The New York Times has an interesting article on how to help Iran’s Green Movement and push the country toward Democracy. Don’t issue new sanctions, allow them free software! I think it’s particularly brilliant:
The sanctions will feel cathartic, satisfy the have-to-do-something itch in the Congress, and change nothing. I’m just about resigned to that. But there is a smarter approach to Iran: Instead of constraining trade, throw it open.
Verma wrote: “The Department of State is recommending that the Department of Treasury’s Office of Foreign Assets Control (O.F.A.C.) issue a general license that would authorize downloads of free mass-market software by companies such as Microsoft and Google to Iran necessary for the exchange of personal communications and/or sharing of information over the Internet such as instant messaging, chat and e-mail, and social networking.”
Now that’s smart! There’s a way to bolster the remarkable, still unbowed opposition movement in Iran as well as weaken the Revolutionary Guards’ stranglehold on society and the economy. And what has O.F.A.C. done about this request in the past two months?
No license has been issued. It’s still illegal for Microsoft to offer MSN Messenger in Iran. Instead, earlier this month, Treasury sanctioned four Guards companies — a meaningless gesture. Treasury has things upside down.
Now if they would only include encryption modules!
The New York Times ran a story on how China is under constant security attacks and how vulnerable their infrastructure may be:
Despite China’s robust technological abilities, its cyber defenses are almost certainly more porous than those of the United States, American experts say. To cite one glaring example, even Chinese government computers are frequently equipped with pirated software from Microsoft, they say. That means many users miss out on security upgrades, available to paying users, that fix security breaches exploited by hackers. (emphasis mine)
100% WRONG: Paul Cooke from Microsoft states on the Windows Security Blog:
There seems to be a myth that Microsoft limits security updates to genuine Windows users.
Let me be clear: all security updates go to all users.
Not only do all security updates go to all users’ systems, but non-genuine Windows systems are able to install service packs, update rollups, and important reliability and application compatibility updates. In addition, the users of non-genuine Windows systems can also upgrade a lot of the other software on their computer.
Given my experiences in South Korea/Asia, this porousness is more likely due to a lack of policy, a lack of enforcement of existing policy and a non-priority given to information security than to pirated Windows software. Non-uniform policies and application of security resources as well as little respect and lack of eduction by those under the infosec policies are also primary factors. Most infosec professionals in the US experience something akin to the following at one point or another:
Deep inside a Chinese military engineering institute in September 2008, a researcher took a break from his duties and decided — against official policy — to check his private e-mail messages. Among the new arrivals was an electronic holiday greeting card that purported to be from a state defense office.
The researcher clicked on the card to open it. Within minutes, secretly implanted computer code enabled an unnamed foreign intelligence agency to tap into the databases of the institute in the city of Luoyang in central China and spirit away top-secret information on Chinese submarines.
It’s just not a unique Chinese situation.