(continued from previous page)
TalkBack
E-mail
del.icio.us
Digg this(continued from previous page)
Despite their unique mission, Boden's team in many ways represents a cross-section of the company. Members vary from someone who was hired straight out of high school at age 17 to veteran professionals with doctoral degrees in computer science.
Boden's background is equally diverse. Born in the United States to British citizens, he grew up in Southport, England, and attended high school in Philadelphia. It was a Tandy TRS-80 that first got him interested in computers. He worked for Deloitte Consulting before joining Microsoft, where he managed desktops and servers before falling into security as a project manager on Windows 2000.
"I found I enjoyed the challenges and pace of the security function much more than deploying software," Boden said.
He's certainly got plenty of what he asked for. As Microsoft has grown with Web technology, the threats to the empire have multiplied commensurately.
Wardens of the Web
Vulnerabilities on the Web include cross-site scripting bugs that could leave personal accounts vulnerable to hijacking, facilitate data-thieving phishing scams or let hackers plant malicious code on a trusted site. Another commonly discussed problem is SQL injection, where an attacker could gain control over a database behind a Web application.
And with expansion has come additional risk, including complications raised by new business relationships with other companies that host parts or all of Microsoft-branded Web sites. In 2005, for example, an MSN Korea partner fell victim to cybercriminals who created a nefarious program that recorded user credentials for an online game onto the PCs of MSN Korea customers.
That same year, Microsoft kicked off its online initiative, proclaiming the "live era" of software. It announced online complements to Office and Windows. Recently, it unveiled a revamped version of Hotmail, one of its early online applications.
The "live" push is Microsoft's bid to partake in the online applications surge. These applications are helped by new development techniques such as Ajax that stretch the abilities of what Web sites can do, making them act more like traditional desktop apps. That, in turn, has translated to new opportunities for security breaches as well.
"It puts stress on our program, but we have been successful in creating a security model that really pushes accountability back to the business teams," Boden said.
In sharing responsibility for security across the company, Microsoft is similar to its rivals. As mashups become an increasingly common form of developing, cooperation on security is essential for connecting multiple online applications.
Above all, Boden--like his counterparts at rival companies--says it is crucial to keep in mind why security is so important. As people continue to store their information online, the Web is becoming the equivalent of their personal filing cabinet.
To that end, Boden and his family are no different: they store all their personal data in Web applications.
"We're definitely all in," he said. "So if it fails, it fails for me personally and professionally." 
Stories
Day 1: Inventing the wheel
Leading the charge in Web security at Google, vice president of engineering stands at the forefront of a critical period.
Day 2: It pays to be paranoid
All Yahoo employees are encouraged to be at least a little paranoid. Meet the man who was the first to put it in a job title.
Day 3: Lessons from the desktop
While similar rules apply to Web security, the differences are crucial and the stakes are high, says Microsoft senior security director.
Day 4: Web security challenge
Unprecedented amounts of data will need to be secured in new, untested ways. What's the best course in such uncharted territory?
Photo galleries
Day 1: Google team at work
Everything from dogs to Darth Vader keeps things lively at the office. June 25, 2007
Day 2: A peek at Yahoo 'Paranoids'
"Paranoids" come in the uppercase and lowercase variety. And then there are the superheroes. June 26, 2007
Day 3: Leading Microsoft's crew
Senior security director heads up a 55-member team that's working on marketing itself inside Microsoft. June 27, 2007
Podcast
Podcast: The state of Web security
Is Web security where it should be? Where is it headed? CNET News.com talks to some experts.June 25, 2007
Related stories
Wired but not Web 2.0? That's normal, study says
Wrangling Web 2.0 at S.F. expo
Bug hunters face online apps dilemma
Insecurity complex on the Internet
Google deal highlights Web 2.0 boom
News from around the Web
Divide between Net, desktop disappearing
Web 2.0 threats and risks for financial services
Security remains a challenge for browser developers
Is Really Simple Syndication really secure?
Study: Security cues on banking sites ignored
Botnet battlers call for Net driver's license
Credits
Editors: Anne Dujmovic, Mike Ricciuti, Mike Yamamoto
Design: Andrew Ballagh
Production: Jessica Kashiwabara
until they were left with nothing.
How can a consumer accept a car that is unstable, crashes, is a
magnet to viruses and allows break-ins from a poorly built
machine?
The only way is for Microsoft to start over and create a whole
new OS. Until then, the dark ages of computers continues for
most.
Many are already in the renaissance with their Macs.
Yahoo: Completely weird trying to put humor into security with drug-like tactics with cartoons and paranoia
Microsoft: They decided to have their own photographer and in the last photo http://news.com.com/2300-1002_3-6192282-3.html?tag=ne.gall.pg drink was seen within the Microsoft office
Who wins on a Cnet report level? Google.
In security and public relations, behind the scenes and ideals don't matter, this was a media and public relations face off, and out of that only Google came out best. The public don't care about cartoons, paranoia and other behind the scenes stuff, they want to hear stuff that is going to make them feel better as a consumer, but how you're better serving your employees.
Consumers wanted to hear about things that effect consumers, and the Google report and photographs done that, Yahoo and Microsoft failed to do that.
Funnily, Google are winning over consumers, something you've failed to beat in your cnet public relations, yet again Google stand out as #1, not only as the number one search company, the number one company online but the crown in public relations and giving the public what they want to hear in terms of cutting edge journalism.
Kudos to Joris Evers for the three reports.
Popular Science's "Worst Jobs in Science 2007". It was right
between Coursework Carcass Preparer and Gravity Research
Subject. "Like wearing a big sign that reads 'Hack Me'".
http://tinyurl.com/2v9la9
I have to disagree with PopSci's analysis on one point --
Microsoft's products are not hacked for the challenge. They are
hacked to create bot nets that send spam, launch attacks, etc.
Zombie PCs are money makers for virus and worm writers.
Just like Plug and Play. . . only Microsoft could invent
Trustworthy Computing.
However, just stating that they're aware and actually implementing it are two totally different things.
It's too late for them to implement such in Vista because it's just a bake-off of XP with extras.
To really implement what they're claiming properly, it must be done from the Ground Up meaning at least the next operating system after Vista at the earliest!
But can they really pull it off correctly remains to be seen?!?!
Walt
- MS has a security director?
- by oxtail01 June 30, 2007 12:11 AM PDT
- Isn't listening to MS security director like having a robber guard your house?
- Like this Reply to this comment
-
(8 Comments)