Checklist 144: Summer Security Blockbusters
This week, we’re going to the movies! It’s our special summer security blockbusters edition of The Checklist, where we take a fun and whimsical look at some of the big technical concerns that pop up in our favorite movies and how they can relate to some real-life issues, too. Fire up the microwave to make some popcorn, grab a beverage of your choice, and kick back to relax with the Checklist team as we turn away from the headlines this week for an excursion to the silver screen. Ticking down our list, we’ll be looking at:
- Where Khan Went Wrong
- Some of the Empire’s Greatest Mistakes
- Who Are These Aliens Messing Up Our Independence Day?
It’s off to “the final frontier” we go as we start off with our first blockbuster — let’s not waste any time
Where Khan Went WrongStar Trek II: The Wrath of Khan might be one of the best science fiction films — nay, maybe one of the best films of all time in our estimation. You’ve got Citizen Kane, The Godfather, and then Wrath of Khan… but maybe our film rankings would be best served left to another show. Regardless, whether you’ve seen this fantastic film or not, here’s a quick (and incredibly dry) recap of the main story beats courtesy of IMDB:
It is the 23rd century. Admiral James T. Kirk is an instructor at Starfleet Academy and feeling old; the prospect of attending his ship, the USS Enterprise–now a training ship–on a two-week cadet cruise does not make him feel any younger. But the training cruise becomes a deadly serious mission when his nemesis Khan Noonien Singh–infamous conqueror from late 20th century Earth–appears after years of exile. Khan later revealed that the planet Ceti Alpha VI exploded, and shifted the orbit of the fifth planet as a Mars-like haven. He begins capturing Project Genesis, a top secret device holding the power of creation itself, and schemes the utter destruction of Kirk.
Although the synopsis might not make you think it, there are actually a number of security issues we can point to that come up throughout Star Trek II. The biggest one, of course, is password security! In the film, the villain Khan commandeers an old starship. Tactically a genius, he’s maybe not so experienced with flying spaceships. During one of the first major encounters he has with Captain Kirk, the USS Enterprise is able to use Khan’s ship’s “prefix code” — a baked-in password — to bypass his defensive systems to win the engagement. Perhaps if he had known about it, he might have changed the password to something a little more secure.
We can perhaps forgive Khan for his mistakes — starships are complicated, we assume — but it’s something from which we should learn. If you buy or receive a piece of technology that’s used or refurbished, make sure that it’s clean — not only in terms of a fresh OS install, but to be sure that there’s no lingering data or even potential malware on the device. Likewise, if you plan to get rid of an old computer or a phone, don’t do so without first making it safe. You don’t want to end up with some stranger enjoying access to personal photos and private messages left behind on your device after you donate or sell it!
Sound like something that might not actually happen? It does, in fact — actually, our old friends at Nest recently had some trouble with an issue just like this one. The Verge reported on a man who reset his Nest home security camera and sold it, only to realize a few weeks later that not only did he still have access to photos taken by the camera, but he could now see the photos taken by the new owner of the camera. It turns out that if you’ve enabled a third-party app called Wink, which acts as a hub for home automation, your camera stays connected even once you de-register the device from your nest account. The problem seems to lie in the fact that Nest has no option for a total factory reset of the hardware — just the software solution that evidently does not fully work.
That leads us to our final lesson from this film: don’t take shortcuts. It’s actually a lesson from Star Trek III, where it becomes clear that the Genesis device has some unintended consequences. In security terms, avoid the shortcuts such as using one password for every account you have, or assuming that your devices are good enough to pass on without closer scrutiny. Otherwise, you might end up with some unwelcome surprises — or your nefarious plot to defeat Captain Kirk might not work out the way you intended.
Some of the Empire’s Greatest Mistakes
From IMDB again:
The Imperial Forces, under orders from cruel Darth Vader, hold Princess Leia hostage in their efforts to quell the rebellion against the Galactic Empire. Luke Skywalker and Han Solo, captain of the Millennium Falcon, work together with the companionable droid duo R2-D2 and C-3PO to rescue the beautiful princess, help the Rebel Alliance and restore freedom and justice to the Galaxy.
This has to be the most oversimplified way to explain Star Wars — that’s “A New Hope”, or Episode IV, for those you out there keeping score — that we’ve ever seen. Not only that, but it mentions none of our security concerns in the film… of which there are many! Where did the Empire go wrong?
First of all: small problems lead to big problems, and pride goes before a fall. Think about it: when the commander of the Death Star was told that the rebels had a possible vector to attack their most critical systems, he simply ignored the problem and dismissed it out of hand. SecureMac’s own Nicholas Ptacek had a great take on this: the Death Star had tons of outer defenses and even a giant laser that kept it safe from big threats, like a company that keeps a firewall between its network and the open Internet, but nothing beyond that. In other words, once bad guys get past those big up-front defenses, there’s nothing “behind the lines” to stop them from wreaking havoc. The same is true for businesses and even individuals.
This even actually happened at NASA recently, where someone connected a Raspberry Pi unit to their network and compromised network security to siphon off information.
It can be a challenge to find the right balance between usability and security but having a second line of defense is still vitally important. A firewall is like the gate in the fence around your home — so you need more fences! In other words, there are layers of security and the most important portions are segmented off into their own safe zones. While this isn’t the kind of thing home users necessarily need to do, it is an important element of enterprise security — maybe one the Death Star designers could have learned from before they got blown up.
Who Are These Aliens Messing Up Our Independence Day?
Let’s return to the old Internet Movie Database one last time, shall we?
On July 2nd, communications systems worldwide are sent into chaos by a strange atmospheric interference. It is soon learned by the military that a number of enormous objects are on a collision course with Earth. At first thought to be meteors, they are later revealed to be gigantic spacecraft, piloted by a mysterious alien species. After attempts to communicate with the aliens go nowhere, David Levinson, an ex-scientist turned cable technician, discovers that the aliens are going to attack major points around the globe in less than a day. On July 3rd, the aliens all but obliterate New York, Los Angeles and Washington, as well as Paris, London, Houston and Moscow. The survivors set out in convoys towards Area 51, a strange government testing ground where it is rumored the military has a captured alien spacecraft of their own. The survivors devise a plan to fight back against the enslaving aliens, and July 4th becomes the day humanity will fight for its freedom.
Ah, Independence Day: it was the summer blockbuster in 1996, with an all-star cast that included the likes of Will Smith, Jeff Goldblum, Brent Spiner, Mary McDonnell, and many, many more. This was one film you really didn’t want to miss back in the day — and it’s still a pretty fun watch these days, too. While the synopsis says that the survivors are going to “devise a plan to fight back,” what it doesn’t say is that the plan they come up with is exactly the kind of thing we warn you about on The Checklist all the time. In fact, if the aliens in Independence Day listened to our show, they might still be running the planet today!
If you don’t remember how the heroes stopped the aliens in Independence Day, it was a computer virus — one delivered by a Mac of all things, too, which makes the scenario even more amusing. Here’s the thing, too: the aliens had no protection whatsoever. All they had to do was get onto the ship, upload the virus, and it was game over. Just like the Empire, they seem to have gotten a little too self-assured about their own safety. It also makes you wonder why this advanced alien society has no security researchers!
The biggest thing they could’ve done is the simplest thing: run a good antivirus suite, just like you should be doing on your Mac. Be careful to avoid thinking that you’re not threatened by malware, or that you don’t face any risks on the web. While the average person isn’t facing nation-state actors trying to steal their information, they still face more mundane threats that can be just as disruptive if they make their way into your life. With that in mind, be vigilant — like the aliens should have been.