Films that needed better infosec

Sunday, May 16, 2010

Javvad Malik

99edc1997453f90eb5ac1430fd9a7c61

Many times its difficult to illustrate the benefits of following good information security advice. Company's tend to keep quiet about their failings so there are few case study's available to analyse.

But not to fear, the cynic has improvised and analysed 8 movies whose entire outcomes could have been changed had some simple infosec guidelines been adhered to.

 Minority report

 The scene:

Tom Cruise gains access to his workplace (then his wife gains access to the prison cells) using his old eyes after he's been on the run and subsequently imprisoned.

Infosec Analysis

The auditors at precrime HQ should have been fired. Any users account and access must be disabled as soon as the access is no longer required. Whether that be when someone moves departments, resigns, or gets fired and becomes a fugitive from the law. So to have Tom Cruise's eye still grant him access to all areas of the building is unforgivable.

Independence Day

The scene:

Alien invaders are successfully repelled when plucky geek Jeff Goldblum uploads a computer virus to the alien mothership, disabling the attacking ships' protective force fields and allowing the combined military of the entire world to take them all down at once.

Goldblum's character does this using an Apple Macintosh Powerbook 5300.

Infosec Analysis

The fact that the operating systems of an alien mothership over 500 kilometres wide, thousands of years more advanced than anything humanity has yet created, large and sophisticated enough to support an entire alien civilisation, should be compatible with Mac OS is bad enough. However, not running a decent anti-virus, firewall and leaving their wireless internet on is just plain sloppy.

If any aliens read this and need some advice on how to secure their system, just beam me up.

Dude where's my car

The scene:

Dude, where's my car?

Infosec Analysis

Investing in a decent alarm, immobiliser and GPS tracker would have saved everyone from enduring the shenanigans which went on in this film.

Firewall

The scene:

Bad guys capable of hacking into everything other than where the money is.

Infosec Analysis:

If a banks security was as easy to bypass as it was in firewall, you wouldn't need a credit crunch to send them crashing. Lets see, the chief infosec guy Harrison Ford can put in ‘rule changes' on a live firewall on the fly to stop hackers, but then has his own PC hacked so he can't send emails etc.

If the criminals were so technologically sophisticated, they wouldn't need Harrison to do their dirty work... ugh my brain hurts.

The Matrix

The scene:

A self-replicating Agent Smith wreaks havoc inside the matrix

Infosec Analysis:

The Matrix was a virtual world created by machines to keep the human minds occupied whilst they harvest energy from their bodies. However, it was painfully clear that the machines never really considered running any anti-virus software to support this ludicrously complex green coded software. Hence, when Agent Smith becomes a self-replicating virus there is no defence against him. Well that is not until the machines ended up going cap in hand to good old Neo to clear up the mess for them.

The Departed

The scene:

Everyone's undercover working on the other side.

Infosec Analysis:

A case study in why pre-employment screening is so important. You really need to know who's working for you. Or you end up with criminal organisations completely full of undercover policemen and police units completely staffed by criminals and everyone ends up getting really confused and shoots each other in the head.

Watchmen

The Scene:

Super heroes Rhorschach and Nite Owl break into the office of the worlds smartest man, Ozymandias and guess the password.

Infosec Analysis: 

Hmmm how many guesses does it take for them to get in? Why have the password as the name of a book on your desk... seriously, strong passwords are important. Now if the worlds smartest man had used a 12 character, alpha numeric password with a couple of special characters thrown in which would lock out after 3 bad password attempts he would have totally foiled the duo.

Star Wars

The scene:

Death star getting blown up

 Infosec Analysis

Darth Vader must be heralded as the prime example of a chief executive who really didn't care about information security. The entire board was unapproachable and clearly no system testing was undertaken. The network security was so poor that it was hacked into and the designs for the death star were stolen without anyone knowing.

Even worse than that, the death star had a major design flaw where by dropping a bomb thingy into a big hole on the outside, it actually blew up the entire thing!

 Darth Vader needed to employ a good Security Consultant to sit on the executive board and promise not to force choke him. Should have commissioned a full risk assessment of the death star followed by a full penetration test. Only then should the death star have been released into the production environment.

This article was originally published on www.infoseccynic.com

Possibly Related Articles:
8486
Network Access Control Operating Systems Viruses & Malware
Humor
Post Rating I Like this!
85ac6feb584b665e85664974c546cfec
Ray Tan Very interesting.
We always can find silly mistakes if we want to do that.
1274164201
99edc1997453f90eb5ac1430fd9a7c61
Javvad Malik @Michael, I never actually saw Tron, so I have no comment. But I did se the trailer for the new one coming out soon, so that should be interesting.

@Ray, mistakes (silly or not) are those little leaks which can sink the big ship. OK, not in films so much, but a lot of these examples have parallels in the real world. I suppose the idea was to highlight that what we do within Infosec, actually has a real worth and if done wrong, in even seemingly insignificant amounts can have a big impact.
1274169220
Dd9902bc56a9d85cdc62c00083ea4871
Katie Weaver-Johnson Not exactly on topic, but one of my favorite movie scenes involving "information security" is in Zoolander when Ben Still and Owen Wilson learn the files are "inside the computer" and proceed to try to break open the monitor. :)
1274203294
99edc1997453f90eb5ac1430fd9a7c61
Javvad Malik @Katie lol yes, that's a funny scene. Probably one for the "user awareness training" section.

Staying off topic, the dance-off scene in Zoolander is one of the funniest scenes I've ever seen.
1274204523
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.