Oh, yeah — get somebody from Microsoft. That’ll inspire confidence.

Tom Davis is wrapped up tight with the Beltway Bandit contracting culture, whose illegalities he winked at while he headed up the House “oversight” committee during the post-911 national security state buildup. He and his wife are both dripping in dirty donor dollars.

And why would the Bush cybersecurity person be considered qualified for federal employment anywhere again, ever?

Get one of them Pentagon hackers.

Thank Dawg the country has moved Right, otherwise what would all these moderate Republicans do with themselves?
Congratulations on your bi-post-fucked – up-partisanship, President Obama.
Rumor has it that Mitch McConnell is pondering retirement – he takes great comfort that there’s a job waiting for him.

I don’t get it. Who does he think this is going to win him friends with? Th right will moan that Davis sold him out. The left hates Davis because he’s a wingnut(despite how he portrays himself as a moderate). Is he doing this nonsense to please Broder? Because it sure looks like it.

That landslide last November wasn’t so that there could be Republicans running the government.

Why doesn’t the President understand this?

Bad news if true, Tom Davis is the prince of the culture of corruption.

I don’t understand it either. Makes no sense.

If Washington DC had been constructed high in the mountains we could blame oxygen deprivation for impeding rational thought. It was built on a damned swamp however, so I am forced to conclude the lack of intelligence in our leaders results from an epidemic of advanced syphilis.

Is this a simple appointment, or does it require Senate confirmation?

If it’s the latter, Marcy’s comments suggest some very interesting lines of inquiry for the relevant Senate committee.

“Mr. Davis, we’d like to talk with you about your role in investigating GOP email problems. Could you please turn over any and all email contacts you had with . . .”

Wow, great find.

If the Obama Administration is looking for an easily indictable GOP to join them, Davis sure seems like their guy.

’cause he is a Trojan horse Democrat?

How do you distinguish between Democrats and Trojan Horse Democrats?
I usually can’t.

Glad to see y’all are cybersecurity experts.
Actually, Microsoft’s efforts in Vista are fairly highly regarded by those who attack computers for a living.
Certainly, they have some of the smartest engineers out there.
As for usability, marketing and aesthetics…well, the complaint here is that the candidates are not tech-savvy enough – not design-savvy enough.
The technical term for someone who believes *any* platform is inherintly secure is p0wned.
Charney is a large porting of the things done right at micro$oft, not the problems.

Oh, and Al Gore’s vision had more to do with building infrastructure than defending it. Once that vision’s realization was underway architects realized that making it easy to run code wasn’t always a good idea.

The Trojan Horse Democrats are the ones whose steeds wear protection?

We’re not cybersecurity experts, we’re bloogers in the corner making fun.

We’re not cybersecurity experts, we’re bloogers in the corner basement eating cheetos making fun.

In our parent’s basement.

Did I mention my lovely bathrobe?

What are bloogers? Sad bloggers?

Pass the cheetos, dude.

heh
just a pet peeve from someone who keeps his toes in that water

Anyone other than Davis would be preferable, and someone outside of DeeCee would be best.

agree completely

I am a cybersecurity expert, and Microsoft fails on security at all levels. While I agree they have excellent engineers and developers, the whole company is driven by the marketing department. No matter what the smart people think, marketing dictates the “features” and then the best is done to make them work.

Microsoft has stuck with underlying flaws in their system for over a decade, they lack a culture of security. And security is a frame of mind, not a piece of software. Getting some corporate demagogue to dictate how systems should be configured will put us on a path not dissimilar to China’s “Green Dam” buggy firewall software that they were going to force on all computers. (Ooh, look, I played the “communist” card. Funky.)

And as Bruce Schneier, one of the top experts in security says, a cybersecurity “czar” is a bad idea:

Really what I think is it shouldn’t be anybody. We do better without a top-down hierarchy. Our economic and political systems work best when there isn’t a dictator in charge, when there isn’t one organization in charge. My feeling is there shouldn’t be one organization in charge. Not only shouldn’t it be the NSA, it shouldn’t be anybody. That’s the problem whenever you hear a cybersecurity czar being mentioned. The person doesn’t have budgetary authority. All they can do is ask nicely.

A Washington insider, a Bush Republican, not tech savvy sounds like more change we can’t believe in.

Dredging this up from my forgotten list of Bush scandals:

253. As reported September 2007, in conjunction with the Department of Homeland Security (DHS), the NSA is planning to expand a murky and problem plagued internet security program Turbulence. Its ostensible purpose is to protect the nation’s electronic infrastructure from attack by terrorists and hackers. However, as an unnamed government official said, “If you’re going to do cybersecurity, you have to spy on Americans to secure Americans.”
The program has the hallmarks of a pet project of someone highly placed in the NSA, or the White House. It has an annual budget of $500 million, and both the budget and program were hidden from the Congress for over a year by means of a complicated shell game of creative accounting and splitting up its components (so it would be harder to identify and track not from our enemies but from our Congress). That takes considerable pull. Still the strategy is a simple one, get a program up and running before it can be quashed. Once up, as I have noted before, programs like Turbulence are virtually impossible to kill. In this light, the hookup with DHS is not about inter-agency cooperation but about extending the program’s political constituency and improving its chances for survival.
Turbulence is by its nature highly intrusive and ripe for abuse. Yet from its origins, it has been designed to avoid to the maximum possible any oversight. It is another case of the Bush Administration which has a record of repeatedly abusing the public trust saying, “Trust us,” again.
On January 8, 2008, Bush signed National Security Presidential Directive 54/Homeland Security Presidential Directive 23 giving the program an even solider political foundation. It gives the direction of the program to the Director of National Intelligence (DNI). The NSA will do its thing. The DHS will seek to protect government computer systems from attack, and the Pentagon will have responsibility for any counterattacks. Questions of privacy aside, without a unified response team, this is a plan made in bureaucratic hog heaven and will likely be both intrusive and ineffective.

What I wanted to point out was the bit in boldface. Cybersecurity is a code word for domestic spying. And who better to do this than a Bush Republican? Or increasingly an Obama Democrat?

Bloogers are a type of Brooklyn whale.

I’m not sure why the U.S. govt needs cybersecurity. Is it to make sure that no one other than the NSA can collect all our emails?

Heh. Surprised I couldn’t figure that out for myself.

It’s in keeping with the policy of preventing Progressives from getting too much clout in the Administration. If you exclude us, there is no chance that the Regressives will accuse him of being “Liberal”, is there?

What are bloogers? Sad bloggers?

Stepped away for a moment (mom called me to take out the trash),
but you’ll have to ask TP@16, he started it!

Well, I suppose ‘no clout’ is not ‘getting too much clout’. I wish we had more, because then would wouldn’t be getting so much crap like this happening.

Half agree.
I respect Sherer greatly as a defensive strategist.
I base much of my opinion of the difficulty of attacking Windows on writings by immunitysec’s Dave Aitel, Joanna from invisiblethings, halvar flake, thomas lim and a few others (while we’re name checking/dropping)
Sure the RPC should have been fixed in Vista, but that was the exceptional oversight rather than the rule.
And you can 0wn 1000s of boxes running old versions of sendmail as well.
If you are looking for someone who has come into a strategically compromised organised organization, such as the US Government and make major changes, Microsoft would be a good example of turning a large ship around.
Sure, you can build a better (more secure) OS ground up on a ‘nix kernel today, but you can’t make it functional for the millions of users.
On the network side, I have yet to read of a compromised ISA server, but Checkpoint and ISS appliances have had remote code execution vulnerabilities.
F

It would be a good assumption that at least one other entity has access to your emails.

Certainly reminds me of the Bush principle that an administrator doesn’t have to know anything about the field that is being administered as long as he/she is a “team player” politician.

My problem with Davis is he did absolutley nothing as chair of the Government Reform Committee (now Oversight and Government Reform Committee) with one exception, making a spectacle of Terri Schiavo. Great track record for “getting things done”. Not to mention his Abramoff connections.

It’s hard to say from that list who might be best. Getting somebody from Microsoft might be dangerous because they could work to protect the company’s investments. Getting Landeau fro Sun might be good except for a possible lack of intimate knowledge of Microsoft products.

Damned if you do. Damned if you don’t.

Perhaps better would be someone who is a great administrator and independent, but capable of working with techies. I have no idea who that would be. Davis is a politician. Does he really know *anything* about IT?

Oh, great. You’re thinking of putting someone from MICROSOFT in charge of CYBERSECURITY? Two words, people: WINDOWS VISTA.

I’m not sure what you think that means, but I’m quite sure that it doesn’t mean what you think that it does. Not to derail the conversation with utter off-topicness here, but the fact is that Vista is pretty damn secure. Now whether it’s the commercial success MS had hoped for is another story and on that front I think Windows 7 will be what Vista was supposed to be.

On cybersecurity, I don’t see how what has turned out to be a pretty dang secure desktop OS (and Vista is that if nothing else) is relevant one way or the other. Cybersecurity is a whole ‘nother ball of wax and the fact is that Microsoft is loaded to the gills with some very smart people who are no doubt up to the task.