· Naughties
· · 2006
· · · November
· · · · 20 (2 entries)

On Attacking Iran · There’s a term in Political Science that I’m looking for (and if the LazyWeb speaks up, I’ll re-write this to accommodate it). It’s the technique of gradually shifting the center of a debate, first by introducing notions previously unthinkable at the edge, then gradually moving them towards plausibility. It seems to be happening right now, with the objective of dragging aggressive war against Iran to stage center. Just this last weekend, the LA Times ran an opinion piece with the admirably-straightforward title <a href='http://www.latimes.com/news/opinion/commentary/la-op-muravchik19nov19,0,5419188.story?coll=la-home-commentary'>Bomb Iran</a>, and Ha’aretz was right behind them in line with <a href='http://www.haaretz.com/hasen/pages/ShArt.jhtml?itemNo=789940&contrassID=1&subContrassID=1'>Bush: I would understand if Israel chose to attack Iran</a>. There’s even a schedule: <i>In recent talks with their Israeli counterparts, French government officials estimated that Iran would reach the “point of no return” in its nuclear program by spring 2007, in approximately five months.</i> I am no lover of the corrupt theofascist oppressors in Tehran; and I suspect that nearly everyone agrees that we lose every time nuclear weapons cross another border. But still, are we so blind to history that anybody believes that such an attempt will succeed; or, whether succeeding or failing, improve the situation? <i>[Update: The term I was looking for was <a href='http://en.wikipedia.org/wiki/Overton_window'>Overton Window</a>; check the comments for a pointer to Mark Pilgrim using it. Thanks LazyWeb!]</i>
Kill Switch Nightmare ·  <a href='http://blogs.zdnet.com/microsoft/'>Mary Jo Foley</a> (who has been excellent recently, a must-read) reports that both Windows Vista and Office 2007 <a href='http://blogs.zdnet.com/microsoft/?p=111'>have a “Kill Switch”</a>; if you can’t prove you’re properly licensed, the software turns itself off. Maybe I’m missing something, but this seems like complete batshit-looney territory. Let’s see, suppose I’m a black-hat profiteer sitting beyond the reach of Western law but with control over a few <a href='http://en.wikipedia.org/wiki/Botnet'>botnets</a>. If I can get my hands on your Kill Switch, I’ll have a nice little extortion business, as in “Pay up or all your desktops will decide they’re unlicensed and turn off.” It’d work best in a sales-centric business near end-of-quarter. Another potential victim would be any government (or company even) that has a lot of enemies; they don’t want your money, they just want to take you down. So, without thinking too hard, here are some attack vectors I’d consider: If I can subvert your network routing, <em>gotcha!</em> If I can subvert the registry on your desktop machines, <em>gotcha!</em> If I can subvert the NTP protocol (how most computers learn what time it is), <em>gotcha!</em> I’m sure that an actual seasoned network engineer could think up a half-dozen more attack scenarios over a cup of coffee. Finally, never ascribe to malice that which can be explained by incompetence; WGA is software and software has bugs and if one of those bugs flipped the Kill Switch on your sales infrastructure offline during the Christmas rush, well, there wouldn’t be any malice involved, but it’d sure be a pity. What prudent businessperson, I wonder, is going to install critical infrastructure that can be turned off remotely, trusting the claims that only the good guys will be able to find the key to the “off” switch?
author · Dad · software · colophon · rights
Random image, linked to its containing fragment


I am an employee of Amazon.com, but the opinions expressed here are my own, and no other party necessarily agrees with them.

A full disclosure of my professional interests is on the author page.