Slashdot Mirror

← Back to Stories (view on slashdot.org)

What Spooks Microsoft's Chief Security Advisor

Posted by samzenpus on from the when-the-darkness-looks-back dept.

alphadogg writes "Microsoft's U.S. general manager/chief security advisor for its National Security Team, Bret Arsenault, thinks like a true security professional. In every bit of good news, he wonders what bad news could be coming. Application security, virtualization security and the fact that over half of computer attacks seen by Microsoft come from the .edu domain are just some of the things keeping him up at night."

20 of 136 comments (clear)

  1. students sharpening their pens by ionix5891 · · Score: 5, Informative

    half of computer attacks seen by Microsoft come from the .edu domain

    nothing to worry just students testing their scripts against big bad microsoft :) we all did it at one stage ;)

    1. Re:students sharpening their pens by hostyle · · Score: 4, Interesting

      Fatter pipes are bigger targets to would-be evildoers, as it gives them more bandwidth with which to carry out their nefarious deeds. That makes a rooted .edu box almost as important a component of Dr. Evil In Trainings' arsenal as a hollowed out volcano island.

      --
      Caesar si viveret, ad remum dareris.
    2. Re:students sharpening their pens by an.echte.trilingue · · Score: 5, Insightful

      True. Students usually have time on their hands, knowledge at their disposal and being young they still have an underdeveloped sense for the potential consequences of their actions. Oh, and T1 connections directly into the dorms. Just talk to somebody who administers a university network: trying to keep students from "playing" with the school infrastructure is a nightmare.

      --
      weirdest thing I ever saw: scientology advertising on slashdot.
    3. Re:students sharpening their pens by Brian+Gordon · · Score: 3, Interesting

      No T1 directly into my dorm.. unless you're at MIT chances are you're starved for bandwidth and have to sleep during the day and game all night to get any decent pings.

    4. Re:students sharpening their pens by morgan_greywolf · · Score: 3, Insightful

      Fatter pipes are bigger targets to would-be evildoers, as it gives them more bandwidth with which to carry out their nefarious deeds. That makes a rooted .edu box almost as important a component of Dr. Evil In Trainings' arsenal as a hollowed out volcano island. At one time that was true. Not anymore. Haven't you heard? Fat pipes are cheap and increasingly common these days.

      --
      My blog
    5. Re:students sharpening their pens by Anonymous Coward · · Score: 5, Funny

      unless you're at MIT chances are you're starved for bandwidth and have to sleep during the day and game all night to get any decent pings. You don't get very good grades, do you?
    6. Re:students sharpening their pens by Bert64 · · Score: 4, Informative

      Home connections still have fairly poor upstream compared to their downstream...
      People who root boxes want upstream, so they can scan for more boxes to hack, ddos things or distribute malware. They typically have very little need for downstream bandwidth to the compromised boxes.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
  2. Cleaner Version by Anonymous Coward · · Score: 5, Informative

    Without all of the ads. Won't someone please think of my eyes?

  3. Re:Punishment needs to fit the crime by Anonymous Coward · · Score: 4, Funny

    That's quite the straw man... and it seems to be singing something...

    *listens in*

    "If I only had a brain..."

  4. 10 years? by Shivetya · · Score: 3, Interesting

    Hell you can kill someone and not even get that much time. If your rich or a politician you can get off completely.

    I agree with punishment fitting the crime but I think you put too much value on the damage the cause. The simple fact is that too few of people take the required steps to protect themselves. People have locks on their homes and cars, they don't normally allow complete strangers inside, and most people won't give out personal information to complete strangers they meet. Yet when it comes to the net it seems as if all bets are off, you never know what they will do - other than it being stupid.

    I am all for punishment, but damn, people put more value on things and animals than human life.

    --
    * Winners compare their achievements to their goals, losers compare theirs to that of others.
  5. The guys is an idiot by Anonymous Coward · · Score: 3, Interesting

    The reason why the security flaws are dropping is because the 2 largest groups of crackers are operating under foreign govs. The russians were out to make money, But now operate with the russian gov. In addition, the chinese crackers have also switched up. Why? Because they can do all this legally in their country and not worry about a bullet to the brain. The simple fact is, that 5 years ago, these folks were cracking systems for money. Now, they are cracking targeted systems (i.e. DOD) and using subtle openings. Almost certainly the big openings are being saved for future use.

  6. Q&A by cerberusss · · Score: 4, Funny

    Question: What do you think about Microsoft's U.S. general manager/chief security advisor?
    Answer: I think it would be a good idea.

    --
    8 of 13 people found this answer helpful. Did you?
  7. What Spooks Microsoft's Chief Security Advisor by somethingwicked · · Score: 5, Funny

    What Spooks Microsoft's Chief Security Advisor?

    Flying chairs?

    --

    ---"What did I say that sounded like 'Tell me about your day?'"---

  8. What do you prefer? by miffo.swe · · Score: 3, Insightful

    "Application security, virtualization security and the fact that over half of computer attacks seen by Microsoft come from the .edu domain are just some of the things keeping him up at night."

    As a user of said computers/servers i much prefer a scripthappy student whimsing around my systems alerting me about security issues. What do worries me are govt founded hackers stealing sensitive information, research and other secrets leaving no n00b traces for me to discover. Its not the actual breakin that worries me but what the perpetrator do thats an issue. If someone breaks in but does no harm i can live with that. My feelings may get hurt but the company is ok atleast.

    An application/OS vendor ofcourse prefer the stealth hacker since the student hacker brings into attention all the various security issues with their products and makes people look for other options. Many vendors prefer a company being hacked to pieces before letting an exploit being known publicly. Microsofts own exploit policy is a very telling sign of this. As long as an exploit isnt used extensively its not going to get patched regardless of how many systems are exploitable. That worries me at night...

    --
    HTTP/1.1 400
  9. Computer Security what is a crime and what isn't? by mlwmohawk · · Score: 4, Insightful

    I hear a lot of people make the analogy that computer breaches are like breaking and entering, and while some of the actions are, some are clearly not.

    Mischief is the motivation of youth. Vandalism is a form of expression. We've all participated in it in some form, so everyone get off their high horse, and rather than "get tough on crime," its time to figure out the difference between kids having fun and serious criminals. It is also time to make computer systems in "the digital world" as resilient to mischief and vandalism as real physical buildings are in the real world.

    We've all carved our names in a tree in a park. We've all stolen a pack of gum or something from a store. We've all done petty crimes when we were young. The difference in the digital world is that everything is so brittle and poorly built and the mischief that is expected from youth ends up costing companies [B|M]illions of dollars. In the classic movie, "War Games," a kid practically starts world war III, the analogy fits if you excuse the hyperbole.

    From a societal point of view, we need to separate the smarts kids being mischievous from the criminals committing real harm, just like we do in the real world.

  10. Gandhi's Joke: Credit Where Credit's Due by AslanTheMentat · · Score: 5, Informative

    Come now, give credit: Mahatma Gandhi...

    Reporter: "Mr. Gandhi, What do you think of western civilization?"

    Gandhi: "I think it would be a good idea!"


  11. opportunity knocks? by sgt+scrub · · Score: 3, Interesting

    With Vista and other new products, Microsoft ships the hardening guide along with the product

    Dell, Toshiba, HP, et el do not send that documentation along with a new machine when Vista is pre-installed. Could they be held accountable for people getting pwnd? Could this be an opening to get the M$ tax back when someone is forced to buy a machine with Vista on it?

    --
    Having to work for a living is the root of all evil.
  12. Re:Computer Security what is a crime and what isn' by Jason+Levine · · Score: 4, Interesting

    I guess I'm just a "goody two shoes." When I was growing up, I never stole a pack of gum (or anything else) from a store. I never carved my name in a tree or participated in vandalizing something at all (much less as a "form of expression"). My motivations in my youth had nothing to do with mischief. I did experiment with computers, but they were my own computers or they were the school's and I was acting within the limits of my classroom activities. For example, when asked to program a slot machine program on an old Apple IIe, I finished *way* before everyone else. So I started adding in more features. I added in betting, and still people weren't done. So then I added in a mobster that you could borrow money from if you were broke. (I coded it so that you either paid him back in a certain number of turns or he broke an arm and a leg of yours, took all of your money, and the game ended.) I was exploring the limits of what my coding could do, but it was without causing harm/damage to someone else's property.

    --
    My sci-fi novel, Ghost Thief, is now available from Amazon.com.
  13. Re:Poor guy by z0idberg · · Score: 4, Funny

    You "years" key is broken.

  14. Re:Computer Security what is a crime and what isn' by mlwmohawk · · Score: 3

    Again, you are being "absolutist" about this, and that is the problem. Your descriptions do not describe mere mischief, but harassment and intimidation. They *may be* acts described as vandalism, but they are more serious than what I'm talking about.

    Putting a sticker on a street sign. Carving your name in a tree. Small mischievous things are far different than wholesale destruction.

    This "zero tolerance" absolutist world we live in doesn't allow children to make mistakes or recover from bad judgment. One mistake and they want to bring the full force of law down on you.

    Some transgressions should not be considered crime even though they share some similarity, and in some cases repercussions, as real crime. Kids have bad judgment, it is a fact and it is a flaw in human beings. We should seriously consider this during prosecution.