Robert Downey
About Me
My Thoughts
Contact Me

Farewell America, We Hardly Knew Ya

by RMD 19. October 2006 12:59

Yesterday, President George W. Bush signed into law the Military Commissions Act. Its innocuous name distracts from its insidious consequences. The effects of this law will be felt for generations. I say this with absolutely no exaggeration. This law dismisses the Bill of Rights.

The primary goal of the Military Commissions Act is to allow the Executive Branch to jail suspected terrorists without evidence, without the right to a trial, and without the right to council. Essentially, it suspends Habeas Corpus.

Habeas Corpus is Latin for "you should have the body". It simply means that you must be brought before a judge so that a he may determine if there is ample evidence to hold you for a crime.  It prevents people from being jailed without reason, and forces the government to prove their case in a court of law. It is why you are free.

Habeas Corpus has been recognized since the days of the Magna Carta (11th century) as being absolutely essential for a free society. Nearly all other rights flow from it. Without a justice system in which the innocent must be proven guilty and people can not be arbitrarily jailed, rights such as free speech, privacy, the right the bear arms, or anything else are meaningless. If I can be arrested and jailed without evidence, how exactly will I be free to speak my mind?

For those of you who think you'll never be affected by this law, all you need to do is look at history for examples that prove you wrong. The Constitution states that "the Privilege of the Writ of Habeas Corpus shall not be suspended, unless when in Cases of Rebellion or Invasion the public Safety may require it." This has been used in the past several times. Lincoln used it during the Civil War (a rebellion). Adams actually used it to jail newspaper editors that were critical of his administration. (Clearly illegally.) FDR used it to imprison Japanese-Americans during WWII, a mistake we continue to apologize for.

What makes each of these incidents different, however, is that those wars had a foreseeable end. There were conditions under which everybody could agree the war was over. The "War on Terrorism" is not that type of war. It is endless. And because it is endless it gives the Executive Branch essentially unlimited power. It destroys the very thing that has protected out democracy for 230 years: the separation of powers and the rule of law.

In just the past few years there has been a big uproar about what the media can and cannot report. The current Administration takes the stance that if it has anything to do with national security, and it doesn't necessarily make the Administration look good, it should be illegal. Luckily the courts have traditionally rejected this idea, taking the stance that the protection of free speech is worth the potential damage to national security in all but the most egregious of cases.

But now what happens? Now, the President can throw those reporters or those newspaper editors in jail. No questions asked. No trial. No lawyers. No rights. If you were a reporter with information that was damning to the government, how much less likely would you be to report it if you knew you would, undoubtedly, spend the rest of your life in a federal prison?

If this wasn't enough, unlike other laws it is very likely that this will never be challenged in the Supreme Court. If you get no trial to begin with, how are you to challenge your conviction?

I'm sure some of you stalwart Republicans out there are scoffing at my alarmist tones. You know that George W. Bush is a good man and that he would never use this law for anything but actually protecting the American people. Let's assume you're right. What happens when he leaves office and the next guy isn't as noble and honest? You must agree that our government cannot be allowed this kind of unregulated, unchecked power. It goes against everything this country stands for.

Many say that this law is of no danger to the average American because it is restricted to "aliens", but if you're never given a trial, never brought before a judge, and never given and coucil, when exactly do you get to prove your citizenship? The law makes no statements about this "minor" detail.

If this goes unchallenged, October 18th, 2006, will be known as the beginning of the end of the great American experiment. History will show that we succumbed to exactly that which the founding fathers warned against. We thought that it was OK to give up our rights for the hope of security. We gave up that which we were trying to protect in the first place.

Tags: ,


How IE7 on Vista will Make Firefox Less Secure

by RMD 10. October 2006 15:03

 I have a prediction.

I predict that when IE 7 on Vista starts to take significant market share (say, 30% or so), you'll start to see the attacks on Firefox increase dramatically. In other words, Firefox will become more and more dangerous to use as IE 7 on Vista gains market share.

I use Firefox because of what basically amounts to security through obscurity. Many people claim that Firefox is simply written better than IE and that is why it seems to have fewer security related incidents.

Indeed, Firefox at least seems to be more secure, having only 36 security related issues discovered since 2003, many of which were not particularly critical. (Versus a whopping 106 vulnerabilities for IE 6.x, many of which were critical.)

But that doesn't really tell you the whole story. The fact of the matter is that Internet Explorer is the best way to attack the largest number of computers. It's the single biggest attack vector into a Windows machine. The bad guys who want to install malware on the largest number of computers possible are going to target the OS with the most users (Windows) and the browser of choice for those users is still overwhelmingly IE 6.

It has long been my opinion that the more popular and widely used a piece of software, the more people are going to attack it for both glory and monetary gain. But every once in a while a technology will emerge that will essentially remove a particular attack vector from being feasible.

When Microsoft released XP SP2, the changes it made to ActiveX installation were enough, for the most part, to remove an entire genre of social engineering attacks by forcing the user to do just a few extra steps to install an ActiveX control. Of course this had little affect on the spread of malware. Malware distributors just started using buffer overflows and other types of exploits to install their software.

But IE 7 on Vista is different. For the first time a browser will run all the time with privileges  far below that of the current user. It's called Protected Mode IE. IE will not even have the ability to write to places that the current user can write to, such as the desktop or My Documents folder. Instead, and actions which required elevated privileges will have to be done through something like the Service Broker. The Service Broker is a small (only a few thousand lines of code) application that runs with the privileges of the logged in user and takes "requests" from IE to do things like saves files to the desktop.

The result is that you really only have to audit a small piece of code to guarantee that IE 7 can't do anything bad, regardless of the vulnerability in question. Buffer overflows won't have any affect on the user because even with that overflow, IE 7 doesn't have permissions to do anything bad.

This technique has already proven itself successful. Despite the fact that a recent vulnerability in the VML rendering engine was present in IE 7, a vulnerability that was completely unknown to the IE 7 team, it had no affect on users running IE 7 on Vista thanks to protected mode.

But once the malware distributors see a decline in their successful installations due to Protected Mode IE 7, they will want to make it up somehow. The obvious choice is to attack the guy who has 2nd place in the market share battle. Guess who that is.

So while dramatically improving Windows security by removing the primary attack vector, Microsoft will have made Firefox far more dangerous a browser to use.

Just my opinion. Only time will tell if I'm right.

Tags: , ,

General Computing