Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Executive Tapped For Top DHS Cyber Post

Posted by samzenpus on from the reboot-to-be-safe dept.

krebsatwpost writes "The Department of Homeland Security has named Microsoft's 'chief trustworthy infrastructure strategist' Phil Reitinger to be its top cyber security official. Many in the security industry praised him as a smart pick, but said he will need to confront a culture of political infighting and leadership failures at DHS. From the story: 'Reitinger comes to the position with cyber experience in both the public and private sectors. Prior to joining Microsoft in 2003, he was executive director of the Defense Department's Computer Forensics Lab. Before that, he was deputy chief of the Justice Department's Computer Crimes and Intellectual Property section, where he worked under Scott Charney, who is currently corporate vice president for trustworthy computing at Microsoft.'"

3 of 138 comments (clear)

  1. In all seriousness by Jane+Q.+Public · · Score: 4, Interesting

    While anecdotes from Windows users regarding how they tried to make an inherently insecure system secure could be extremely valuable, I doubt that anecdotes about how Microsoft executives tried to make their systems secure will be equally valuable. This was a ridiculous choice, and further undermines my initial hope that Obama might indeed turn out to be a good President.

  2. Re:Try not to be too delusional. by daemonburrito · · Score: 3, Interesting

    [...] just because this guy worked for Microsoft doesn't mean he lacks intelligence.

    No, but it does mean that he was part of the team fighting US-CERT for months over autorun, at least. He likely helped resist an effort by a division of the department he is to head to fix a security problem that was so bad, they felt it endangered national security.

  3. Re:Try not to be too delusional. by daemonburrito · · Score: 4, Interesting

    I don't know. Even if he just did nothing to stop Microsoft's resistance it would be bad.

    If guys from CERT called me and said, "Hey, could you make The Autorun and NoDriveTypeAutorun registry values actually do something? We worried about this 10 million strong botnet," I'd probably comply. The reality was even worse; Microsoft wrote instructions for users to mitigate the problem which they knew were not effective.

    The last thing I would do would be to start a PR war, which they did only to save face about something that has been criticized for over a decade. It's amazing... some slight marketing concern overrode what they were told was a matter of national security.

    Funny... the wikipedia page on autorun was just stealth edited to remove all mention of the problem.