Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Executive Tapped For Top DHS Cyber Post

Posted by samzenpus on from the reboot-to-be-safe dept.

krebsatwpost writes "The Department of Homeland Security has named Microsoft's 'chief trustworthy infrastructure strategist' Phil Reitinger to be its top cyber security official. Many in the security industry praised him as a smart pick, but said he will need to confront a culture of political infighting and leadership failures at DHS. From the story: 'Reitinger comes to the position with cyber experience in both the public and private sectors. Prior to joining Microsoft in 2003, he was executive director of the Defense Department's Computer Forensics Lab. Before that, he was deputy chief of the Justice Department's Computer Crimes and Intellectual Property section, where he worked under Scott Charney, who is currently corporate vice president for trustworthy computing at Microsoft.'"

23 of 138 comments (clear)

  1. ... trustworthy computing? by Anonymous Coward · · Score: 4, Funny

    Before that, he was deputy chief of the Justice Department's Computer Crimes and Intellectual Property section, where he worked under Scott Charney, who is currently corporate vice president for trustworthy computing at Microsoft

    Trust... worthy... computing at Microsoft... Isn't there a law that prohibits the words trustworthy and Microsoft in the same sentence?

  2. Microsoft and Security in a same sentence? by Anonymous Coward · · Score: 4, Funny

    I foresee a lot of Microsoft Security jokes in the following threads.

    Here is one

    Do you allow Phil Reitinger to be the top cyber security official?

    Allow | Deny

    1. Re:Microsoft and Security in a same sentence? by Narnie · · Score: 4, Funny

      Do you allow Phil Reitinger to be the top cyber security official?

      (Okay)

      Fixed that for you.

      --
      greed@All_Evils:~#
  3. Ah dammit... by Narnie · · Score: 4, Funny

    There goes any chance of the DHS switching over to an linux/unix environment in the next decade.

    --
    greed@All_Evils:~#
  4. Re:Microsoft and Security in the same sentence? by Praedon · · Score: 4, Funny

    Nope. New department, which is Department for Cannibal Relations.

    --
    Just me
  5. que 500 stupid M$ sux0rs posts by timmarhy · · Score: 5, Insightful

    this guy doesn't seem a half way bad pick. of course if it was my call i'd eliminate the whole DHS nonense and just fund the FBI,NSA,CIA and police properly. if those 4 agencies can't get it done wtf is the DHS going to add?

    --
    If you mod me down, I will become more powerful than you can imagine....
    1. Re:que 500 stupid M$ sux0rs posts by Renraku · · Score: 4, Insightful

      If we could achieve with nuclear fusion what we have achieved with DHS, we'd all be living off of cheap and reliable energy.

      Suffice to say, the DHS is rather self-sustaining. If it isn't keeping liquids off aircraft or your electronics in the baggage handlers' pockets, its harassing and keeping us American citizens in fear.

      --
      Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
    2. Re:que 500 stupid M$ sux0rs posts by timmarhy · · Score: 4, Funny

      so let me get this right, government departments were shown to be poor are communicating, so your solution is to create yet another goervnment department for them all to mis communicate with?

      --
      If you mod me down, I will become more powerful than you can imagine....
    3. Re:que 500 stupid M$ sux0rs posts by CaptainJeff · · Score: 3, Informative

      Ummm....the CIA and the FBI are not under the same agency now. The FBI is an agency of the Department of Justice and the CIA is an independent agency that quasi-reports to the Director of National Intelligence. The other agencies mentioned, the NSA and the police, are also not part of DHS. NSA is an agency of the Department of Defense and policing is a local function, run by any number of local agencies. But by all means, keep talking about things you obviously don't know anything about and cannot be bothered spending ten seconds on Google to confirm. :)

  6. Good Grid! by Jane+Q.+Public · · Score: 5, Insightful

    Isn't that like asking the head of AIG to be the officer of "financial responsibility"???

  7. US-CERT mentioned in article by daemonburrito · · Score: 5, Informative

    I wonder if we will be seeing US-CERT standing up to Microsoft the way they did with this (a vector for conficker) with him in charge.

    I have a sick feeling about this. This guy was surely part of the Microsoft effort to call this a feature. And what was this "political infighting" that the article alludes to? I hope it wasn't over whether to go after Microsoft for aiding in the creation of the largest botnet to date.

  8. In all seriousness by Jane+Q.+Public · · Score: 4, Interesting

    While anecdotes from Windows users regarding how they tried to make an inherently insecure system secure could be extremely valuable, I doubt that anecdotes about how Microsoft executives tried to make their systems secure will be equally valuable. This was a ridiculous choice, and further undermines my initial hope that Obama might indeed turn out to be a good President.

    1. Re:In all seriousness by Jane+Q.+Public · · Score: 3, Insightful

      The choice of an executive officer of a major supplier of operating systems -- Windows of all things -- to this position sends a clear message to those who have been involved in "security" issues for many years. And that message is: "We don't care about 'security' except to the extent that it affects our corporate friends."

      I am very saddened by this news.

  9. Enemy combatants. by Snufu · · Score: 3, Funny

    Anticipate all persons attempting to enter the U.S. to be screened for explosives, hazardous chemical agents, firearms, radioactive materials, and open source software.

  10. I'd like to be objective about this. Let's try. by Anonymous Coward · · Score: 5, Insightful

    I like how this guy, whom I don't know much about, is painted a smart pick, coming as he does from the largest single computer security threat on the planet. Anybody recall that up to not very long ago at all security was not on their agenda? Simply because it made them more money not to care.

    Oh, and that is remebering their own words and without mentioning the usual, such as that they are convicted monopolists too, their business practices suck, their code sucks, their customer service and sales techniques reminisces that of office depot, and so on and so forth.

    The bottom line is that in politics you usually don't let the guy who fucked it up try and fix it. Unless perhaps the guy has friends in high places.

  11. Did anyone else misread... by wayward_bruce · · Score: 3, Funny

    Many in the security industry praised him as a smart pick, [...]

    Did anyone else misread this as "smart prick"?

  12. Expect many new ISO standards .. by Anonymous Coward · · Score: 3, Insightful

    I think choosing someone from a company that is STILL under DoJ supervision for questionable behaviour has a couple of unwanted implications, especially since this guy was at board level.

    It's only good news for foreign industrial espionage and botnet herders..

  13. Re:Try not to be too delusional. by daemonburrito · · Score: 3, Interesting

    [...] just because this guy worked for Microsoft doesn't mean he lacks intelligence.

    No, but it does mean that he was part of the team fighting US-CERT for months over autorun, at least. He likely helped resist an effort by a division of the department he is to head to fix a security problem that was so bad, they felt it endangered national security.

  14. If Obama were serious about his duty by Jane+Q.+Public · · Score: 4, Insightful

    then he would be hiring Bruce Schneier for this job. I know he is disliked by a lot of industry but he is the man with the facts and the plan.

  15. Re:Try not to be too delusional. by daemonburrito · · Score: 4, Interesting

    I don't know. Even if he just did nothing to stop Microsoft's resistance it would be bad.

    If guys from CERT called me and said, "Hey, could you make The Autorun and NoDriveTypeAutorun registry values actually do something? We worried about this 10 million strong botnet," I'd probably comply. The reality was even worse; Microsoft wrote instructions for users to mitigate the problem which they knew were not effective.

    The last thing I would do would be to start a PR war, which they did only to save face about something that has been criticized for over a decade. It's amazing... some slight marketing concern overrode what they were told was a matter of national security.

    Funny... the wikipedia page on autorun was just stealth edited to remove all mention of the problem.

  16. Re:Microsoft and Security in the same sentence? by Lumpy · · Score: 4, Insightful

    Why do you people think that the next new guy will be any different than the last one? I don't care WHO is elected. If they are Democrat or Republican, they will cater to their interests first and do the right thing last.

    MSFT funded a lot of his campaign. This is paying them back by appointing one of their executives, or they use their buddies.
    This happens every change of power.

    I just get a royal kick out of all the "WOO CHANGE!" people all sitting in their chairs sober now with their mouth open at the TV sets staring in disbelief.

    The only advantage is that this time our president is actually educated and articulate.

    --
    Do not look at laser with remaining good eye.
  17. Re:Microsoft and Security in the same sentence? by Anonymous Coward · · Score: 4, Insightful

    The only advantage is that this time our president gives great speeches from a teleprompter.

    There... fixed that for you.

  18. Alas no by Mateo_LeFou · · Score: 3, Insightful

    The term might not be used as often, but the concept is alive and well

    "the new chips will 'block unauthorized access to the frame buffer.' ...

    There is a short list of parties who will be unauthorized to access your frame buffer: You. There is a long list of parties who are authorized to access your frame buffer, and that list includes Microsoft, Apple, AMD, Intel, ATI, NVidia, Sony Pictures, Paramount, HBO, CBS, Macrovision, and all other content owners and enablers that want your machine to themselves whenever youâ(TM)re watching, listening to, reading, or shooting monsters with their products. "

    http://www.infoworld.com/article/07/03/28/14OPcurve_1.html

    --
    My turnips listen for the soft cry of your love