· Naughties
· · 2006
· · · November
· · · · 20 (2 entries)

On Attacking Iran · There’s a term in Po­lit­i­cal Science that I’m look­ing for (and if the LazyWeb speaks up, I’ll re-write this to ac­com­mo­date it). It’s the tech­nique of grad­u­al­ly shift­ing the cen­ter of a de­bate, first by in­tro­duc­ing no­tions pre­vi­ous­ly un­think­able at the edge, then grad­u­al­ly mov­ing them to­wards plau­si­bil­i­ty. It seems to be hap­pen­ing right now, with the ob­jec­tive of drag­ging ag­gres­sive war against Iran to stage cen­ter. Just this last week­end, the LA Times ran an opin­ion piece with the admirably-straightforward ti­tle Bomb Iran, and Ha’aretz was right be­hind them in line with Bush: I would un­der­stand if Is­rael chose to at­tack Iran. There’s even a sched­ule: In re­cent talks with their Is­raeli coun­ter­part­s, French gov­ern­ment of­fi­cials es­ti­mat­ed that Iran would reach the “point of no return” in its nu­cle­ar pro­gram by spring 2007, in ap­prox­i­mate­ly five month­s. I am no lover of the cor­rupt the­o­fas­cist op­pres­sors in Tehran; and I sus­pect that near­ly ev­ery­one agrees that we lose ev­ery time nu­cle­ar weapons cross an­oth­er bor­der. But stil­l, are we so blind to his­to­ry that any­body be­lieves that such an at­tempt will suc­ceed; or, whether suc­ceed­ing or fail­ing, im­prove the sit­u­a­tion? [Up­date: The term I was look­ing for was Over­ton Win­dow; check the com­ments for a point­er to Mark Pil­grim us­ing it. Thanks LazyWe­b!]
Kill Switch Nightmare ·  Mary Jo Fo­ley (who has been ex­cel­lent re­cent­ly, a must-read) re­ports that both Win­dows Vista and Of­fice 2007 have a “Kill Switch”; if you can’t prove you’re prop­er­ly li­censed, the soft­ware turns it­self of­f. Maybe I’m miss­ing some­thing, but this seems like com­plete batshit-looney ter­ri­to­ry. Let’s see, sup­pose I’m a black-hat prof­i­teer sit­ting be­yond the reach of Western law but with con­trol over a few bot­nets. If I can get my hands on your Kill Switch, I’ll have a nice lit­tle ex­tor­tion busi­ness, as in “Pay up or all your desk­tops will de­cide they’re un­li­censed and turn off.” It’d work best in a sales-centric busi­ness near end-of-quarter. Another po­ten­tial vic­tim would be any gov­ern­ment (or com­pa­ny even) that has a lot of en­e­mies; they don’t want your mon­ey, they just want to take you down. So, with­out think­ing too hard, here are some at­tack vec­tors I’d con­sid­er: If I can sub­vert your net­work rout­ing, gotcha! If I can sub­vert the reg­istry on your desk­top ma­chi­nes, gotcha! If I can sub­vert the NTP pro­to­col (how most com­put­ers learn what time it is), gotcha! I’m sure that an ac­tu­al sea­soned net­work en­gi­neer could think up a half-dozen more at­tack sce­nar­ios over a cup of cof­fee. Fi­nal­ly, nev­er as­cribe to mal­ice that which can be ex­plained by in­com­pe­tence; WGA is soft­ware and soft­ware has bugs and if one of those bugs flipped the Kill Switch on your sales in­fras­truc­ture of­fline dur­ing the Christ­mas rush, well, there wouldn’t be any mal­ice in­volved, but it’d sure be a pity. What pru­dent busi­nessper­son, I won­der, is go­ing to in­stall crit­i­cal in­fras­truc­ture that can be turned off re­mote­ly, trust­ing the claims that on­ly the good guys will be able to find the key to the “off” switch?
author · Dad · software · colophon · rights
Random image, linked to its containing fragment

By .

I am an employee
of Amazon.com, but
the opinions expressed here
are my own, and no other party
necessarily agrees with them.

A full disclosure of my
professional interests is
on the author page.