Howard Schmidt Resigns As Cybersecurity Advisor 133
scubacuda writes "CNN and others report that former Microsoft chief of security Howard Schmidt has resigned as White House cybersecurity adviser. 'With the historic creation of the Department of Homeland Security, the transfer of many of the responsibilities from the Critical Infrastructure Protection Board and the release of the strategy, I have decided to retire after approximately 31 years of public service and return to the private sector,' Schmidt said in his April 21 e-mail."
Does he count 'Microsoft' as public service? (Score:5, Funny)
Cumulative (Score:3, Informative)
Re:Cumulative (Score:3, Funny)
Re:Cumulative (Score:5, Funny)
Re:Cumulative (Score:5, Funny)
Look buddy, if you're going to be pulling shit like that, I'm afraid you're just going to have to leave.
Re:Cumulative (Score:1, Funny)
Mod up - funny (Score:2)
A fan once gushed to Dorothy Parker "I read your column over and over today."
"What's the matter," she replied, "didn't you get it the first time?"
Re:Cumulative (Score:3, Funny)
OK, that was a bit too informative. Are you him or something?
Yes, I am that person.
I'm willing to back up what I say with cash, too!
During my tenure as a special United States government official, my business connections have netted me slightly more than US$47 million in funds in an account that has been kept safe from the contant roving prying eyes of liberal-biased media in America.
Now, I need to transfer the money to a special account in the Cayman Islands, but need an unrelated person that will no
Re:Cumulative (Score:2)
What? (Score:5, Insightful)
Re:What? (Score:5, Funny)
Re:What? (Score:2, Informative)
And this appears to be the dupe: MS Chief Security Officer to work for White House [slashdot.org].
Re:What? (Score:2)
*bing* *bing* *bing*
Bonus points to PD for using the word Mandarin [lycos.com] in a sentence not referring to an orange!
Good show!
Re:What? (Score:5, Insightful)
Go calculate [webcalc.net] something
Re:What? (Score:1)
The problem is definitely not money, as you pointed out, but a lack of the right leadership and knowledge to get something done right! (and maybe a little red tape, miscommunication and people stuck in their own ways)
Re:What? (Score:1)
Re:What? (Score:3, Interesting)
Re:What? (Score:2, Funny)
If the security is so bad for a former Microsoft employee to want to wash his hands of it, I weep for the future.
Re:What? (Score:2)
More likely he didn't like being ripped apart by real security. If their plan was like Britain's "e-government", which consisted of Blair starring in the Office XP launch then switching all government sites over to IIS, I'm sure this MS guy would be delighted. If he objects to it, that's a good sign
Re:What? (Score:5, Insightful)
My hunch is that either:
a) Whoever's in the office of Cybersecurity Adviser is basically the designated fall guy. We'll see this person pushed out (e.g. fake resignation) whenever there's a "cyber attack" that he "should have seen coming."
b) Both men accepted this position, realized that the plans they're supposed to implement are just feel-good actions which aren't going to really accomplish anything security wise, and decided to get out.
c) Both men accepted this position, were asked to do something they couldn't morally/personally agree to do (perhaps some sort of TIA-style project, or overzealous "figure out how to route the entire internet through the NSA" plan) and decided to get out.
d) The government doesn't pay me enough to put up with all this shit.
e) Some combination of the above.
Granted, all of these are speculation, but I imagine the true answer is probably e). It'll be interesting to see how long the next one lasts.
Re:What? (Score:2, Funny)
That's like the old story about the king who always kept several heads of cabbage on his advisory committee. That way, whenever one of his programs conspicuously miscarriages, he could announce that a member of the royal staff has just been beheaded over it, to everyone's nodding approval.
Re:What? (Score:1, Funny)
Schmidt accepted jobs from Microsoft AND the government, and you think he has morals!?!?!
Re:What? (Score:1)
Imagine... (Score:5, Funny)
Wow! (Score:5, Interesting)
2 whole months!
I wonder what really made him quit?
Re:Wow! (Score:5, Funny)
I wonder what really made him quit?
Buffer overflow - he actually got six years of work done in those two months.
Too bad most of it was jibberish.
Re:Wow! (Score:3, Interesting)
Re:Wow! (Score:5, Funny)
He finished his job. The Internet is now secure. Thanks, Howard Schmidt!
Re:Wow! (Score:4, Funny)
I wonder what really made him quit?
Maybe they forgot to reboot him?
Re:Wow! (Score:3, Insightful)
Obligatory conspiracy theory (Score:2)
He couldn't stand to have it happen on his watch, so he's quitting. (He is heroic in this theory, because it makes a better screenplay that way.) He secretly assembles a crack team of open-source developers
Good Job! (Score:4, Funny)
I nominate Hillary Rosen to be the next Cybersecurity advisor
Re:Good Job! (Score:3, Funny)
31 years of Public Service? (Score:1, Interesting)
HUh?? Okay he just came from Microsoft...where does the 31 years of Public service come from? I assume before he was at M$...He realy served the public by going to work for M$.
Or does serving at Microsoft means Public service? Ahh..public open and hackable servers...i guess that would be public service, or at least offering services(and data) for free to the public.
Besides that though, M$ has not been open for 31 years.
Read his bio (Score:3, Informative)
Re:WD-40 cleaning guns - offtopic but important. (Score:2)
Use it to free a jam if you must. But clean it all out afterward and lubricate with an oil designed for
huh? (Score:2)
He's right - was Re:huh? (Score:1)
This is also why it's a crummy lubricant; use BreakFree CLP if Hoppe's isn't enough for you.
Model railroaders know this as well - don't use WD-4
WD-40 FAQ (Score:2)
"What about using WD-40 on my sports equipment? WD-40 is safe and effective to use on all types of sporting goods. Use WD-40 on your bike to clean, degrease and lubricate your chain, derailleur, gears, cogs, and moving parts. It will help remove stickers. Use WD-40 to clean and protect your gun. It will prevent corrosion and it won't damage bluing. Spray it on dirt bikes to protect parts and prevent mud from sticking. Use it on watercraft to protect metal surfa
Re:huh? (Score:2)
My understanding is that WD-40 is a MIX of very light and very heavy fractions. The light fractions (which are the bulk of it) aid penetration and freeing of stuck parts (by disolving older tar-like stuff in the tight spaces) while the heavier fraction stays behind afterward to provide lubrication and surface protection after
Of course (Score:2)
Just a note... [wd40.com]
Re:Of course (Score:2)
Hear, hear.
I also note that the WD-40 faq you quoted does recommend it for guns - for protection from corrosion - and claims it won't harm bluing. But it doesn't recommend it for lubrication. The same site DOES recommend another of their products - 3-in-1 white lithium grease - for
thanks (Score:2)
Finally someone realized... (Score:5, Funny)
"Wait a minute...this guy was the Chief of Security for who?!?"
oh, the irony (Score:5, Funny)
Re:How is that? (Score:1)
Good point -- severe corporate security issue (Score:3, Interesting)
Business email authentication is frequently piss-poor, and the names and information on top-level execs is publically available.
You probably wouldn't get someone fired, but you could cause absolute mayhem spoofing mail to lots of companies from various execs to other execs saying that an exec is resigning. Do so over Christmas, or some other time when people aren't immediately reachable for confirmation, and the impact could be quite nasty.
Even funnier ... (Score:3, Funny)
It would be even FUNNIER if the resignation was a forgery - but then he had to resign over it, making it a self-fulfilling forgery. B-)
Re:oh, the irony (Score:2)
No. The irony is that I'm sure somone snooped said cybersecurity's message that was tripping along his department's network...
...and THAT is why we heard about it...really. ;)
Re:oh, the irony (Score:1)
hmm (Score:3, Funny)
About Schmidt 2: Cyber Patrol
humphh (Score:2, Informative)
Schmidt was the former chief of security at Microsoft Corp. before taking the post in February. He succeeded Richard Clarke, who had spent 11 years in the White House across three administrations, and was the president's counterterror coordinator at the time of the September 11, 2001, attacks.
The White House confirmed Monday that Schmidt would leave at t
Cheese w/your whine? (Score:1)
I fear for our nation's safety (Score:4, Funny)
Culture Clash is the Reason (Score:5, Funny)
Apparently his suggestion to replace Dr. Pepper with Code Red in all the vending machines was the final straw.
Actually a loss to the Government (Score:5, Insightful)
For those who don't know (which I assume is most of you), Howard was a pioneer in the area of computer evidence analysis, first as a 'local' police officer, and then as a federal Special Agent. It's important to note that his time at Microsoft had nothing to do with their products (this in response to all those "we all know how secure Microsoft products are" trolls out there).
He and his wife are avid computer users, and Howard was one of the few people I've ever encountered at his level in Government service that could talk to you about technology and computers with any degree of real understanding. He built his own machines (at least when I was working with him) and was taught classes on low-level file system internals and disk layouts.
He became involved with computer crime at a time when only hard-core hackers (not crackers) were really playing around with computers, and paved the way for many others who are themselves pioneers in the information security community, both in the public and private sectors. The atmosphere created and fostered during his time at the Air Force allowed many people to grow and learn, and many of them are not only members of the InfoSec community, but the open-source community as well.
I'd better quit before this turns into blatant fanboyism, if it hasn't already. My intent is not to deify him, I just want all of you who've only heard him give nicely formatted press conferences or canned interviews to know that there's more to him than that. I'm not sure if you could really find someone better to be involved with the goings-on at that level, but I'm absolutely certain that you can find many many worse.
Re:Actually a loss to the Government (Score:2)
Re:Actually a loss to the Government (Score:3, Insightful)
Canned interviews are quite telling because it puts a face on the hype. He was either saying things he didn't understand or he was knowingly selling a myth.
Re:Actually a loss to the Government (Score:3, Insightful)
* Microsoft chief of security -- Microsoft placed very, very little emphasis on security for years. It came back and bit them on the ass -- hard -- with IIS worms and a few high profile exploits. This became one of the most severe threats to their market share. So, you could say that maybe he was recommending improvements and being ignored, but the point remains that his sole responsibility in his job was to ensure that Microsoft dea
Re:Actually a loss to the Government (Score:3, Informative)
"It's important to note that his time at Microsoft had nothing to do with their products"
While Microsoft has it's share of problems with network and internal security, the problems that you CAN'T lay at his feet, if I understand his position there correctly, are
So when the Windows update servers got pantsed... (Score:2, Insightful)
Yeah, about that Windows update service, when it got compromised [theregister.co.uk] Mr. Schmidt did...? What exactly? Was that "product security" or "infrastructure security"? Or was the actual buffer overflow a product-level security issue, but the unpatched servers a corporate security issue? I wonder which one would have been easier t
Re:So when the Windows update servers got pantsed. (Score:5, Insightful)
Since it's doubtful you were employed at Microsoft during his tenure there, and even less likely to have been privy to any policy or other decisions he made while there, its fairly disingenuous for you to now judge him on the content of a few news stories. I suppose that's always the problem with any position related to security, people never hear about the incidents that DIDN'T happen.
Regardless, I'm not here to defend Howard's performance per se just to give my opinion, having worked directly with him (unlike you?) that there are certainly worse people they could tap for the job (see post below re: Hillary Rosen).
Re:So when the Windows update servers got pantsed. (Score:2)
Snipe? Please. I was pointing out facts. And I did address your point: I don't think his leaving the post is such a bad thing, because from where I sit (as a member of the general public/electorate, and not privy to the inner workings of Mr Schmidt's mind or his tenure at MS) I'm not at all sure what he did security-wise while at Microsoft. I don't know, as an outsider, what exac
Re:So when the Windows update servers got pantsed. (Score:3, Insightful)
Listen, if you want to start your own thread attacking Howard for his lousy public performance during his tenure at Microsoft, or his willingness to attend press conferences and praise Microsoft's (fabricated?) single-minded focus on security I promise I'll have little or nothing to say in
Re:Actually a loss to the Government (Score:2)
Re:Actually a loss to the Government (Score:2)
But I'm afraid I don't consider him a shining protector of individual rights. I haven't seen any evidence that indicates that I should. Still, there may well be worms he wouldn't swallow, and things he wouldn't do. I just don't have any evidence that would lead me to believe this.
My s
"My work here is done" (Score:5, Funny)
In other news, Microsoft announced that they had just been awarded a number of new Homeland Secuirity contracts.
Re:"My work here is done" (Score:1)
31 Years??? (Score:2, Insightful)
That reads like he's been working in the public sector all that time. But, I'm sure he hasn't divided his attention when working in the public sector ... unless it really turns out that Microsoft has been around longer than we all thought and the rise of Microsoft, Gates, et al, has been part of a massive plot!
No... I wouldn't even consider that... well, proba
he was fired because (Score:5, Funny)
Cool....a job opening. (Score:4, Funny)
Did Schmidt resign due to Microsoft's failure? (Score:5, Informative)
For example, Microsoft was notified of the issues, concerning only Microsoft implementation of its JVM, on September 2nd 2002 and after SEVEN MONTHS on April 9th 2003, Microsoft have issued an update to fix the problem.
Such a delay with such a serious vulnerability is so abysmal that it borders on the absurd.
Quality and security are measures which only mean something when compared relatively to another.
There is no absolutely secure, therefore you must expect, that once a vulnerability is made known to the vendor, the vendor should do their utmost to close the Window of Exposure ( http://www.counterpane.com/window.html [counterpane.com] ) as soon as possible.
For example, with the lastest SAMBA vulnerability, once notified, the SAMBA developer owned up to the mistake and the SAMBA project released a patch within 48 hours. Within aother 24hrs, redhat had already backported the patch into their distributions RPMs. Similarly any major security issues in Mozilla and Netscape browser are also fixed and updateable within a couple of days
Meanwhile, there are currently 13 KNOWN unpatched vulnerabilities in Microsoft's Internet Explorer ( http://www.pivx.com/larholm/unpatched/ [pivx.com] ).
Some DANGEROUSLY EXPLOITABLE have not been fixed in over a year ( http://security.greymagic.com/adv/gm002-ie/ [greymagic.com] ). That Microsoft has not rewritten the scripting system embedded with IE so that it is sandboxed by default is bad enough, but to have such major unpatched vulnerabilities exposed for months is abysmal.
Other inherent vulnerabilities, such as the Shatter attack ( http://security.tombom.co.uk/moreshatter.html [tombom.co.uk] ), Microsoft has known about since 1994!
Even if the API/call flaw is inherently unfixable, that is plenty of time for Microsoft to implement a safer methord/systemcall/API, adapt it's own applications to use the safer methord and depreciate the unsafe API.
It also appears that Microsoft 's own implementation of SMB is vulnerable and Microsoft has known about it for over eight years ( http://developers.slashdot.org/comments.pl?sid=599 60&cid=5681769 [slashdot.org] ), but Microsoft either choose not to, or cannot fix the problem themselves.
Microsoft is clearly not closing the vulnerabilities they are aware that exist in their products and services.
A year after after Bill Gate's Email promoting securtiy over functionality, Microsoft by choice, remains neither secure or trustworthy.
Microsoft's attitude towards the security of it's products, service and customers is abysmal.
From Jason Coombs' A response to Bruce Schneier on MS patch management and Sapphire ( http://www.securityfocus.com/archive/1/315158 [securityfocus.com] )
Re:Did Schmidt resign due to Microsoft's failure? (Score:1)
Thank slashcode for the "friend modifier"
-Joejoejoejoe
Dept. of ? will save you (Score:2, Interesting)
Should this new entity be renamed dept. of Real Defence or should the dept. of Defence be renamed Dept. of Offence? who deserves the name most?
Re:Dept. of ? will save you (Score:1)
Yeah, Department of Defense is a stupid name, a ridiculous euphemism. We originally had a Department of War, which had a more honest name, but in a previous big gov't reorganization sometime after WWII, we ended up with the DoD. Interesting that since the Department of War was subsumed into the DoD, our wars have only been waged without a declaration from Congress, which would seem to go against the Constitution. It seems that the gov't has been trying to remove any official mention of the word war when it
another reason he might have retired (Score:1)
resignation: related to DARPA/openBSD? (Score:1, Interesting)
We've made a wrong turn somewhere. (Score:4, Insightful)
Lovely email, that (Score:2)
"Looks like I can't do much more damage around here!"
This was the clown who bought us... (Score:1)
See it cached here [216.239.33.100]
.. errr DUHHHH.. God, is he asleep at the wheel or what?
Obviously the lights are on but no one home when this clown is in charge of security.
"we didn't expect people to do bad things like that"
Fifth Branch of Government . . . (Score:2)
From the initial post: "[Schmidt] decided to retire after approximately 31 years of public service and return to the private sector."
Okay, so it appears that he counts his service as Microsoft's Chief of Security towards his public service career. That may sound a bit presumptuous of him, but I think I see a pattern here. There are now five branches to the US Government: Legislative, Executive, Judicial, the Press, and Microsoft. Or, will Microsoft's crack team of lawyers assume responsiblity for the Judic
Re:Fifth Branch of Government . . . (Score:2)
Preemptive strike (Score:1, Funny)
Let's launch a preemptive cyberstrike against a small country, preferably in the middle east, which is not a threat to us, and which is unable to fight back! That will surely stop CYBERTERROR!
How do I apply for the job? (Score:2)
bush's short list of replacements... (Score:1)
2.) ollie north
3.) barry mccaffrey
4.) bob bennett
the people's choice...kevin mitnick!
Security flaws in Homeland Security (Score:2)
Within two months the guy has checked out that the Homeland is same secure as the rest of Microsoft products.
So, should we just read security alerts about flaws, or we have to look for patches to apply? And are those patches really free?
P.S. I have a feeling, while looking for the design of the system Mr. Schmidt has recently left,
And He's Already Found Another Job (Score:1)
Re:What's up with that? (Score:1)