Forgot your password?
typodupeerror

Former MS Security Strategist Joins Mozilla 248

Posted by ScuttleMonkey
from the jumping-the-fence dept.
Handset writes "Former Microsoft security strategist Window Snyder is joining Mozilla to lead the company's effort to protect its range of desktop applications from malicious hacker attacks. eweek.com reports that Snyder, who was responsible for security sign-off for Microsoft's Windows XP Service Pack 2 and Windows Server 2003, will spearhead Mozilla's security strategy and improve its communications with external hackers and bug finders."
This discussion has been archived. No new comments can be posted.

Former MS Security Strategist Joins Mozilla

Comments Filter:
  • MS Trojan (Score:5, Funny)

    by wardk (3037) on Wednesday September 06, 2006 @07:22PM (#16056150) Journal
    a human trojan has been inserted into Mozilla?

    glad Safari uses the khtml engine...
    • Re: (Score:3, Funny)

      by marcello_dl (667940)
      a human trojan has been inserted into Mozilla?
      Since it's called 'Window' Snyder, i guess it's not even human.
    • "OH NOES!!1!"
      It's a trick! :-)
    • by davidsyes (765062)
      spearhead Mozilla's security strategy and improve its communications with external hackers and bug finders.

      I wonder if he's ribbed for our pleasure. Spearhead my ass (not literally)-- I'm wondering if he's an infiltrator, and what kind: Sheik, Trojan, and what kind of Durex LifeStyles he has... Does he wear a Kimono? Will we face eternal CondomNation by letting him penetrate the Inner Sanctum?. I wonder what will be his Crown(ing) achievement-- anything "Beyond Seven" (of 9)? SURELY, he's the "One"...
    • Re: (Score:3, Funny)

      by Lobais (743851)
      Snyder translated from English to Danish:
        snyder (100%) (Dansk-Engelsk)
      cheat; cheater; fraudster.
    • by SharpFang (651121)
      You got it all wrong. It's all about industrial espionage. She's not there to break Mozilla. She's to spy and learn their security practices and features to implement them in Windows!
  • by pookemon (909195) on Wednesday September 06, 2006 @07:24PM (#16056163) Homepage
    Will the Mozilla fans throw their arms up in disgust (An MS Security expert - that's a contradiction!) or will they suddenly be supportive of someone they have effectively been bagging for years? (An MS Security expert for Mozilla! - what a coup!)
    • by Moofie (22272) <lee.ringofsaturn@com> on Wednesday September 06, 2006 @08:05PM (#16056351) Homepage
      This is gonna totally blow your mind, but....here goes.

      Two different people might have two different opinions.

      [neo]WHOA![/neo]
    • by Kelson (129150) *
      There will certainly be a lot of cognitive dissonance. It'll be interesting to see which side various people fall on.

      Sadly, most people so far seem to be making fun of her name.
    • Or just maybe we recognize that one person is not responsible for Microsoft's security failings. This guy may really know his shit, but if the corporate culture at MS is effectively anti-security it won't matter. Or maybe the codebase is so bad that even with a skilled security wonk at the helm it's just not possible to patch all the leaks. There are definitely alternatives to the two choices you offer.
    • [family_guy]Can't it be both?[/family_guy]

      But seriously -- we're glad to have another contributor, especially as he lends credibility to Mozilla (and takes it from Microsoft). We honestly don't know whether he's the reason IE sucks, or whether it's something in corporate culture, or what.

      And of course, Slashdot isn't always groupthink. We do sometimes diasgree with each other!
    • by jejones (115979)
      An MS Security expert - that's a contradiction!

      I think the term you are looking for is oxymoron (OTOH, maybe these days that refers to the shouting guy on the Oxy-Clean ads?).
    • by Vegard (11855)
      Windows XP SP2 was a great stride forward in Windows security. They did much of what they should have done ages ago, and the security people even was allowed to break functionality for a lot of applications. I respect those people who lead that work tremendously, even though I personally hate using Windows, and avoid it as much as possible.

      I believe this to be a good move. I don't think all people at Microsoft is evil. Even though some people probably are ;-)

      - Vegard
  • by ikejam (821818) on Wednesday September 06, 2006 @07:26PM (#16056171)
    hooray..lets have it...chairs all around..here you go..two for you...Redmond Cherry or Vista White?
  • by eclectro (227083) on Wednesday September 06, 2006 @07:26PM (#16056173)

    Hey, I am for security and all, but somebody needs to call the phone numbers on his resume. I heard that Microsoft doesn't have a "security" department.
    • by Soko (17987) on Wednesday September 06, 2006 @07:42PM (#16056256) Homepage
      Sure Microsoft has a Security Department. They're the nice people who, after you've quit MS to go work at a rival orginisation, walk you from your former office, out the front door and past Steve Balmers office window. Just watch for well aimed office chairs...

      Soko
  • So... (Score:5, Insightful)

    by Umbral Blot (737704) on Wednesday September 06, 2006 @07:26PM (#16056175) Homepage
    We can draw two possible conclusions from this. Either a: MS' security team was made of good people who were doing the best they could for such a large project with such a large user base and extensive backwards compatability, and thus that Windows security was the best it could have been (even if that wasn't so good). Or Mozilla's security is going to go down the tubes. It's a slashdot paradox! Clearly we can't grant #1, because that wouldn't be sufficiently critical of MS, but be can't grant #2 either because we love Mozilla. I'm just glad Mozilla doesn't think this way.
    • Re:So... (Score:5, Funny)

      by MacDork (560499) on Wednesday September 06, 2006 @08:01PM (#16056337) Journal

      We can draw two possible conclusions from this.

      Ahhh, but you've overlooked the most important factor: Window Snyder is female! Therefore neither of your proposed solutions is correct. Slashdot readers, once they have discovered this will completely forget all context in the discussion. They will find pictures, [blogger.com] fawn over teh hotness, and begin building web shrines in their basements throughout the globe.

      Gentlemen, ready your hot grits. :-P

    • Mozilla is no more secure than IE anyway. Check it out [mozilla.org]. I reckon Ms Window will be able to use her experience to help them out quite a bit!
    • Re:So... (Score:5, Funny)

      by Kelson (129150) * on Wednesday September 06, 2006 @08:31PM (#16056467) Homepage Journal
      Clearly we can't grant #1, because that wouldn't be sufficiently critical of MS, but be can't grant #2 either because we love Mozilla.

      For some reason I want to adapt this to the duel of wits from The Princess Bride:

      But it's so simple. All I have to do is divine from what I know of you: are you the sort of site that would approve of an enemy, or the sort of site that would reject a friend?

      A site that hates Microsoft would complain that because Microsoft's security has been notoriously poor, then Mozilla must be making a mistake. Since Slashdot tends toward favoring Mozilla, clearly I cannot choose the whine in front of you.

      A site that loves Mozilla would have to rationalize the decision, and conclude that the security expert is worth hiring. But since that speaks favorably of Microsoft's security, I can clearly not choose the whine in front of me!

      But Slashdot is known for its vindictiveness. Given a choice between reasoned discourse and pure snark, the site will go for snark every time. So clearly I cannot choose the whine in front of you!

      etc.

      I'm just glad Mozilla doesn't think this way.

      In all seriousness, I've got to agree with you here. Though there's certainly been plenty of "MS has lousy security" rhetoric from people at Mozilla over the last few years.

    • The umbral blot once again tried to overshadow intelligent conversation with a false and insulting choice:
      1. MS' security team was made of good people who were doing the best they could for such a large project with such a large user base and extensive backwards compatibility, and thus that Windows security was the best it could have been (even if that wasn't so good).
      2. Or Mozilla's security is going to go down the tubes.
      3. Of course the answer has more to do with the differences between free and non free sof

    • Or: Three, Window was a good person to lead a security team, but her work was compromised by policies from Microsoft higher ups. I'm sure there are other possibilities as well. The two options you present aren't the only too possibilities, so there is no reason people would be forced to admit either one.
    • Was just wondering the same thing : Would not having "Windows Security" on your resume be a bad thing? :)
    • by ndogg (158021)
      Or it's neither and she's simply contributing her knowledge and experience to the knowledge and experience of the Mozilla organization.

      From reading other posts to this article, it seems she found some resistance to her meddlings at Microsoft.

    • by Locutus (9039)
      Well, Microsoft sure does NOT have a very good record of making a secure system and that record is over 15 years old. But regardless, one thing I was looking for was what/where this person did BEFORE Microsoft to see if there really might be some security talent there. That's when I found that she worked for @Stake before going to Microsoft( http://www.matasano.com/log/mtso/team [matasano.com] ). This is the same @Stake which fired one of their own, their CTO no less, when he released a document which was NOT kind regard
  • April 1st (Score:5, Funny)

    by Anonymous Coward on Wednesday September 06, 2006 @07:27PM (#16056179)
    Cmon Slashdot, a guy from Microsoft whose first name is "Window" and had a job implementing security at Microsoft??? These April Fools jokes get dumber every year.
  • "Former" (Score:3, Funny)

    by kcbrown (7426) <slashdot@sysexperts.com> on Wednesday September 06, 2006 @07:27PM (#16056180)

    Hmm...."former"...."security" strategist...

    Uhuh. Sure. Whatever you say.

    I think I'll grab a copy of the source code now...

    *Dons tin foil hat*

    • It's called "Open Source" for a reason. I've never contributed a line of code, but I have all of the source on my box.

      Unless there's an anti-MS clause in the Mozilla license, but I know there isn't in the GPL...
  • Joke? (Score:5, Funny)

    by dk.r*nger (460754) on Wednesday September 06, 2006 @07:29PM (#16056188)
    This has to be a joke. Microsoft actually employed a named Window S. ??
  • by krell (896769) on Wednesday September 06, 2006 @07:29PM (#16056192) Journal
    In a related story, Heat Miser has joined the fire department.
  • by ktakki (64573) on Wednesday September 06, 2006 @07:31PM (#16056195) Homepage Journal
    Is he required to change his name to Mozilla Snyder now?

    Sorry.

    k.
  • First thing that popped into my head was the new Mozilla security slogan.

    "We're not going to take it! NO! We ain't gonna take it! We're not going to take it, anymore!"
  • by rsborg (111459) on Wednesday September 06, 2006 @07:41PM (#16056246) Homepage
    And she's pretty hot [dec.net].

    Er, eh, not that influences my perception of her value to the Mozilla corp at all...

  • by shadwwulf (145057) on Wednesday September 06, 2006 @07:42PM (#16056251) Homepage
    ...had to be a product of hippie parents.

    I'd imagine his parents would have just completed the conception of Window and his father stumbled to his feet in a drug induced stupor and suddenly had an idea of what to name their recently created progeny as his eyes came into focus on the first thing he saw, exclaiming "Babe! I just thought of a awesome name for our kid...."

    Just a thought.
    • Re: (Score:3, Funny)

      by Farmer Tim (530755)
      Actually, "Window" was the second choice. "Roachclip" got too many funny looks at the registrar's office...
      • by JKConsult (598845)
        I have a friend named Toke. No, no shortening, and yes, that is his real name. He has fooled a bunch of people (okay, even me the first time) in my earshot by claiming that his brother is named Roach.
        • So when his father asked his mother "would you like a toke", she got more than she bargained for?
  • ...to drop Firefox. Great strategy!
  • One of the linked ads text for this page: Waste Receptacles The Spot To Find It! It Is All Here. Couldn't have put it better myself.
  • by Effugas (2378) * on Wednesday September 06, 2006 @07:45PM (#16056269) Homepage
    Window's an old friend of mine, so let me be the first to congratulate her here. W00t!

    So the security world used to be pretty hostile to MS, before, you know, XPSP2, MSRC got taken seriously, etc. Window showed up before all of that, and pretty much took our abuse year in, year out. And then...things got better.

    She'll deny any direct cause and effect there, but she was _the_ interface between Microsoft and the various security cons for quite some time, and I think at least some of the reason we got certain concessions (like 24 hour response time out of MSRC) is that she was there to hear people say things like "I dunno, why should I warn MS, they're just gonna sit on it anyway."

    Firefox is not without problems (understatement). I'm looking forward to seeing what Window can accomplish w/ Mozilla.
    • by JustNiz (692889) on Wednesday September 06, 2006 @08:20PM (#16056419)
      >> XPSP2, MSRC got taken seriously

      Yeah sure it did. Keep smoking the doobie.
    • by EvilGrin666 (457869) on Wednesday September 06, 2006 @08:20PM (#16056421) Homepage
      You seem to be on the inside so I'm curious on why she'd want to leave just at the point where things were working out? Any insights on that?
    • by Anonymous Coward on Wednesday September 06, 2006 @08:26PM (#16056446)
      I thought your post was going to go something like this:

      Window's an old friend of mine, so let me be the first to congratulate her.

      Sincerely,
      Door

    • by fv (95460) * <fyodor@insecure.org> on Wednesday September 06, 2006 @08:53PM (#16056577) Homepage

      So the security world used to be pretty hostile to MS, before, you know, XPSP2, MSRC got taken seriously, etc.

      Used to be? Maybe you see a different view of them when they hire you for security consulting and fly you out for their Blue Hat conferences and such. But from my outsider perspective, Microsoft is still a security disaster. Not only have we continued to see hundreds of serious vulnerabilities throughout 2006, but MS has in many cases made us wait weeks or months before patching widely exploited bugs. Heck, another actively exploited MS Office vulnerability [seclists.org] was just discovered in the wild. If we're lucky, MS will cough up a patch on September 12, otherwise they'll probably leave users vulnerable until the next "patch Tuesday" on October 10.

      Meanwhile, Microsoft recently re-issued MS06-042 with a fix for a vulnerability introduced by their first attempted fix. And they openly admit [seclists.org] that they excluded eEye from the advisory credits because eEye embarrassed MS by making their incompetence public. MS is more interested in petty vendetas against researches than actually fixing the flaws.

      Microsoft has made a few positive steps toward securing their products in that last couple of years, but I think most of their efforts and successes are more in the PR realm than anything with technical merit. They have spent so much money sponsoring conferences (their money does come with strings attached) and paying off security researches, that many people seem reluctant to criticize them.

      OK, enough anti-MS ranting from me for now :). My main point in replying is actually to agree with you about Window. She is extremely smart and talented, and her defection to Mozilla is great news for a product which really needs more security attention. We had lunch last week to discuss Mozilla security and Window has some great ideas. Mozilla may already be much more secure than IE, but we should set a much higher bar than that! Best of luck at your new position, Window!

      -Fyodor
      Insecure.Org [insecure.org]

      • So tell me what makes her so smart there cowboy? Actually everything I read about her she sounds like a middle management paper jockey. Same goes for the SP2 sign off BS, she had to sign off she was the middle manager again paper jockey between the developers and the "real" security contractors.

    • by VENONA (902751)
      "So the security world used to be pretty hostile to MS, before, you know, XPSP2, MSRC got taken seriously, etc."

      Used to be? We still are. XPSP2 didn't hold up long. Last July we had HD Moore's "Month of Browser Bugs," which finished up like this:
      MSIE: 25
      Apple Safari: 2
      Mozilla: 2
      Opera: 1
      Konqueror: 1
      then in August we get the 'patch the patch' debacle, against an easy remote admin compromise that was deemed serious enough that the Department of Homeland Security gave it coverage. I wonder what we get in Septem
  • I bet a number of people will soon be able to see right through this move in the next few days.

    Thanks folks, I'll be here all week. Please try the fish.
  • to listen to her advice and then do the opposite of what she recommends.

    Also known as the George Costanza rule of management.

  • If people leaving for Google lead to flying chairs and death threats, what does people leaving for Mozilla get you? Tables rolled down stairs and harshly worded phrases about maternal lineage?

                -Charlie
  • by eric.t.f.bat (102290) on Wednesday September 06, 2006 @08:03PM (#16056343)
    Coming soon to Mozilla: ActiveM plug-ins! Now with the exciting "FORMAT C:" functionality, and complete integration with BOTH kinds of email software - Outlook AND Outlook Express!
  • But if we're talking about this Window Snyder [blogger.com] she is kinda cute. You know, for a former MS security expert.
  • Funny? (Score:4, Funny)

    by Anonymous Coward on Wednesday September 06, 2006 @08:10PM (#16056374)
    WTF is this? most of the first dozen or two posts are aimed ot be (and are modded) funny. I thought this was supposed to a forum for serious discussion, not a fucking comedy club wanna-be.
  • Clearly... (Score:4, Funny)

    by ezzewezza (84083) on Wednesday September 06, 2006 @08:23PM (#16056429)
    if they're not already married to other people, Window and Linus need to get married. They could even name their first child Lindow.
  • At least.... (Score:3, Insightful)

    by Metroid72 (654017) on Wednesday September 06, 2006 @08:24PM (#16056435)
    You can't say that this captain hasn't been through a shipwreck.
  • Awesome! (Score:2, Funny)

    by caudron (466327)
    Now we in the open source world can start benefitting from all those ironclad security techniques that have heretofore beeen the sole purvue of Microsoft's security team!

    Pretty soon our stuff will be almost as secure as Windows!

    Now if only we could only get a defection from whomever it is at Microsoft that is in charge of their world reknown OS stability....

    Tom Caudron
    http://tom.digitalelite.com/ [digitalelite.com]
  • by TLouden (677335)
    This guy approved SP2? What is this, some sneaky M$ trick to ruin a perfectly fine company with it's 'security'?

    I fear what may come of this.
  • A Microsoft employee called Window? Why, that's like an ice cream man named Cone!
  • Obligatory Overload (Score:2, Interesting)

    by MrCopilot (871878)
    First of all, Window's working at Microsoft. This is too much.

    Second Mozilla nabs her. Ironic No.
    Microsft's Window jumps ship to Firefox.......(of all the headlines we mangle here this one's begging for it.)

    The comedic possibilities are overwhelming. But here is the strangest one. Mozilla supplies her with 3 workstations. For compatability reasons she's gonnan need a Mac, a Linux, and a Windows box.

    ....

    wait for it.

    But now they are all window's machines. Gasp, This woman is dangerous and must be stopp

  • by Locke2005 (849178) on Wednesday September 06, 2006 @09:10PM (#16056647)
    She (not he!) is such a babe [securite.org], I could ALMOST forgive her for being named after Microsoft's flagship product!
  • Window is SCARY smart, and hothothot. I've been friends with her for years, and haven't seen enough of her since she moved out of Cali. Glad she contributed her knowledge to microsoft's efforts, and even happier that she's now on the firefox train.

    Love you, WS, congratulations!

    -ES
  • What could *Microsoft* teach Mozilla about security...

    that is, other than what _not_ to do!!

  • Window is one of the nicest people I've ever met. A great person with clue, etc. Good luck, rosie ;)
  • This is good news. Mozilla good use someone with experience in securing elephantine bloatware.
  • by jotaeleemeese (303437) on Thursday September 07, 2006 @06:15AM (#16058156) Homepage Journal
    Lets not beat around the bushes.

    MS has an image problem when it comes to security, it is a problem of their own making, acknoledged by Mr Gates himself and experienced day in day out with their prodcuts by IT professionals.

    Dig a bit deeper and you realize that security is still not properly realized in MS products. AD is a mess waiting to get worst for example.

    I don't care how wonderful SP2 was, that is a drop in an ocean of incompetence and procastination.

    I don't know what the Mozilla organization was thinking. Sometimes you have to take care of the PR situation as well as the technical side of things. Anybody that has worked recently around security in MS products will carry a credibility problem, specially in a highly visible position.

    I am sure that this lady is bright, intelligent and all what his pals say lovingly about her, but she brings with her a credibility problem which becomes all too evident when one reads all the comments on this thread (which are mostly bad jokes, but that drive the same point home: we can't believe it).

    Lets hope that this is a good move, but I think people should be excused for the healthy doses of skepticism.

The sooner you fall behind, the more time you have to catch up.

Working...