Add this handy new tactic to your Big Bag of Security Tricks: pulling the plug so the network or Website goes dark. No access, no vulnerabilities, no problems.
If you're sitting there thinking this approach has all the subtle complexity of, say, duct tape, you'd be mostly right. But in their own unique ways this week, Mozilla and an Iranian cellphone network provider each cut the power; one case was proactive, the other reactive.
In the cat-and-mouse game that now passes for political discourse in Iran, authorities have discovered just how tough it is to really lock things down -- especially technology. Thanks to proxy servers, IP spoofing, and assorted other workarounds, Iranians are still disseminating images, videos, and tweets.
So as the re-appointment of Mahmoud Ahmadinejad becomes a fait accompli, the government warned it won't tolerate any criticism of dissenter trials. The mass trials reportedly were prompting fresh protest among a roiled electorate.
And maybe the government learned a few things about information control in the wake of the Iranian Twitter-storm last month. "One of the country's main cellphone operators Irancell, co-owned by South Africa's MTN, warned customers Sunday it would be suffering unspecified 'technical' problems over the next three days, which coincide with the anticipated unrest," according to the Los Angeles Times.
We can all agree this is an impotent response at best. You don't need a live cell network to take pictures or film or blog. It removes one prevalent access option, and at most, is a minor inconvenience to anyone intent on getting the word out. But scheduling technical problems into the network is so transparent in its timing that it's equal parts laughable and sad.
Mozilla found itself in a more reactive security situation this week, after discovering that a third party it had hired to run its online store had experienced some sort of unspecified (but apparently major) security breach.
"Mozilla discovered that GatewayCDI, the third party vendor entrusted to run the backend of the Mozilla Store, suffered a security breach," the software vendor said on its company blog yesterday. "Once notified, we took the immediate preventative step of shutting down the Mozilla Store to ensure that no additional users could be compromised."
Users clicking on the site get this message: "The Mozilla Store has been closed for maintenance."
The company said it also temporarily closed its International Mozilla Store as a precautionary measure; that site is run by another third party. A third site, the Mozilla Community Store, is operated on a separate system and was not affected by the breach, the company said.
We often hear data and Internet access characterized as the "Keys to the Kingdom." What if the real key was the person or board of directors or clerical council who order a site switched off?
Information may indeed want to be free, but first it has to get out of jail. Sometimes there's a good reason for it to be there (like the need to assess the extent of a breach, in Mozilla's case). Human volition, not Web servers or html pages or other content, is the biggest key on the security ring. It's also the one most prone to whimsy.
— Terry Sweeney, Editor in Chief, Internet Evolution
This blog is part of Internet Evolution's Security Clan, which examines the future of Internet security and the changing nature of risks and vulnerabilities. Register here to join the Security Clan and for a chance at all kinds of free stuff.