Slashdot Mirror
Microsoft Executive Tapped For Top DHS Cyber Post
krebsatwpost writes "The Department of Homeland Security has named Microsoft's 'chief trustworthy infrastructure strategist' Phil Reitinger to be its top cyber security official. Many in the security industry praised him as a smart pick, but said he will need to confront a culture of political infighting and leadership failures at DHS. From the story: 'Reitinger comes to the position with cyber experience in both the public and private sectors. Prior to joining Microsoft in 2003, he was executive director of the Defense Department's Computer Forensics Lab. Before that, he was deputy chief of the Justice Department's Computer Crimes and Intellectual Property section, where he worked under Scott Charney, who is currently corporate vice president for trustworthy computing at Microsoft.'"
This guy probably knows the devious plans Steve Ballmer has...
Anyhow, with DoD and DoJ experience in those capacities, it seems likely he knows a lot about privacy issues.
OTOH, Microsoft using phrases like "trustworthy infrastructure" and "trustful computing" in chilling. Just whom am I supposed to trust? M$?
Don't get me wrong. I use XP Pro on some stuff that's just easier to do with it (I know, laziness on my part, maybe) and it's doing it's thing. And after all, it's quite often cheaper to buy a desktop with Win than without (and I'm poor). But as an antimonopolist, I avoid it on principle.
Every problem has a solution that is simple, easy and wrong. Selling our Liberty for a little Security is a much too de
Boy oh boy. Obama seems to be turning into a big disappointment with some of these appointments.
What'll he do next? Appoint Mike Tyson as head of Department of Heath and Human Services?
Before that, he was deputy chief of the Justice Department's Computer Crimes and Intellectual Property section, where he worked under Scott Charney, who is currently corporate vice president for trustworthy computing at Microsoft
Trust... worthy... computing at Microsoft... Isn't there a law that prohibits the words trustworthy and Microsoft in the same sentence?
I foresee a lot of Microsoft Security jokes in the following threads.
Here is one
Do you allow Phil Reitinger to be the top cyber security official?
Allow | Deny
There goes any chance of the DHS switching over to an linux/unix environment in the next decade.
greed@All_Evils:~#
this guy doesn't seem a half way bad pick. of course if it was my call i'd eliminate the whole DHS nonense and just fund the FBI,NSA,CIA and police properly. if those 4 agencies can't get it done wtf is the DHS going to add?
If you mod me down, I will become more powerful than you can imagine....
Isn't that like asking the head of AIG to be the officer of "financial responsibility"???
Maybe this guy was a bad pick, maybe he wasn't. I'm not sure which it is, but just because he worked for Microsoft does not imply that he knows nothing about security.
Microsoft might not be great at security overall, but that doesn't mean they don't have any security experts working for them.
I wonder if we will be seeing US-CERT standing up to Microsoft the way they did with this (a vector for conficker) with him in charge.
I have a sick feeling about this. This guy was surely part of the Microsoft effort to call this a feature. And what was this "political infighting" that the article alludes to? I hope it wasn't over whether to go after Microsoft for aiding in the creation of the largest botnet to date.
While anecdotes from Windows users regarding how they tried to make an inherently insecure system secure could be extremely valuable, I doubt that anecdotes about how Microsoft executives tried to make their systems secure will be equally valuable. This was a ridiculous choice, and further undermines my initial hope that Obama might indeed turn out to be a good President.
Anticipate all persons attempting to enter the U.S. to be screened for explosives, hazardous chemical agents, firearms, radioactive materials, and open source software.
I like how this guy, whom I don't know much about, is painted a smart pick, coming as he does from the largest single computer security threat on the planet. Anybody recall that up to not very long ago at all security was not on their agenda? Simply because it made them more money not to care.
Oh, and that is remebering their own words and without mentioning the usual, such as that they are convicted monopolists too, their business practices suck, their code sucks, their customer service and sales techniques reminisces that of office depot, and so on and so forth.
The bottom line is that in politics you usually don't let the guy who fucked it up try and fix it. Unless perhaps the guy has friends in high places.
Did anyone else misread this as "smart prick"?
Just scrolling the comments now and there seems to already be quite a few people who are almost in hysterics because they are expecting a million anti-ms posts.
Seriously wtf is going on?
Its kind of like slashdot has become infested with emo-ms fans who get emotional and have a hissy fit any time someone says something negative about ms.
Have you ever noticed that your "que [sic] the freetards", "que the ecocommunists", etc. predictions never seem to be accurate?
I've got one that I bet will be accurate, though... "que the freerepublic mod squad modding you up".
The world sees the US security establishment using and trusting MS products.
;)
MS must be good right?
Export orders and interoperability requests roll in from friends, allies, neutrals and some of the dumber freedom fighters.
MS profits, the US gov can share with its rendition partners in real time.
Think Condortel (1970's US/Latin American encrypted military network) with clippy.
http://www.crimesofwar.org/special/condor.html
Police, federal agencies and utilities around the world rush to upgrade.
The CIA and NSA have just software "back doored" the world- again.
Using MS for security is like handing out free Enigma units after WW2 or Iran using CryptoAG or the Soviets buying computer parts from the west.
The difference is MS software and stays in your country for generations (over decades of hardware and software upgrades).
But then does the US security establishment really eat its own dog food?
Domestic spying is now "Benign Information Gathering"
I think choosing someone from a company that is STILL under DoJ supervision for questionable behaviour has a couple of unwanted implications, especially since this guy was at board level.
It's only good news for foreign industrial espionage and botnet herders..
The president's DHS pick has brought on board a liason from Symantec. Now everything will STILL be insecure, but run twice as slow, cost even MORE "way too much", and bitch, moan and cry about being renewed every year.
Chas - The one, the only.
THANK GOD!!!
then he would be hiring Bruce Schneier for this job. I know he is disliked by a lot of industry but he is the man with the facts and the plan.
You know, with countries like Iceland. They sure need an insight from a Microsoft exec right now...
Task Mangler
...already said it.
You completely missed the point. If the UAC did not actually change the security model, then there was no real reason for its existence other than theater. You are merely confirming what others already know: it was a joke masquerading as "security". And if the security model did not really change, then the interface for it really did not need to change.
The fact is that some basic security assumptions needed to change but they did not. The UAC has little to do with that directly but it illustrates the extend that Microsoft will go to misdirect its users.
Isn't sending Microsoft to fight insecurity like fighting fire with fire?
Cyber experience. Experience in... cybering.
Bruce is smarter than that. He's never accept that no-win position.
I've seen really smart people get crushed by political garbage. I'd **never** accept a job like that. That level of scrutiny and public life is simply too much to put my family through.
Oh man this can spell disaster for Linux
Can you imagine the head of security writes a report titled
"Finnish Security Threat"
I haven't danced around anything. I did not say that the UAC "might" be security theater, or any of these things you accuse me of. Here is simple logic, okay? I guess at this level I have to ask: You accept that simple logic is valid? From what you have stated I am not sure.
... well, "stupid" comes to mind but I am tempted to use another word.
*IF* the Windows security model hasn't changed, *THEN* the UAC is a joke. Okay? There is no reason for its existence OTHER THAN show.
Get it?
And the presence of such a major "feature" for nothing but show is
If the basic security model of Windows hasn't changed, then there was no reason for the security interface to change... yet it did. So, which is the truth? Better security, or an illusion? You argue for the illusion. Okay. But if so, let's not pretend it's anything else.
I did not say that the basic security model of windows has changed. Others have. What I am saying is: if the basic security model of windows hasn't changed, then YOU shut up! You have nothing to complain about when you get a common virus via your Exhange server, or a piece of malware because you visited an unfriendly site via Internet Explorer.
I'm not talking bollocks... I'm not talking anything. I'm simply pointing out where YOUR talk is somewhat misplaced.
I see you're trying to become a cyber security official.
Would you like me to help you with the kickbacks?
Yes | No
UAC *is* a joke. Like the uninstaller that says "this DLL doesn't look like it's being used. Do you want it deleted? It may break something ig yo do", it's only there to make the USER responsible for a system problem, even though the user isn't given enough information (nor even the power) to find out what they should do.
Windows security HAS NOT CHANGED.
DHS calls on Microsoft for computer security.
BWAHAHAHAHAHAHAHAHAHAHAHAH!!!!
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
No, I think you mis-understand.
DHS served it's purpose very well: keeping Americans in fear, and providing security theater.
What? you thought they made it to help the American people?
The term might not be used as often, but the concept is alive and well
"the new chips will 'block unauthorized access to the frame buffer.' ...
There is a short list of parties who will be unauthorized to access your frame buffer: You. There is a long list of parties who are authorized to access your frame buffer, and that list includes Microsoft, Apple, AMD, Intel, ATI, NVidia, Sony Pictures, Paramount, HBO, CBS, Macrovision, and all other content owners and enablers that want your machine to themselves whenever youâ(TM)re watching, listening to, reading, or shooting monsters with their products. "
http://www.infoworld.com/article/07/03/28/14OPcurve_1.html
My turnips listen for the soft cry of your love
Bet he still owns MS stock...
prepending "CYBER" to everything!! its so so wrong! *cries*
Happiness does not come from having much, but from being attached to little.
"anecdotes from Windows users regarding how they tried to make an inherently insecure system secure could be extremely valuable" - by Jane Q. Public (1010737) on Thursday March 12, @04:11AM (#27163463)
Here is an anecdote, complete w/ quantified evidence of their security rating from a respected & widely recognized industry standards based benchmark gauge of security in the CIS Tool, with a user testimonial below, on how a Windows 2000/XP/Server 2003 user CAN make modern Windows OS variants secure (not just try, they have, 1++ yr. free of virus/spyware/trojan/rootkit/worms/malware-in-general below & how they did it):
----
HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& beyond):
http://www.tcmagazine.com/forums/index.php?s=9237bccd0bf4b73b2fc429d84ccf01d2&showtopic=2662 [tcmagazine.com]
----
(It makes securing a Windows NT-based OS of modern varieties such as Windows 2000/XP/Server 2003 actually fun! Much like running a PC performance benchmark almost and it is fun to do if you like benchmarking of any kind).
There in the url above you also can see how Windows 2000, XP, &/or Server 2003 do on said test (and the guide goes far beyond CIS Tool guidance only), and for a hour or so's worth of work on the testers' part and they can have a system that scores 99/100 potentially on said test as well as years to decades of secure uptime after using its points.
Word-of-Mouth/anecdotal results gained by a user who shows NO virus/spyware/trojan/rootkit/malware in general infestations on his own machine &/or those of his paying clients also after using this test & the points in the guide above:
----
http://www.xtremepccentral.com/forums/showthread.php?s=b956ddd43cfcfc73f0f3378405860794&t=28430&page=3 [xtremepccentral.com]
"Its 2009 - still trouble free!
I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008.
Great stuff!
My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads.
APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)"
THRONKA @ www.xtremepccentral.com
----
Thus, as you can see? It is easily "doable" to have a secure Windows OS on a PC...
(The entire "Linux is so secure" mantra you see online and rampantly here, in the past @ least but not so much anymore imo, is also upset by what is shown in the very 1st post in that guide because Linux itself can be more secure than it is out of the box oem stock as well, with data from a slashdot poster there in Bert64's 90/100 score using SuSe Linux as an example thereof - that said & aside, you Linux/BSD/Solaris fans here may wish to take a peek @ the CIS Tool as well for the purposes of making sure you "lock down" your *NIX machines also (this tool is extremely helpful on all of these platforms for these purposes)).
APK
Whoever modded this down must be a botmaster or malware creator, or just have nothing better to do. Well, that or some disgruntled "Pro-*NIX" person here, who skimmed & overlooked the fact that the CIS Tool used also helps you people too!
APK
P.S.=> The bogus downmodding for spreading around something that really works to secure Windows' systems is pretty lame guys: Think about it - Everyone ought to be helping folks being attacked by the fools that create malware & what-not, no matter the OS platform they run...
(& that especially means technically oriented people in this 'art & science', no matter what OS platform they use)
That's a lot cooler & more productive than busting one another's chops w/ this "Windows vs. *NIX" lunacy!
(Honestly, think about that, ok? Especially if the person modding my post down is a "Pro-*NIX" person doing the down modding...)
E.G.-> Consider that 1 day (in some "alternate reality" maybe, lol) that *NIX variants will take over the desktop etc. et al that you here hear every so often & then you'd see *NIX variants being assaulted that way Windows is now (mostly thru apps from now on I wager, the OS is only NOW starting to become truly "core solid" imo), because those *NIX variant OS would be the most used, & thus, the logical target of those out to get your personal information of extreme value that you might leave on a PC (not advised, but, traces are possible)
SO, that "said & aside" - How would you like some troll coming in & down modding what you KNEW worked vs. such bogus machinations, especially when you could show proof thereof from others no less?
Again, food for thought... apk
With this guys resume, it should be 'chief "Thurstworthy infrastructure strategist'
-Oz