will they suddenly be supportive of someone they have effectively been bagging for years? (An MS Security expert for Mozilla! - what a coup!)
dnuof eruc rof aixelsid
Double-agent working for Microsoft to bring the downfall of mozilla security?
hooray..lets have it...chairs all around..here you go..two for you...Redmond Cherry or Vista White?
Hey, I am for security and all, but somebody needs to call the phone numbers on his resume. I heard that Microsoft doesn't have a "security" department.
Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
We can draw two possible conclusions from this. Either a: MS' security team was made of good people who were doing the best they could for such a large project with such a large user base and extensive backwards compatability, and thus that Windows security was the best it could have been (even if that wasn't so good). Or Mozilla's security is going to go down the tubes. It's a slashdot paradox! Clearly we can't grant #1, because that wouldn't be sufficiently critical of MS, but be can't grant #2 either because we love Mozilla. I'm just glad Mozilla doesn't think this way.
Philosophy.
Cmon Slashdot, a guy from Microsoft whose first name is "Window" and had a job implementing security at Microsoft??? These April Fools jokes get dumber every year.
Hmm...."former"...."security" strategist...
Uhuh. Sure. Whatever you say.
I think I'll grab a copy of the source code now...
*Dons tin foil hat*
Use 'slashdot stuff' in the subject line in any email you send me if you want to get past the spam filter.
This has to be a joke. Microsoft actually employed a named Window S. ??
In a related story, Heat Miser has joined the fire department.
Where were you when the voynix came?
Is he required to change his name to Mozilla Snyder now?
Sorry.
k.
"In spite of everything, I still believe that people are really good at heart." - Anne Frank
Since Asa Dotzler of Mozilla keeps deleting me from his blog, this is just to publicize. I asked a very simple question in an Ask Asa a while back: Who was responsible for the testing/QA failure that led to a security regression in Firefox 1.0.4, how will they be censured, and what is being done to prevent a similar recurrence. He didn't answer and has deleted every comment I post, in which I've said the same thing. I think it's a fair question. Not answering is pretty crappy, but censoring just because he spends too much time being 'visible' and not enough time actually doing QA is truly pathetic. Asa isn't the funloving guy his blog projects, he can be a complete idiot too. Spread the word. I know this doesn't fit into the rose-tinted view of prominent open source projects with 'many eyeballs' having better security, but it's true. The sad fact is that the entity investing most in automatic code checking tools, mandatory design and test cycles, mandatory threat modeling, regular code audits, etc. is Microsoft. Mozilla security practices are rubbish and the sooner someone publicizes the failure the better it will be. Hopefully Snyder is the person for the job.
First thing that popped into my head was the new Mozilla security slogan.
"We're not going to take it! NO! We ain't gonna take it! We're not going to take it, anymore!"
Task Mangler
"Former MS Security Strategist Joins Mozilla" Guess we'll have to stop using that product (mozilla) out of fear. ;-)
Er, eh, not that influences my perception of her value to the Mozilla corp at all...
Make sure everyone's vote counts: Verified Voting
...had to be a product of hippie parents.
I'd imagine his parents would have just completed the conception of Window and his father stumbled to his feet in a drug induced stupor and suddenly had an idea of what to name their recently created progeny as his eyes came into focus on the first thing he saw, exclaiming "Babe! I just thought of a awesome name for our kid...."
Just a thought.
Opera right now.
...to drop Firefox. Great strategy!
One of the linked ads text for this page: Waste Receptacles The Spot To Find It! It Is All Here. Couldn't have put it better myself.
---- MISSING MISCELLANEOUS DATA SEGMENT --- [sigdash] trolololol
Mozilla will now be able to compete with Internet Explorer!
Wondering why i am doing so strange posts? I am trying to get a "+5,Flamebait" or "-1,Insightful" rating.
Window's an old friend of mine, so let me be the first to congratulate her here. W00t!
So the security world used to be pretty hostile to MS, before, you know, XPSP2, MSRC got taken seriously, etc. Window showed up before all of that, and pretty much took our abuse year in, year out. And then...things got better.
She'll deny any direct cause and effect there, but she was _the_ interface between Microsoft and the various security cons for quite some time, and I think at least some of the reason we got certain concessions (like 24 hour response time out of MSRC) is that she was there to hear people say things like "I dunno, why should I warn MS, they're just gonna sit on it anyway."
Firefox is not without problems (understatement). I'm looking forward to seeing what Window can accomplish w/ Mozilla.
Eeek teeth! Never be rude to a girl who's that tooled up.
I bet a number of people will soon be able to see right through this move in the next few days.
Thanks folks, I'll be here all week. Please try the fish.
Could anyone imagine growing up with the name "Window", what were the parents thinking?
Also known as the George Costanza rule of management.
If people leaving for Google lead to flying chairs and death threats, what does people leaving for Mozilla get you? Tables rolled down stairs and harshly worded phrases about maternal lineage?
-Charlie
Well there you go. Had to mess up a perfectly good browser. I guess we should expect Firefox 1.5.0.6 SP1 out any day now. I have one question. Why him? Can anyone say Opera.
hey guys, guess what I just did!
that's right, I backed up the current version of firefox onto not just one, but 2 CDs.
Coming soon to Mozilla: ActiveM plug-ins! Now with the exciting "FORMAT C:" functionality, and complete integration with BOTH kinds of email software - Outlook AND Outlook Express!
I have discovered a truly remarkable
"OH NOES!!1!" :-)
It's a trick!
well...
there is always Opera or Konqueror...
But if we're talking about this Window Snyder she is kinda cute. You know, for a former MS security expert.
WTF is this? most of the first dozen or two posts are aimed ot be (and are modded) funny. I thought this was supposed to a forum for serious discussion, not a fucking comedy club wanna-be.
This could be great. A big push out into the mainstream.
Any specific bugs or security problems are now "internet problems...".
Make ppl feel that is an underlying network problem not application specific.
You secure mind share by having a strategy to deflect any negative comments about your app with good planning.
Domestic spying is now "Benign Information Gathering"
Are all the key people leaving in MS because some board agreed that it is time for a proverbial reformat?
The government can't save you.
She'll have to change her name to Firefo Xnyder.
Or maybe Thunderbir Dnyder. But that just doesn't have the same ring to it.
paintball
If you have a personal problem with Asa, log in or link to your blog. Making accusations like that as an AC is rude and accomplishes nothing. It's not as if you're a whistle blower and the Moz mafia are going to murder your pets in the night.
if they're not already married to other people, Window and Linus need to get married. They could even name their first child Lindow.
You can't say that this captain hasn't been through a shipwreck.
... Duck and run!
Is he required to change his name to Mozilla Snyder now?
Well, his original name was Sam Snyder. They tried to change it to Mozilla Snyder, but the name was in use and the legal department made them go with something else, so they picked Windows Snyder instead.
Then the legal department had a case of deja vu...
Please help metamoderate.
Now we in the open source world can start benefitting from all those ironclad security techniques that have heretofore beeen the sole purvue of Microsoft's security team!
Pretty soon our stuff will be almost as secure as Windows!
Now if only we could only get a defection from whomever it is at Microsoft that is in charge of their world reknown OS stability....
Tom Caudron
http://tom.digitalelite.com/
-Tom
There were no reports about chairs being thrown. Glad to know that.
. o O ( TwO hEaDs ArE mOrE tHaN oNe... )
When I first read the summary, I couldn't figure it out. Microsoft hasn't been the best example of "security is job one", and I thought news like this might be rather hidden by the Mozilla team than promoted.
But after seeing her pic, now it all makes sense. It's another way for some geeks to be near a female!
j/k I hope she's is very effective (and happy) in her new role.
Maybe Ms. Snyder thought working on a browser that is a stand-alone app rather than a browser that has hooks in the entire OS is a less overwhelming challenge!
This guy approved SP2? What is this, some sneaky M$ trick to ruin a perfectly fine company with it's 'security'?
I fear what may come of this.
-Tim Louden
A Microsoft employee called Window? Why, that's like an ice cream man named Cone!
"It's a reverse vampire...they....they crave the sun!"
Second Mozilla nabs her. Ironic No.
Microsft's Window jumps ship to Firefox.......(of all the headlines we mangle here this one's begging for it.)
The comedic possibilities are overwhelming. But here is the strangest one. Mozilla supplies her with 3 workstations. For compatability reasons she's gonnan need a Mac, a Linux, and a Windows box.
wait for it.
But now they are all window's machines. Gasp, This woman is dangerous and must be stopped.
In all seriousness, If she had anything to do with the sp2 patches, she is my new personal hero.
Welcome to the light. Don't be afraid. No, no, we promise, it's definately not open sores, I don't care what those dicks in the cafeteria said.
O.K maybe not in all seriousness.
OSGGFG - Open Source Gamers Guide to Free Games
So the security world used to be pretty hostile to MS, before, you know, XPSP2, MSRC got taken seriously, etc.
Used to be? Maybe you see a different view of them when they hire you for security consulting and fly you out for their Blue Hat conferences and such. But from my outsider perspective, Microsoft is still a security disaster. Not only have we continued to see hundreds of serious vulnerabilities throughout 2006, but MS has in many cases made us wait weeks or months before patching widely exploited bugs. Heck, another actively exploited MS Office vulnerability was just discovered in the wild. If we're lucky, MS will cough up a patch on September 12, otherwise they'll probably leave users vulnerable until the next "patch Tuesday" on October 10.
Meanwhile, Microsoft recently re-issued MS06-042 with a fix for a vulnerability introduced by their first attempted fix. And they openly admit that they excluded eEye from the advisory credits because eEye embarrassed MS by making their incompetence public. MS is more interested in petty vendetas against researches than actually fixing the flaws.
Microsoft has made a few positive steps toward securing their products in that last couple of years, but I think most of their efforts and successes are more in the PR realm than anything with technical merit. They have spent so much money sponsoring conferences (their money does come with strings attached) and paying off security researches, that many people seem reluctant to criticize them.
OK, enough anti-MS ranting from me for now :). My main point in
replying is actually to agree with you about Window. She is extremely
smart and talented, and her defection to Mozilla is great news for a
product which really needs more security
attention. We had lunch last week to discuss Mozilla security and Window has some great ideas. Mozilla may already be much more secure than IE, but we should set a much higher bar than that! Best of luck at your new position, Window!
-Fyodor
Insecure.Org
Of course the answer has more to do with the differences between free and non free software development than the people involved. In the non free world your resources are limited to the few people you can pay and coerce into signing a NDA. Free world resources are comparatively infinite. Non free software is subject to what's euphemistically called "marketing decisions" which restrict features and waste resources on breaking a competitor. Free software projects are guided by what people want to see in the project and forks can happen if a project ever stalls or becomes less than free. Features that people want multiply and everyone's a winner with free software. Non free software stagnates as marketing types decide how to spend their precious resources on such obvious things as a Mac port.
There is only one person to blame for Microsoft's security failings and that is Bill Gates. He has championed and created the legal framework for non free software and steadfastly refuses to deviate from it. Until recently, every decision was his.
Friends don't help friends install M$ junk.
You mean to tell me that Microsoft has had a security strategist this whole time? This is a joke right? Not to mention the strangest part - Window Snyder. Who would name their child Window? I wonder if she has a brother named Door.
She (not he!) is such a babe, I could ALMOST forgive her for being named after Microsoft's flagship product!
I've abandoned my search for truth; now I'm just looking for some useful delusions.
This is wonderful news for Mozilla.
/. users know of any HKEY (i.e registry setting) or Firefox setting I could tweak to fix this, that would be great.
Then personally and selfishly thinking, I hope the Mozilla Firefox team fixes a bug on my XP SP2 PC. Firefox 1.5.06 always comes up partial screen. Then I click to full screen Firefox and work from there. However "the cat came back the very next day" as the partial screen comes back the next time I start Firefox.
If any of you
Thanks and go Firefox go,
Jim
Window is SCARY smart, and hothothot. I've been friends with her for years, and haven't seen enough of her since she moved out of Cali. Glad she contributed her knowledge to microsoft's efforts, and even happier that she's now on the firefox train.
Love you, WS, congratulations!
-ES
Really? Insulting? Do you find it insulting? Please, tell us why this insults you. I'm actually interested.
What could *Microsoft* teach Mozilla about security...
that is, other than what _not_ to do!!
Window is one of the nicest people I've ever met. A great person with clue, etc. Good luck, rosie ;)
nobody ever knows what defenestrate means.
Holy receding hairline Batman!
No, no...
If you'd ever met Window, and especially if you were good for her career,
you would know that the Trojan is much more frequently inserted into her.
(ba-dum-bump)
It's called "Open Source" for a reason. I've never contributed a line of code, but I have all of the source on my box.
Unless there's an anti-MS clause in the Mozilla license, but I know there isn't in the GPL...
Don't thank God, thank a doctor!
Wikipedia knows what defenestrate means, even wrt MS.
Don't thank God, thank a doctor!
This 'Window' was soft and didn't bust into pieces when Steve threw a chair at it. Liquid cleans up easier and is easier to replace. ;-)
Her name is Window S. and she was working for Microsoft. Do you think there's a Windows joke she hasn't heard?
That said... She was without an appartment for a while, so a colleague asked me:
- She's crashing at your place tonight?
- Yeah, yeah.
- Damn, Window S. has been crashing all over the place lately.
Not based on any actual event or people, of course.
If you want serious, world-moving discussions, try talk radio. Everyone knows that's where real, serious progress in important issues is made.
Apparently, the MS security department is just big enough for members to create headlines when they leave. Far from "not having a security department", it seems MS had several people around, but I surely can't figure out the hierarchy! What's the relationship between a Senior Security Strategist, someone doing a Security Sign-Off, Microsoft Chief Security Officer, and the Vice President in charge of the Security Business Unit?
s p
3 9/93039.html
o ft.security.reut/index.html
In reverse chronological order, here we go:
We are currently discussing this one:
"Former Microsoft security strategist Window Snyder is joining Mozilla to lead the company's effort to protect its range of desktop applications from malicious hacker attacks. Snyder, who was responsible for security sign-off for Microsoft's Windows XP Service Pack 2 and Windows Server 2003, will spearhead Mozilla's security strategy, eWEEK has learned."
http://www.eweek.com/article2/0,1895,2012804,00.a
Then there was:
"Amid the major shake-ups in management at Microsoft, one of the company's more notable security guru's, Jesper Johansson, announced that he is leaving the company to work for the online retailer giant Amazon.com. Johansson said that as of September 5 he will become the Prinicipal Security Program Manager at Amazon. During his time at Microsoft Johansson served as a Senior Security Strategist in the company's security technology unit. Johansson also co-authored a book, "Protect Your Windows Network," with Steve Riley who also works in Microsoft's security technology unit. "
http://www.windowsitpro.com/Article/ArticleID/930
"Gordon Mangione, a 14-year Microsoft veteran who was most recently corporate vice president in the company's Security Products Group, has left the company. Reached at home, Mangione confirmed that his last day was a week ago Friday. "I'm taking some time off, looking to get into a startup. There's no rush. I'm going to parent-teacher meetings," he noted. Mangione, who had been vice president of SQL Server, moved into the high-profile security group in April 2004. There he assumed leadership of security products while Rich Kaplan led marketing. Both reported to Mike Nash, the corporate vice president in charge of the overall Security Business Unit."
http://bink.nu/Article5408.bink
At least as of 2003, this guy was also involved:
"The single largest message is: keep your system up to date with patches," Microsoft Chief Security Officer Scott Charney said.
http://www.cnn.com/2003/TECH/biztech/02/01/micros
----------------------
The Preview Word for this post is "distort".
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
Comment removed based on user account deletion
Nazi human rights expert Madona's modesty expert Pittsburg's tourist expert
I like this photo of her.
0 /
http://www.flickr.com/photos/windowsnyder/5820055
Is this because Microsoft do not publicise who they hire, or do they avoid hireing someone who has worked for or in conection to the Mozilla project?
/. only covers pro-Free Software and nothing else?
;-)
Or is this because
If I want unbiased news about the tech-world, should I go somewhere else? (Like LUGRadio.org?
I've learned all I know about politics from
So tell me what makes her so smart there cowboy? Actually everything I read about her she sounds like a middle management paper jockey. Same goes for the SP2 sign off BS, she had to sign off she was the middle manager again paper jockey between the developers and the "real" security contractors.
Got Code?
You don't suppose he's one of the original Windows?
beauty is only a light switch away
As much as i wanna make a crack about this, it makes sense. Probably a good thing to hire someone who is familiar with the mistakes Microsoft makes and can help make sure that Mozilla doesnt duplicate them. Aside from this he also probably has a lot of knowledge about exploits in a Windows environment.
Mike
I heart the RIAA & MPAA, im sure its mutual...
Well, first off, the guy is a she.
She is cute.
And in Redmond a big flag is hissed printing:
"OMFG WINDOW S LEFT THE BUILDING"
seriously: this IS the end of MS.
and: no matter what ppl flame here, I wish her good luck at mozilla and have to confess, even if win2k3 and sp2 mess up a working desktop, it IS kinda more secure!
This is good news. Mozilla good use someone with experience in securing elephantine bloatware.
Please correct me if I got my facts wrong.
Windows XP has included a firewall since its release in 2001. SP2 turned the firewall on by default for all connections and made its existence somewhat more prominent.
Lets not beat around the bushes.
MS has an image problem when it comes to security, it is a problem of their own making, acknoledged by Mr Gates himself and experienced day in day out with their prodcuts by IT professionals.
Dig a bit deeper and you realize that security is still not properly realized in MS products. AD is a mess waiting to get worst for example.
I don't care how wonderful SP2 was, that is a drop in an ocean of incompetence and procastination.
I don't know what the Mozilla organization was thinking. Sometimes you have to take care of the PR situation as well as the technical side of things. Anybody that has worked recently around security in MS products will carry a credibility problem, specially in a highly visible position.
I am sure that this lady is bright, intelligent and all what his pals say lovingly about her, but she brings with her a credibility problem which becomes all too evident when one reads all the comments on this thread (which are mostly bad jokes, but that drive the same point home: we can't believe it).
Lets hope that this is a good move, but I think people should be excused for the healthy doses of skepticism.
IANAL but write like a drunk one.
Indeed, I bet he will maliciously make the source code even more open.
I do not believe in karma. "Funny"=-6. Do good and forbid evil. Yours, Oft-Offtopic Flamebaiting Troll.
rosieriv doin big things.. its comical seeing all of these people on here who don't know who the hell they're talkin trash about.. Window definately knows her stuff and she is one of the most well respected people i know.. drcrackerz in 07
Former Chernoybl saftey inspector joins Three Mile Island team...
LOL. In dutch snyder (or snijder, the more modern spelling) means 'cutter'.
Not the ship kind but the tradesman kind.
...Isabelle from the 4400.
What was it that Isabelle was supposed to do again.... ?
Would you like some cheese with your whine?
Ignore this signature. By order.
It's not a trick.
IT'S A TRAP!
Nobody else has this sig.
...did you just out yourself as working for Microsoft, in a Slashdot thread?
You're a brave, brave man!
Aside from the obvious problems with this, it follows that by presenting "us" with that fait acompli of sorts you're also being insulting. Correct? Or do you assert that the phrase above came from someone other than your feverish imagination?
The only "problem" is that you see reality as insulting. Microsoft has screwed the people they depended on and are left all alone in the world. That will be their undoing and the results are visible.
While it seems obvious to anyone running any kind of M$ platform that nothing new has happened in eight years or so, and M$'s anti-competitive practices are so blatant that ordinary people and the US Federal Government noticed, technical insiders can tell you much more if you look into it. A nice, concise statement of all of the problems can be found here. It states the obvious and well known, but M$'s massive propaganda effort tends to confuse many people. I can quote some of my favorite parts for you,
Microsoft has a habit of killing off competitors by either buying them or their technologies. ... a recurring habit of reaping the rewards for other peoples' work which started way back in the beginning when Bill Gates bought DOS (no, Microsoft didn't even create the product that was the seed for their entire monopoly). ... Microsoft's fierce competitive nature has alienated everybody in the industry to the point where voluntary supporters are virtually nonexistent. For quite some time Microsoft has resorted to buying public endorsements and there have been documented incidents of Microsoft employees posing as normal software users in public settings ...
All of that was obvious years ago. The only thing more rare than voluntary supporters is programmers who think that M$ has a future or that making Windoze do what they want is anything but an expensive waste of time. It's easier and cheaper to do things with free software. The lack of programmers working on the M$ platform is the reason Vista has taken six years to develop. M$ has been forced to make their own tools for a change and they chose to waste all of their effort on DRM. Vista is going to suck and it's market failure will be the end of M$.
Friends don't help friends install M$ junk.
Fyodor I have the upmost respect for you and if you say she is smart and talented in the field of security then now I do believe that. Still if she walked into this office looking for a job it would then be me throwing the chair to run her out. No matter how smart she is she still signed off on ALL the problems there are with MS products. She is still partly to blame. She still played a part is stealing money from MS customers for the security holes in their system. She didn't stand up and say "Hell no I'm not signing off on that. Go back and fix it!"
Maybe she does have talent but where are her morals? We just don't hire on talent but also on morals and ethics. Morals and ethics and not just words for with the company I work for they are the back bone of the company. In other words we would rather lose money than rip off our customers by selling them something that will break at least once a week. When we have a security problem on our network we fix it and don't charge the customer extra for the fix. Our customers pay us for our talent, morals and ethincs. They pay us for our advice. We don't give bad advice glossed over by a bunch of MarketSpeak coming out of the mouth of some monkey dressed in a $900.00 suit.
Still one thing I can say thank you to the Security Team at MS and to Window for is due to continuing lack of security I have switched totally to Linux and will never go back. I have permently fixed my Windows security problems and also a lot of other people's Windows security problems. My fix? Insert disk 1 of Fedora and run the install.
As for you Fyodor THANK YOU! for the best port scanner ever devised!!!!
Poor Window... After taking this beating from Slashdotters, you look a bit tired. You should go into the break room and crash.
Strategist != Implementor
But if you have good implementors a good strategist can actually point them in a very good direction and the end product will become VERY good.
A bad strategist will have much less impact on good implementors. The mozilla team are probably in the good category.
A bad strategist will have very high impact on bad implementors. The microsoft team are more probably in the bad implementors.
Now XP SP2 is not bad so that leads me to conclude that the strategists were not bad at Microsoft.
So this can only mean that it is good for Mozilla.
and yup she certainly is a hottie.
I'm sorry twitter, between your incompetence at simple quoting, the links to "KMFMS" (where the obvious and well known are stated) and the "M$" and "Windoze" shitstorm I can't really figure out what the fuck it is you're saying. Would you like to try again?
fyodor--
My opinion here has less to do with them hiring me for consulting (I've been saying this stuff since before they gave me a dime), and way more with me having to explain to customers back in 2003 why Nachi was taking out their VoIP networks. Dude, I remember doing trade shows back then; running around with Stinger, manually patching boxes left and right, and still there was always some jackass flooding the floor net.
OK, that got alot better. Universal firewalling and a worldwide patching infrastructure are not mere PR stunts.
What still sucks? IE6, no question. But nobody can say it's like it was a few years ago, when we had a public page containing dozens of unpatched remote code execution flaws in it. (I assume you know enough to recognize MOBB was nothing like that.) And the infrastructure is still complicated enough that it takes time to come up with a complete patch. Coming up with complete, non-Oracle style patches (talk to the Litchfields about that) requires a crap-ton of investigation and testing. You can't whine in one line that it takes more than a day to get a patch out, and then in another complain that MS06-042 wasn't 100% perfect.
--Dan
P.S. Office exists outside the Windows org.
to the news. I still remember the last time on Cansec West. Anyway, congras to Window.
Not only is a Window a chick, but she's hot! And funny! http://www.flickr.com/photos/windowsnyder/58200550 /
One can only hope she lets in all kinds of Trojans. Or at least the lambskins.
Do daemons dream of electric sleep()?