Slashdot Mirror
Former MS Security Strategist Joins Mozilla
Handset writes "Former Microsoft security strategist Window Snyder is joining Mozilla to lead the company's effort to protect its range of desktop applications from malicious hacker attacks. eweek.com reports that Snyder, who was responsible for security sign-off for Microsoft's Windows XP Service Pack 2 and Windows Server 2003, will spearhead Mozilla's security strategy and improve its communications with external hackers and bug finders."
a human trojan has been inserted into Mozilla?
glad Safari uses the khtml engine...
Will the Mozilla fans throw their arms up in disgust (An MS Security expert - that's a contradiction!) or will they suddenly be supportive of someone they have effectively been bagging for years? (An MS Security expert for Mozilla! - what a coup!)
dnuof eruc rof aixelsid
hooray..lets have it...chairs all around..here you go..two for you...Redmond Cherry or Vista White?
Hey, I am for security and all, but somebody needs to call the phone numbers on his resume. I heard that Microsoft doesn't have a "security" department.
Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
We can draw two possible conclusions from this. Either a: MS' security team was made of good people who were doing the best they could for such a large project with such a large user base and extensive backwards compatability, and thus that Windows security was the best it could have been (even if that wasn't so good). Or Mozilla's security is going to go down the tubes. It's a slashdot paradox! Clearly we can't grant #1, because that wouldn't be sufficiently critical of MS, but be can't grant #2 either because we love Mozilla. I'm just glad Mozilla doesn't think this way.
Philosophy.
Cmon Slashdot, a guy from Microsoft whose first name is "Window" and had a job implementing security at Microsoft??? These April Fools jokes get dumber every year.
Hmm...."former"...."security" strategist...
Uhuh. Sure. Whatever you say.
I think I'll grab a copy of the source code now...
*Dons tin foil hat*
Use 'slashdot stuff' in the subject line in any email you send me if you want to get past the spam filter.
This has to be a joke. Microsoft actually employed a named Window S. ??
In a related story, Heat Miser has joined the fire department.
Where were you when the voynix came?
Is he required to change his name to Mozilla Snyder now?
Sorry.
k.
"In spite of everything, I still believe that people are really good at heart." - Anne Frank
"Mozilla security practices are rubbish"
Someday you might realize that you don't define a great security system by how much you have to patch gaping holes in it.
Where were you when the voynix came?
First thing that popped into my head was the new Mozilla security slogan.
"We're not going to take it! NO! We ain't gonna take it! We're not going to take it, anymore!"
Task Mangler
Er, eh, not that influences my perception of her value to the Mozilla corp at all...
Make sure everyone's vote counts: Verified Voting
...had to be a product of hippie parents.
I'd imagine his parents would have just completed the conception of Window and his father stumbled to his feet in a drug induced stupor and suddenly had an idea of what to name their recently created progeny as his eyes came into focus on the first thing he saw, exclaiming "Babe! I just thought of a awesome name for our kid...."
Just a thought.
...to drop Firefox. Great strategy!
One of the linked ads text for this page: Waste Receptacles The Spot To Find It! It Is All Here. Couldn't have put it better myself.
---- MISSING MISCELLANEOUS DATA SEGMENT --- [sigdash] trolololol
Mozilla will now be able to compete with Internet Explorer!
Wondering why i am doing so strange posts? I am trying to get a "+5,Flamebait" or "-1,Insightful" rating.
Window's an old friend of mine, so let me be the first to congratulate her here. W00t!
So the security world used to be pretty hostile to MS, before, you know, XPSP2, MSRC got taken seriously, etc. Window showed up before all of that, and pretty much took our abuse year in, year out. And then...things got better.
She'll deny any direct cause and effect there, but she was _the_ interface between Microsoft and the various security cons for quite some time, and I think at least some of the reason we got certain concessions (like 24 hour response time out of MSRC) is that she was there to hear people say things like "I dunno, why should I warn MS, they're just gonna sit on it anyway."
Firefox is not without problems (understatement). I'm looking forward to seeing what Window can accomplish w/ Mozilla.
I bet a number of people will soon be able to see right through this move in the next few days.
Thanks folks, I'll be here all week. Please try the fish.
Could anyone imagine growing up with the name "Window", what were the parents thinking?
Also known as the George Costanza rule of management.
If people leaving for Google lead to flying chairs and death threats, what does people leaving for Mozilla get you? Tables rolled down stairs and harshly worded phrases about maternal lineage?
-Charlie
Well there you go. Had to mess up a perfectly good browser. I guess we should expect Firefox 1.5.0.6 SP1 out any day now. I have one question. Why him? Can anyone say Opera.
hey guys, guess what I just did!
that's right, I backed up the current version of firefox onto not just one, but 2 CDs.
Coming soon to Mozilla: ActiveM plug-ins! Now with the exciting "FORMAT C:" functionality, and complete integration with BOTH kinds of email software - Outlook AND Outlook Express!
I have discovered a truly remarkable
"OH NOES!!1!" :-)
It's a trick!
But if we're talking about this Window Snyder she is kinda cute. You know, for a former MS security expert.
WTF is this? most of the first dozen or two posts are aimed ot be (and are modded) funny. I thought this was supposed to a forum for serious discussion, not a fucking comedy club wanna-be.
I can hear it now.
At Microsoft, we had a very flexible definition of "security." I would like to keep that definition alive in my work here...
*shivers*
I have nothing to say.
She'll have to change her name to Firefo Xnyder.
Or maybe Thunderbir Dnyder. But that just doesn't have the same ring to it.
paintball
if they're not already married to other people, Window and Linus need to get married. They could even name their first child Lindow.
You can't say that this captain hasn't been through a shipwreck.
Is he required to change his name to Mozilla Snyder now?
Well, his original name was Sam Snyder. They tried to change it to Mozilla Snyder, but the name was in use and the legal department made them go with something else, so they picked Windows Snyder instead.
Then the legal department had a case of deja vu...
Please help metamoderate.
Now we in the open source world can start benefitting from all those ironclad security techniques that have heretofore beeen the sole purvue of Microsoft's security team!
Pretty soon our stuff will be almost as secure as Windows!
Now if only we could only get a defection from whomever it is at Microsoft that is in charge of their world reknown OS stability....
Tom Caudron
http://tom.digitalelite.com/
-Tom
When I first read the summary, I couldn't figure it out. Microsoft hasn't been the best example of "security is job one", and I thought news like this might be rather hidden by the Mozilla team than promoted.
But after seeing her pic, now it all makes sense. It's another way for some geeks to be near a female!
j/k I hope she's is very effective (and happy) in her new role.
This guy approved SP2? What is this, some sneaky M$ trick to ruin a perfectly fine company with it's 'security'?
I fear what may come of this.
-Tim Louden
A Microsoft employee called Window? Why, that's like an ice cream man named Cone!
"It's a reverse vampire...they....they crave the sun!"
Second Mozilla nabs her. Ironic No.
Microsft's Window jumps ship to Firefox.......(of all the headlines we mangle here this one's begging for it.)
The comedic possibilities are overwhelming. But here is the strangest one. Mozilla supplies her with 3 workstations. For compatability reasons she's gonnan need a Mac, a Linux, and a Windows box.
wait for it.
But now they are all window's machines. Gasp, This woman is dangerous and must be stopped.
In all seriousness, If she had anything to do with the sp2 patches, she is my new personal hero.
Welcome to the light. Don't be afraid. No, no, we promise, it's definately not open sores, I don't care what those dicks in the cafeteria said.
O.K maybe not in all seriousness.
OSGGFG - Open Source Gamers Guide to Free Games
So the security world used to be pretty hostile to MS, before, you know, XPSP2, MSRC got taken seriously, etc.
Used to be? Maybe you see a different view of them when they hire you for security consulting and fly you out for their Blue Hat conferences and such. But from my outsider perspective, Microsoft is still a security disaster. Not only have we continued to see hundreds of serious vulnerabilities throughout 2006, but MS has in many cases made us wait weeks or months before patching widely exploited bugs. Heck, another actively exploited MS Office vulnerability was just discovered in the wild. If we're lucky, MS will cough up a patch on September 12, otherwise they'll probably leave users vulnerable until the next "patch Tuesday" on October 10.
Meanwhile, Microsoft recently re-issued MS06-042 with a fix for a vulnerability introduced by their first attempted fix. And they openly admit that they excluded eEye from the advisory credits because eEye embarrassed MS by making their incompetence public. MS is more interested in petty vendetas against researches than actually fixing the flaws.
Microsoft has made a few positive steps toward securing their products in that last couple of years, but I think most of their efforts and successes are more in the PR realm than anything with technical merit. They have spent so much money sponsoring conferences (their money does come with strings attached) and paying off security researches, that many people seem reluctant to criticize them.
OK, enough anti-MS ranting from me for now :). My main point in
replying is actually to agree with you about Window. She is extremely
smart and talented, and her defection to Mozilla is great news for a
product which really needs more security
attention. We had lunch last week to discuss Mozilla security and Window has some great ideas. Mozilla may already be much more secure than IE, but we should set a much higher bar than that! Best of luck at your new position, Window!
-Fyodor
Insecure.Org
A few points:
(1) Shit happens, including regressions. Yeah, it sucks. Yeah, it should have been caught. Nonetheless, shit happens.
(2) It's none of your business who was responsible. Are you some kind of stalker?
(3) The Mozilla team can handle their own internal affairs just fine, I imagine.
(4) You can always not use Mozilla products.
(5) I'm pretty sure I've been trolled, but what the hell, I haven't responded to a troll for a while. Then again, I haven't trolled for a while, either:
(6) Does having Snyder mean we'll see a need for Symantec, McAfee, etc. products for Mozilla just to keep the malware away? That's what we need for Microsoft products...
"Alcohol, Tobacco, Firearms, and Explosives" should be a convenience store, not a government agency.
Actually she left quite some time ago. Before the recent 'oddly coincidental' departures.
Of course the answer has more to do with the differences between free and non free software development than the people involved. In the non free world your resources are limited to the few people you can pay and coerce into signing a NDA. Free world resources are comparatively infinite. Non free software is subject to what's euphemistically called "marketing decisions" which restrict features and waste resources on breaking a competitor. Free software projects are guided by what people want to see in the project and forks can happen if a project ever stalls or becomes less than free. Features that people want multiply and everyone's a winner with free software. Non free software stagnates as marketing types decide how to spend their precious resources on such obvious things as a Mac port.
There is only one person to blame for Microsoft's security failings and that is Bill Gates. He has championed and created the legal framework for non free software and steadfastly refuses to deviate from it. Until recently, every decision was his.
Friends don't help friends install M$ junk.
You mean to tell me that Microsoft has had a security strategist this whole time? This is a joke right? Not to mention the strangest part - Window Snyder. Who would name their child Window? I wonder if she has a brother named Door.
I don't think this is off topic. I personally believe that the use of 'Microsoft', and 'Security' in the same sentence is an oxymoron. And just to add fuel to this bizarre fire, everytime I try to access the anchor to the web article, firefox chokes, I'm using Konqueror right now !!?
Remember that Mozilla is "open source". The reason its a success is the transparent meritocracy. We get to see who was responsible for a particular bug, but not for a testcase? How does that engender trust, both in Mozilla itself, and in the open source ideals to which it aspires?
She (not he!) is such a babe, I could ALMOST forgive her for being named after Microsoft's flagship product!
I've abandoned my search for truth; now I'm just looking for some useful delusions.
This is wonderful news for Mozilla.
/. users know of any HKEY (i.e registry setting) or Firefox setting I could tweak to fix this, that would be great.
Then personally and selfishly thinking, I hope the Mozilla Firefox team fixes a bug on my XP SP2 PC. Firefox 1.5.06 always comes up partial screen. Then I click to full screen Firefox and work from there. However "the cat came back the very next day" as the partial screen comes back the next time I start Firefox.
If any of you
Thanks and go Firefox go,
Jim
Window is SCARY smart, and hothothot. I've been friends with her for years, and haven't seen enough of her since she moved out of Cali. Glad she contributed her knowledge to microsoft's efforts, and even happier that she's now on the firefox train.
Love you, WS, congratulations!
-ES
Really? Insulting? Do you find it insulting? Please, tell us why this insults you. I'm actually interested.
What could *Microsoft* teach Mozilla about security...
that is, other than what _not_ to do!!
Window is one of the nicest people I've ever met. A great person with clue, etc. Good luck, rosie ;)
nobody ever knows what defenestrate means.
It's called "Open Source" for a reason. I've never contributed a line of code, but I have all of the source on my box.
Unless there's an anti-MS clause in the Mozilla license, but I know there isn't in the GPL...
Don't thank God, thank a doctor!
Wikipedia knows what defenestrate means, even wrt MS.
Don't thank God, thank a doctor!
If you want serious, world-moving discussions, try talk radio. Everyone knows that's where real, serious progress in important issues is made.
Apparently, the MS security department is just big enough for members to create headlines when they leave. Far from "not having a security department", it seems MS had several people around, but I surely can't figure out the hierarchy! What's the relationship between a Senior Security Strategist, someone doing a Security Sign-Off, Microsoft Chief Security Officer, and the Vice President in charge of the Security Business Unit?
s p
3 9/93039.html
o ft.security.reut/index.html
In reverse chronological order, here we go:
We are currently discussing this one:
"Former Microsoft security strategist Window Snyder is joining Mozilla to lead the company's effort to protect its range of desktop applications from malicious hacker attacks. Snyder, who was responsible for security sign-off for Microsoft's Windows XP Service Pack 2 and Windows Server 2003, will spearhead Mozilla's security strategy, eWEEK has learned."
http://www.eweek.com/article2/0,1895,2012804,00.a
Then there was:
"Amid the major shake-ups in management at Microsoft, one of the company's more notable security guru's, Jesper Johansson, announced that he is leaving the company to work for the online retailer giant Amazon.com. Johansson said that as of September 5 he will become the Prinicipal Security Program Manager at Amazon. During his time at Microsoft Johansson served as a Senior Security Strategist in the company's security technology unit. Johansson also co-authored a book, "Protect Your Windows Network," with Steve Riley who also works in Microsoft's security technology unit. "
http://www.windowsitpro.com/Article/ArticleID/930
"Gordon Mangione, a 14-year Microsoft veteran who was most recently corporate vice president in the company's Security Products Group, has left the company. Reached at home, Mangione confirmed that his last day was a week ago Friday. "I'm taking some time off, looking to get into a startup. There's no rush. I'm going to parent-teacher meetings," he noted. Mangione, who had been vice president of SQL Server, moved into the high-profile security group in April 2004. There he assumed leadership of security products while Rich Kaplan led marketing. Both reported to Mike Nash, the corporate vice president in charge of the overall Security Business Unit."
http://bink.nu/Article5408.bink
At least as of 2003, this guy was also involved:
"The single largest message is: keep your system up to date with patches," Microsoft Chief Security Officer Scott Charney said.
http://www.cnn.com/2003/TECH/biztech/02/01/micros
----------------------
The Preview Word for this post is "distort".
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
Comment removed based on user account deletion
Yes, he is. He's been rambling on and on about this for years now. Maybe by 2010 he'll let it drop. Either that or go on a killing spree while screaming "Asa made me do this!!!"
You seem to be implying that she wasn't so much picked by the Mozilla team, as picked up.
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
I like this photo of her.
0 /
http://www.flickr.com/photos/windowsnyder/5820055
Is this because Microsoft do not publicise who they hire, or do they avoid hireing someone who has worked for or in conection to the Mozilla project?
/. only covers pro-Free Software and nothing else?
;-)
Or is this because
If I want unbiased news about the tech-world, should I go somewhere else? (Like LUGRadio.org?
I've learned all I know about politics from
So tell me what makes her so smart there cowboy? Actually everything I read about her she sounds like a middle management paper jockey. Same goes for the SP2 sign off BS, she had to sign off she was the middle manager again paper jockey between the developers and the "real" security contractors.
Got Code?
You don't suppose he's one of the original Windows?
beauty is only a light switch away
and yet a lot of /. users feel it's correct to say that about Microsoft? Double-standards perhaps (and not by you necessarily)?
Well, first off, the guy is a she.
She is cute.
And in Redmond a big flag is hissed printing:
"OMFG WINDOW S LEFT THE BUILDING"
seriously: this IS the end of MS.
and: no matter what ppl flame here, I wish her good luck at mozilla and have to confess, even if win2k3 and sp2 mess up a working desktop, it IS kinda more secure!
This is good news. Mozilla good use someone with experience in securing elephantine bloatware.
Please correct me if I got my facts wrong.
Lets not beat around the bushes.
MS has an image problem when it comes to security, it is a problem of their own making, acknoledged by Mr Gates himself and experienced day in day out with their prodcuts by IT professionals.
Dig a bit deeper and you realize that security is still not properly realized in MS products. AD is a mess waiting to get worst for example.
I don't care how wonderful SP2 was, that is a drop in an ocean of incompetence and procastination.
I don't know what the Mozilla organization was thinking. Sometimes you have to take care of the PR situation as well as the technical side of things. Anybody that has worked recently around security in MS products will carry a credibility problem, specially in a highly visible position.
I am sure that this lady is bright, intelligent and all what his pals say lovingly about her, but she brings with her a credibility problem which becomes all too evident when one reads all the comments on this thread (which are mostly bad jokes, but that drive the same point home: we can't believe it).
Lets hope that this is a good move, but I think people should be excused for the healthy doses of skepticism.
IANAL but write like a drunk one.
Indeed, I bet he will maliciously make the source code even more open.
I do not believe in karma. "Funny"=-6. Do good and forbid evil. Yours, Oft-Offtopic Flamebaiting Troll.
Former Chernoybl saftey inspector joins Three Mile Island team...
LOL. In dutch snyder (or snijder, the more modern spelling) means 'cutter'.
Not the ship kind but the tradesman kind.
Would you like some cheese with your whine?
Ignore this signature. By order.
It's not a trick.
IT'S A TRAP!
Nobody else has this sig.
Aside from the obvious problems with this, it follows that by presenting "us" with that fait acompli of sorts you're also being insulting. Correct? Or do you assert that the phrase above came from someone other than your feverish imagination?
The only "problem" is that you see reality as insulting. Microsoft has screwed the people they depended on and are left all alone in the world. That will be their undoing and the results are visible.
While it seems obvious to anyone running any kind of M$ platform that nothing new has happened in eight years or so, and M$'s anti-competitive practices are so blatant that ordinary people and the US Federal Government noticed, technical insiders can tell you much more if you look into it. A nice, concise statement of all of the problems can be found here. It states the obvious and well known, but M$'s massive propaganda effort tends to confuse many people. I can quote some of my favorite parts for you,
Microsoft has a habit of killing off competitors by either buying them or their technologies. ... a recurring habit of reaping the rewards for other peoples' work which started way back in the beginning when Bill Gates bought DOS (no, Microsoft didn't even create the product that was the seed for their entire monopoly). ... Microsoft's fierce competitive nature has alienated everybody in the industry to the point where voluntary supporters are virtually nonexistent. For quite some time Microsoft has resorted to buying public endorsements and there have been documented incidents of Microsoft employees posing as normal software users in public settings ...
All of that was obvious years ago. The only thing more rare than voluntary supporters is programmers who think that M$ has a future or that making Windoze do what they want is anything but an expensive waste of time. It's easier and cheaper to do things with free software. The lack of programmers working on the M$ platform is the reason Vista has taken six years to develop. M$ has been forced to make their own tools for a change and they chose to waste all of their effort on DRM. Vista is going to suck and it's market failure will be the end of M$.
Friends don't help friends install M$ junk.
Fyodor I have the upmost respect for you and if you say she is smart and talented in the field of security then now I do believe that. Still if she walked into this office looking for a job it would then be me throwing the chair to run her out. No matter how smart she is she still signed off on ALL the problems there are with MS products. She is still partly to blame. She still played a part is stealing money from MS customers for the security holes in their system. She didn't stand up and say "Hell no I'm not signing off on that. Go back and fix it!"
Maybe she does have talent but where are her morals? We just don't hire on talent but also on morals and ethics. Morals and ethics and not just words for with the company I work for they are the back bone of the company. In other words we would rather lose money than rip off our customers by selling them something that will break at least once a week. When we have a security problem on our network we fix it and don't charge the customer extra for the fix. Our customers pay us for our talent, morals and ethincs. They pay us for our advice. We don't give bad advice glossed over by a bunch of MarketSpeak coming out of the mouth of some monkey dressed in a $900.00 suit.
Still one thing I can say thank you to the Security Team at MS and to Window for is due to continuing lack of security I have switched totally to Linux and will never go back. I have permently fixed my Windows security problems and also a lot of other people's Windows security problems. My fix? Insert disk 1 of Fedora and run the install.
As for you Fyodor THANK YOU! for the best port scanner ever devised!!!!
Poor Window... After taking this beating from Slashdotters, you look a bit tired. You should go into the break room and crash.
I'm sorry twitter, between your incompetence at simple quoting, the links to "KMFMS" (where the obvious and well known are stated) and the "M$" and "Windoze" shitstorm I can't really figure out what the fuck it is you're saying. Would you like to try again?
fyodor--
My opinion here has less to do with them hiring me for consulting (I've been saying this stuff since before they gave me a dime), and way more with me having to explain to customers back in 2003 why Nachi was taking out their VoIP networks. Dude, I remember doing trade shows back then; running around with Stinger, manually patching boxes left and right, and still there was always some jackass flooding the floor net.
OK, that got alot better. Universal firewalling and a worldwide patching infrastructure are not mere PR stunts.
What still sucks? IE6, no question. But nobody can say it's like it was a few years ago, when we had a public page containing dozens of unpatched remote code execution flaws in it. (I assume you know enough to recognize MOBB was nothing like that.) And the infrastructure is still complicated enough that it takes time to come up with a complete patch. Coming up with complete, non-Oracle style patches (talk to the Litchfields about that) requires a crap-ton of investigation and testing. You can't whine in one line that it takes more than a day to get a patch out, and then in another complain that MS06-042 wasn't 100% perfect.
--Dan
P.S. Office exists outside the Windows org.
to the news. I still remember the last time on Cansec West. Anyway, congras to Window.
Not only is a Window a chick, but she's hot! And funny! http://www.flickr.com/photos/windowsnyder/58200550 /
One can only hope she lets in all kinds of Trojans. Or at least the lambskins.
Do daemons dream of electric sleep()?