Category Archives: Security

Rabbi ben Ezra

The Wikipedia has a nice entry on this famous Robert Browning poem:

It is not a biography of Abraham ibn Ezra; like all of Browning’s historical poems, it is a free interpretation of the idea that Ezra’s life and work suggests to Browning, but the poem is Robert Browning using Ezra as a mouthpiece, not the other way around. At the center of the poem is a theistic paradox, that good might lie in the inevitability of its absence:

    For thence,—a paradox
    Which comforts while it mocks,—
    Shall life succeed in that it seems to fail:
    What I aspired to be,
    And was not, comforts me:
    brute I might have been, but would not sink i’ the scale.

Reminds me of the saying that the best security is the stuff that is rarely or never seen.

Amazing how good Wikipedia can be sometimes.

False economy of trust

The Guardian has a short report on emerging factors influencing Internet fraud:

In some cases gangs offer to finance undergraduates’ studies and plant them as sleepers within target businesses, according to a report on cybercrime which draws on intelligence from the FBI and British and European hi-tech crime units.

This has been known for some time, actually. Years ago I remember reading reports about post-graduate computer science students in countries with struggling economies who were lured into organized crime. The article says the popularity of sites like MySpace is “fueling” scams and crime, but that kind of description plays down the opportunity presented by weak trust model implementations. You might therefore say the rise in popularity of the sites like MySpace are based on an intentionally weak authentication process that is more “fun” and “easy” for potential users. In other words, you should not blame the popularity of a campsite for the fact that bears break into people’s cars and eat all their food.

The report warns: “There is a false economy of trust. People don’t present personal information to strangers on the street, but building profiles online means that internet criminals can instantly access a mine of details – names and interests, pets and life stories.”

No, the problem is not in building profiles online (hundreds of millions of profiles were online before MySpace ever existed) but pushing users to default-expose themselves for the benefit of the software/hosting company without giving any clue to the users of the associated risks. It’s like creating a shop where people will rush to get the hot new look for themselves, until they start to realize that they actually have no clothes and are presenting all kinds of personal information to strangers…is the popularity of the look to blame, or the company that sold invisible clothing?

I often hear that MySpace is yet another proof of how something can be made from nothing (as in the Stone Soup story), but I would not yet rule out the opposite (as in the Emperor’s New Clothes story), at least in terms of the economics of information security.

vague, aimless, and endless deployments

From September 23, 1999:

Bush proposed restoring trust by increasing military pay and benefits and by clarifying the mission of U.S. forces to “deter…and win wars,” not to undertake “vague, aimless, and endless deployments.” [emphasis added] Candidate Bush gave few specifics on his second promise but indicated that as president he would make substantial new investments in anti-terrorism efforts and “deploy anti-ballistic missile defenses, both theater and national,” at the earliest possible date.

Anti-ballistic missle defenses? How about anti-small arms (e.g. kaytusha rockets and stinger missles) defenses (not to mention anti-IED) for Americans stuck in vague, aimless and endless deployments? I guess I could have left it at that, but then I started to wonder whether the President ever reflected back on his campaign promises. Sure enough, not too long after…

From December 11, 2001:

I have come to talk about the future security of our country, in a place where I took up this subject two years ago when I was candidate for President. In September 1999, I said here at the Citadel that America was entering a period of consequences that would be defined by the threat of terror, and that we faced a challenge of military transformation. That threat has now revealed itself, and that challenge is now the military and moral necessity of our time.

[…]

The first priority is to speed the transformation of our military.

When the Cold War ended, some predicted that the era of direct threats to our nation was over. Some thought our military would be used overseas — not to win wars, but mainly to police and pacify, to control crowds and contain ethnic conflict. They were wrong. [emphasis added]

Who now says American forces must be maintained overseas mainly to police and pacify, to control crowds and contain ethnic conflict? Uh huh. Anything else “some” people might have been wrong about?

America’s next priority to prevent mass terror is to protect against the proliferation of weapons of mass destruction and the means to deliver them. I wish I could report to the American people that this threat does not exist — that our enemy is content with car bombs and box cutters — but I cannot.

[…]

And almost every state that actively sponsors terror is known to be seeking weapons of mass destruction and the missiles to deliver them at longer and longer ranges.

I see the logic. Pull troops back from those expensive overseas peace-keeping and diplomatic efforts in order to free up the budget for defense industry spending on technology (e.g. the military-industrial-congress complex Eisenhower warned the US not to pursue); this prepares America for the almost non-existant threat of long-range missles laden with weapons of mass destruction. Strange how things turned out, given these plans. Anything else “some” people might have been wrong about?

Our third and final priority in the fight against mass terror is to strengthen the advantage that good intelligence gives our country.

[…]

There have been times here in America when our intelligence services were held in suspicion, and even contempt. Now, when we face this new war, we know how much we need them.

Wait, I thought we had good intelligence before 9/11 but the real problem identified by the Commission was mis-management of that information. How does that get translated into someone saying we don’t “need” intelligence services? President Bush used a false dilemma fallacy, it seems to me, to say you either know how much we need intelligence services or you are suspicious of them. Have you ever needed something but remained suspicious of it?

Historians will have a good deal of material, I think, to display the dark contradictions and logical fallacies of this administration.

US fatalities in Iraq graph

My earlier blog entry about the length of the Iraq War left open a number of questions about time versus fatalities. I managed to find a site that is actively compiling and graphing the number of official US fatalities in Iraq:

US fatalities in Iraq over time

I am now curious about a graph of all American wars together. Many people seem to bring up rough references in text and discussion anyway, so it just seems a handy graphic might help clarify.

Another analysis is available here, but it is only trying to identify terrorist-related incidents rather than fatalities.