Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Microsoft United States Your Rights Online

Geer Comments On Firing From @Stake 433

dwbryson writes "Last week Dan Geer, co-author of the CCIA Microsoft security report, was fired from @stake for expressing 'values and opinions [of the report] not in line with @stake's views.' Now Geer has been talking to eWeek and comments on his dismissal."
This discussion has been archived. No new comments can be posted.

Geer Comments On Firing From @Stake

Comments Filter:
  • by dmayle ( 200765 ) on Wednesday October 01, 2003 @06:43AM (#7102263) Homepage Journal

    "The Venn diagram of facts doesn't intersect. The intersection of all of those statements is the null set," Geer said.

    Ahhh, one of our own... :)

    • Hehe, I thought that was pretty funny. Makes you wonder how he does normal stuff like if he ever broke up with a girlfriend.
      'See honey, this circle represents everything I want and this other circle represents you. Notice how the intersection of these two is the null set?'
  • by AndyFewt ( 694753 ) * on Wednesday October 01, 2003 @06:47AM (#7102273)
    I guess Geer should read "The Surprising Benefits of Being Unemployed" from earlier. Perhaps it will help?
  • Comment removed (Score:5, Insightful)

    by account_deleted ( 4530225 ) on Wednesday October 01, 2003 @06:51AM (#7102289)
    Comment removed based on user account deletion
    • Unfortunately, acedamia is the only place where you'll find non-consumer-driven research.

      I guess it's corporate-shaped, instead.
    • by rknop ( 240417 ) on Wednesday October 01, 2003 @07:08AM (#7102355) Homepage

      I'm ashamed of our academics, as cited in the article. He apparently went to get 9 to sign onto that paper and all declined because of funding issues.

      What's the point of tenured academics if they are going to be afraid of losing corporate grants and therefore are squelched?

      The problem isn't the academics. The problem is the funding.

      If you're an academic, there's tremendous pressure to get external funding. That's usually a tenure critereon nowadays; unless you demonstrate an ability to get external funding, you won't get tenure. Even after you get tenure, there's huge incentve to get external funding. For instance, the amount of time and freedom you have to do your research (versus other duties) is often directly linked to the amount of external funding you can secure.

      People are surprised sometimes when I tell them that I need to figure out how to get grants to support my research. "Doesn't the University support your research?" Only in that they provide me a 9-month salary, an office, and administrative support-- which, I grant you, is real support. But it's not sufficient; it doesn't pay any grad students or post-docs, it doesn't pay any publication fees, it doesn't pay for any travel, it doesn't pay for any equipment.

      If you're in a field where corporate support is expected, then you're caught in a bit of a catch-22. You're supposed to have academic freedom, and indeed once you have tenure the University can't fire you. But if you want to be able to keep doing your research, you need to get funding, and as such you are in a position where you can't say something that will offend whatever corporate source of funding you depend on.

      If you want to fix the problem, fix the way that academic researchers are funded. Don't just do away with them altogether, or you'll find that there are even fewer people who can speak with some sort of credentials who aren't completely beholden to some specific private interest. In other sciences, government funding does alleviate some of the trouble, although I'm not so naive as to believe that one's ability to get government funding through the NSF and such wouldn't be harmed by speaking out against certain influential private interests.

      It's similar to politicians and large special interest groups. No politician who wants to get elected can support an even wise and rational policy (e.g., let's say eliminating drug patents and reforming the way drug research is funded in the interest of lowering overall healt care costs for individuals) if you risk ticking off huge campaign donors, for you will get buried.

      -Rob

      • Comment removed based on user account deletion
      • It's similar to politicians and large special interest groups. No politician who wants to get elected can support an even wise and rational policy (e.g., let's say eliminating drug patents and reforming the way drug research is funded in the interest of lowering overall healt care costs for individuals) if you risk ticking off huge campaign donors, for you will get buried.

        Even incumbent politicans risk getting the boot if they rub special interest groups (especially those with deep pockets) the wrong way.
      • by Lumpy ( 12016 ) on Wednesday October 01, 2003 @08:37AM (#7102915) Homepage
        But it's not sufficient; it doesn't pay any grad students,...

        pay grad students?????

        where the hell were you when I was in grad School???
    • by muffen ( 321442 ) on Wednesday October 01, 2003 @07:34AM (#7102482)
      This one is going to pass just like every other Microsoft injustice.

      There is no proof that Microsoft had anything to do with this, and I think they didn't. I believe what he said in the article, he was fired because of the ties @stake has with Msoft, not because they specifically called @stake and asked for him to be fired.

      That being said, this whole thing is bad. I do however have to agree with one of the posts above, that mentiones that although freedom of speech is a good thing, the employer can choose to fire you because you are using that freedom against the will of the company. I guess that is the freedom that the company has (upto a certain point ofcourse).

      It's been said many times before, freedom comes at a price! If you use your freedom, you must be prepared to deal with the Consequences.
      • by timeOday ( 582209 ) on Wednesday October 01, 2003 @11:13AM (#7104183)
        There is no proof that Microsoft had anything to do with this, and I think they didn't. I believe what he said in the article, he was fired because of the ties @stake has with Msoft, not because they specifically called @stake and asked for him to be fired.
        That's the irony. MS dominance threatens computer security be creating a software monoculture, in which even a single bug can take down 90% of computers. Geer's firing proves that MS dominance afflicts the industry itself; even taking Microsoft's name in vain makes heads roll. This is not the sign of a healthy industry or a competitive market, but rather a dictatorship - a political monoculture.
  • free $peech (Score:3, Insightful)

    by lanswitch ( 705539 ) on Wednesday October 01, 2003 @06:53AM (#7102297)
    This shows once more that Microsoft has become too dominant. If even the security companies can no longer speak freely without endangering their existence (and that's why they fired Dan Gear) then what kind of free speech do you really have? Only the kind you can buy...
    • Re:free $peech (Score:2, Insightful)

      s/buy/get paid for/
    • This shows once more that Microsoft has become too dominant.

      Sorry, but this has little to do with Microsoft per se, but rather, it has everything to do with the fact that Microsoft is @Stake's biggest customer. Any company would fire any employee on the spot if they embarrassed their biggest client. In just about every employment agreement that exists, there are indeed provisions that allow for immediate dismissal if you as an employee take such actions. Even if no such provision existed, did this guy

    • Re:free $peech (Score:3, Insightful)

      by Anonymous Coward
      Actually, this just destroys @Stakes credibility. They are now bought and paid for robots of Micro$oft. Which means we can't get reliable security information from them.

      We need diversity in computer operating systems. This racist computing has too many problems and the vendor Micro$oft is still not fixing the security issues. (Just mending it where they get caught).
  • by adamsmith_uk ( 670868 ) on Wednesday October 01, 2003 @06:57AM (#7102312) Homepage
    Irrespective of whether Microsoft had anything to do with the firing, a company such as @stake should stand by its employee and its own credibility...

    Why should companies trust future research from @stake? Should existing employees be watching their backs? Bad smell all around!
  • You go, Greer (Score:4, Interesting)

    by drpickett ( 626096 ) on Wednesday October 01, 2003 @07:13AM (#7102378)
    He called it perfectly

    His job is to spot the trends coming in the future - And his employer gags him for doing his job - I stand by my remarks in the previous thread on this topic - @Stake will have a very hard time attracting a decent replacement candidate, and their research will now always be suspect...

    ...at least for the two weeks that it takes modern society to forget that it ever happened

  • Define Irony: (Score:2, Interesting)

    by iainl ( 136759 )
    Man gets fired for making 'false' claims that a company exploits its monopoly of the market, because his bosses dare not offend that company. Hmm.
  • What happened l0pht? (Score:4, Interesting)

    by navyrain ( 171256 ) on Wednesday October 01, 2003 @07:28AM (#7102448)
    @stake used to be "l0pht heavy industries", a nifty little group of hackers toying around. (www.l0pht.com [l0pht.com]) Now they're all business. Lame. "What happened l0pht? You used to be cool."
    • Umm, if memory serves, the l0pht was, well, absorbed into @stake. That is, what was the l0pht became part of @stake, but @stake isn't just "the legitimate front for the [cr|h]ackers formerly known as the l0pht".

      Remember their tagline? MS: "That vulnerability is completely theoretical." The l0pht: "Making the theoretical practical since (some year)." I'd be willing to bet that not all the people within @stake are very happy about this decision, just like there's probably a few VeriSign employees that are
  • Live and Learn (Score:5, Interesting)

    by spacerog ( 692065 ) <spacerog@spacerogu[ ]et ['e.n' in gap]> on Wednesday October 01, 2003 @07:36AM (#7102489) Homepage Journal

    Whether Microsoft had a hand in his demise "will be forever impossible to ascertain," Geer said. "One might say communication wasn't necessary. There's a school of thought that says that a phone call wasn't needed. The more powerful you are, the less likely you are to have to pick up the phone. At most, you could call it plausible deniability."

    I am surprised that Dan has decided to publicly say anything. This would seem to indicate his relutcance to pursue the matter in court. Or maybe he just hasn't spoken to a lawyer yet. Or is this opening slavo?

    Before the obvious referances are made let me just say (again) that what @stake has become is in no way related to what L0pht was. I think there is only one of us left (Weld), everyone else has seen the writing on the wall and moved on. I just hope Dan is able to put this behind him soon and move on as well.

    - SR
    spacerog AT spacerogue DOT net
  • It's a basic rule of employment, accept the money, play by the rules.

    If one of my employees did or said something that was obviously against the interests of my business, I would reprimand and possibly fire him. If they discussed this in public, I would blacklist him as a "big mouth".

    What Greer says is something I also believe, but unfortunately being right does not pay the bills. He has probably made himself unemployable by any conventional organisation, and will have to find a way to leverage his noto
    • well..

      his job was to be right and say the truth, not to be a talking head that takes money and says what somebody other wants.

      at least supposedly, so it gives a real fucklike view of @stake now. why would you consult them when they don't tell you what they really think is the right decision but the decision that suits them for various reasons including commitment to some other big $$$ firm? why wouldn't you go and just read the marketing material by that other firm straight and just skip using them as a m
    • It's a basic rule of employment, accept the money, play by the rules.

      Maybe for you. Actually, I am quite nauseated by the sheer number of people who think this way and accept (and by omission, condone) the unethical behavior of their employers. What's interesting is that these are frequently the same people who frequently complain that corporations are "evil."

      While I acknowledge that I've made my share of mistakes in previous jobs, my individuality and sense of free will (hallucinatory or otherwise) ha

  • Interesting Note (Score:4, Interesting)

    by 4of12 ( 97621 ) on Wednesday October 01, 2003 @07:42AM (#7102528) Homepage Journal

    As an example of the kind of behind-the-scenes influence that large vendors have, Geer cited his efforts to find an academic security expert or two to sign on to the paper on software diversity. After contacting nine people and striking out each time, he gave up.

    "All of them said it was too hot for their position," Geer said. "They enjoy the free speech benefits of tenure but not necessarily those of funding."


    His experience is interesting; it shows just how there are limits, even in academia, to how far people are willing to go in their pursuit of the truth.

    Microsoft might not have an irresponsible security record due to business practices, but the hypothesis put forward by Geer and the others should be examined carefully and openly both for where it might errors, and where their hypothesis fits the facts. That's the way all scientific progress is made.

    And he's right, too, about a phone call not being necessary. Conditioning, and seeing what happens to people that take a stand in opposition to some powerful force, is enough to convince most people that self-censorship, if not the better part of valor, is certainly the better expedient for maintaining your comfort.

  • by Uninvited Guest ( 237316 ) on Wednesday October 01, 2003 @07:45AM (#7102540)
    The article mentions the security consulting firm Geer started in the 90's. Geer knows how to start and run a company. By now, there are bound to be folks losing faith in their own tenure at @Stake. Perhaps this firing will be the birth of a new security firm, founded by Geer, former @Stake employees, and experts that declined to sign on to the security paper. With enough credibility, the new company might lure some of Microsoft's business away from @Stake.
  • by erroneus ( 253617 ) on Wednesday October 01, 2003 @07:49AM (#7102565) Homepage
    First of all, Geer just became a martyr of sorts. As he is practically the creator and one of the more important celebrities in the security field, he's not wanting for job offers or opportunities. He'll probably just make his own.

    Whether or not Microsoft had anything to do with his firing, directly or not, is somewhat irrelevant. Sure it adds more fuel to the "we hate Microsoft" fire but outside of that it proves nothing except that @Stake is driven by their sponsors and not by the ideal of exposing the truth. This makes @Stake a security company that isn't secure in its convictions. Security you cannot trust.

    Geer, on the other hand, has proven himself to be unshakeable from the pursuit of the truth. He is unshaken by political and financial forces and the industry will see that, like it or not, his opinions can be trusted.

    Generally, this is a good thing for him and the business of security. The more high-profile these matters become, the more public opinion will influence commerce in these matters.

    It is hard for the American heart to forgive even perceived violation of the free speech ethic. We believe we can say whatever we want whenever we want so long as it is the truth. The public perceives the "breech" of the free speech ethic as a bad thing. "Oh look honey, this bad company fired this man because he was doing what he was hired to do and they didn't like the truth." That's the message most people will receive in this case I believe.

    They probably fired him because they knew they couldn't get him to retract anything he said.
  • Chilling effects (Score:2, Insightful)

    by Vintermann ( 400722 )
    I read some of the above, and I say:

    Whether @stake abd microsoft had the right to act as they did is beside the point. The point is that this sort of thing is really really bad for society because of the chilling effects. If it's risky to criticize the big boys, guess what, they get less criticism than they should have on account of their actions. They seem to be acting better than they really are - the mechanisms in a democracy that should prevent this sort of thing don't work, because people are afraid t
  • I feel bad for him partly because he got fired for a stupid reason... But mostly because people in this thread keep spelling his last name wrong!
  • I wonder if Computer World will drop their rankings in the "Top 100 Places to Work in IT"
    Computer World PDF [computerworld.com]?
  • by PepperedApple ( 645980 ) on Wednesday October 01, 2003 @08:34AM (#7102898) Homepage
    Here's an idea that I don't think has been explored much... maybe the big problem was that he said the opinions were his own and not @stake's.

    If I worked for Adobe, and then decided to release a photoshop clone in my spare time, and claimed that it was my own program, not Adobe's, I think that there would be some problems.

    In his job as a security expert, I'm sure that he used @stake's resources and expertise in coming up with the paper. So technically he might not have the right to say that the paper is his own and has no affiliation with the company.

    Perhaps if he had brought the paper to his employers and gotten their approval, they could have released it as part of a security report and sold it. Basically he took something that he made for his company and gave it away.
  • Of Mixed Minds (Score:3, Informative)

    by Effugas ( 2378 ) on Wednesday October 01, 2003 @10:11AM (#7103596) Homepage
    I was at Toorcon, when Bruce Schneier was talking about this very event.

    It was pretty painful, but not like you'd think.

    "For those who don't know, Geer wrote an article talking about the risks of monoculture that situations like we have with Microsoft expose."

    Lets look at the article's title:

    >

    CyberInsecurity: The Cost of Monopoly

    How the Dominance of Microsoft's Products Poses a Risk to Security


    Does anyone see the word Monoculture in there? No, just monopoly. It's up there next to "Dominance", "Cost", and "Insecurity".

    Somewhere along the lines, this paper jumped from technical analysis to political polemic, and Geer got the political response. Don't get me wrong: The vast majority of the conclusions reached in this article have way more than a grain of truth in them. But the degree to which Schneier backpedalled on the tone was pretty noticable, and stood in stark contrast to the near-rage of the paper itself.

    Would Geer have kept his job if the paper was more objectively written? I don't know. But I sure note what I see reported on doesn't match what I read in that paper, and I have to wonder why.

    Yours Truly,

    Dan Kaminsky, CISSP
    DoxPara Research
    http://www.doxpara.com
  • by theCat ( 36907 ) on Wednesday October 01, 2003 @12:31PM (#7105071) Journal
    It seems to be happening that matters which begin as purely technical/scientific become marketing and sales issues. Witness what happened to the Darpanet when it went public and became the Internet we know today. At the time I was studying CS in college and I recall academics and government types where wringing their hands over the inevitable "dumbing down" of the technology in favor commercial applications and services to the public. Read that as marketing and sales. And we can see where that got us; mom and pop on broadband but with "personal" technology never meant to leave the secure isolation of the living room.

    Although viruses got their start on the floppy disk vector (recall boot sector viri?) they have come into their own throught the vector of the Internet. That machine could not have been better built to propogate malware even if one had set out to do so, but the only reason it can actualy do so to the degree it has is because of the brain dead operating systems (and rookie sysadmins) at the remote ends of the pipes. And the monoculture of both is at the heart of the problem. I use MacOSX on broadband, but do you seriously think I have to worry about any of this? No I do not.

    Enter security. Now an entire industry has emerged to counterpoint the monoculture, an industry devoted to what would simply have been the day-to-day work of any competent sysadmin just 10 years ago, except that today there are few competent sysadmins. Rather there are hordes of desktop drones massaging M$-based networks across the planet, only incidently linked each to the other by an Internet of which they have no particular understanding nor much interest (a direct reflection of M$'s own utter indifference.) It has all become a dense, dry, sprawling monotypic tinder of light twigs and leaves awaiting the match. The security industry is built around that monoculture of neglect and ignorance, would have no purpose without it, and yet is directed at undoing what the monoculture has done to, and via, the Internet. And since M$ is just a marketing and sales juggernaut with its roots deep in the fertile manure of personal computing, should anyone be surprized that here again the network technology and science are falling under the tracks of the M$ Panzer divisions? I should hope not. M$ did not become a monopoly by being easily distracted with technical details.

    I can see no solution but one. Government will not act because politicos are hip to marketing. Regulators will not act because they are afraid of the politicos and like their cushy jobs. And people will continue to select technology out of innocent ignorance. M$ spends freely, buys strategic friends, revises history, and builds outward seemingly oblivious to the coming train wreck because they know for a fact they will just walk away with profits intact; they are afterall about personal computers, and not much more. What is the Internet to M$ except a problem? They distribute their software on CDs and only security patches over the Internet to defend their CD-based software from Internet attack. I should think they would be twice-pleased if the Internet and everything associated with it, including OSS, simply vanished in a general conflagration.

    The one solution? I propose we take a clue from Nature and let it burn. We don't need these weeds growing here anymore, burn them out and their seeds as well. The network will survive because the network is not the problem, while the strictly "personal" computers will burn to the ground at the ends of the pipes. Then perhaps something more robust will spring up where they were. It might even be that M$ has the very thing waiting in the wings, ready to roll out, "Windows ProSecure" or some silliness. Fine with me. But if they don't then they are fools and their undoing will be of their own devising.
  • by JRHelgeson ( 576325 ) on Wednesday October 01, 2003 @02:26PM (#7106587) Homepage Journal
    Symantec now owns the Bugtraq list. Therefore the list is now moderated, Symantec will delay any posting information that they deem profitable. This has made the information on the Bugtraq list questionable. It is no longer an unbiased source for information security.

    With the termination of Geer, @Stake has shouted from the rooftops that they are NOT an unbiased source for information security.

    When I write a security paper, I write it from the perspective of an independant auditor, which I am. Someone from the outside looking in. I don't CARE what someones intention was when they created an insecure system. If I found it to be insecure, I let them have it.

    I just lambasted a luddite CEO of a major corporation for not making information security HIS #1 priority. I told him that the insecurity of his network was his problem, a management problem, not an IT problem. I railed on him for two hours in a meeting last monday... and he appreciated it. Was my report one-sided? Your damn right! I don't care what his intentions/perceptions are or were. What I told him was the pure, unadulterated and unvarnished truth. As painful as it was - it was true.

    He's a good CEO and changes are being made. Now, if this same info were coming from an @Stake consultant: The information would now be suspect as being slanted in M$ favor, because 'they help pay our paychecks' and we can't speak out too strongly against them. @Stake now takes the side of Microsoft.

    Was there any lies in what Geer wrote? No... Was it the painful truth, backed up by facts? Yes... Did the truth hurt? You bet. And it needed to be said.

    I think that the political ramifications taken out on Geer has just signed the death warrant for @Stake.

He has not acquired a fortune; the fortune has acquired him. -- Bion

Working...