Security professionals deal with the law of unintended consequences every day. For instance, vendor x creates “cool new widget,” a feature-rich application intended to enrich the otherwise sad and pathetic lives of every man, woman, and child on the Earth. However, vendor x (being shortsighted, ignorant, stupid, or just plain human) didn’t realize that “cool new widget” could be used to do some type of horrible and irreparable damage to Lithuanian field mice…
Ok, so that’s a little off the deep-end. An example that most people can relate to is Microsoft’s implementation of macros within the Office suite. These little scripts were designed to give users greater control, flexibility, and power by allowing them to script sequences within Word, Excel, PowerPoint, and other apps. However, MS did not realize (or didn’t care) that this feature set could be misused. The result: rampant malware which utilizes the embedded Visual Basic engines within these applications.
If I’m involved in a security risk analysis, I always try to determine what unintended consequences may result from the implementation of the project in question. I also try to take the opportunity to talk about such unintended consequences with those involved in the project. That being the case, I was happy to stumble across the article, “When Good Cows Go Mad,” on Wired.com. The article is purely fictional satire (opening with an attempt to bio-engineer cattle which are immune to mad cow disease, and ending with the aliens extinguishing the Sun)– but can be used as a great tool for demonstrating the law of unintended consequences.
Leave a Reply
Comments are moderated and will not appear until approved.