Category Archives: Software Business

Inception Movie Review from a Data Security Perspective

This is part of my ongoing series of extremely limited perspective movie reviews:

Previous Reviews:

Like the previous ones: SPOILER ALERT. Inception is the kind of movie where you might not want to know anything going in. So, please don’t read further if you don’t want any part of the plot spoiled.

In Inception there’s an elite team that can infiltrate your subconscious while you’re dreaming and extract secret information while your defenses are down. The plot of the movie is set up when someone asks them if they can do an “inception” where they plant an idea into a victim’s subconscious. Since the idea is detrimental to the victim, they must somehow convince him that it is his, and that it will be good for him to follow through with it.

Obviously, extraction directly relates to data security, and the attacks and defenses that are discussed in the movie have analogous ones in the security world. An obvious one is a honeypot and how it relates to the labyrinths that the dream architects construct.

[Honeypots] computers run special software, designed to appear to an intruder as being important and worth looking into. In reality, these programs are dummies, and their patterns are constructed specifically to foster interest in attackers.

Creating a honeypot is like “taking two minutes to create a maze that takes a minute to solve.”

Things like a “militarized subconscious”, “totems”, and “forgers” have counterparts in the network security world.

But, what about “inception”? After thinking about it for a few minutes, I remembered this story from WWII. In 1943, the Allies wanted to convince the Germans that they would attack through Sardinia, not Sicily, so:

The idea, very simply, was to get a dead body, equip the dead body with false papers, and then drop it somewhere the Germans would find it

[…] And it was an elaborate creation: the fictitious Major Martin was equipped with ticket stubs, keys, a religious medal, letters from an imaginary father and fiancee, and unpaid bills. Cholmondeley and Montagu thought that the more convincing his personal story was, the more likely the Germans would be to believe the ruse. And along with the personal items, he carried carefully faked letters hinting that the Allies were planning to invade Greece and Sardinia, not Sicily.

But, this is not a computer attack. While the idea of data tampering is nothing new, I haven’t heard of a tampering attack with the intent to mislead someone into making a bad decision. Data tampering is often used to gain access for another purpose or to cover up tracks (e.g. log tampering).

But, I suspect that this is a real threat as well. One so good, that it  often goes undetected.

Twilight: Eclipse from a Social Media Perspective

Last year, I wrote a review of Star Trek from an ECM Perspective, and I’ve been looking out for other movies that have an interesting collaboration angle, but couldn’t think of one until last week when I went to a midnight showing of the new Twilight movie.

Spoiler Alert: I have to give away some details of the movie (and the next one) in this review.

There are at least three kind of telepathic collaboration in Twilight. Edward can read thoughts (except for Bella’s), the wolf pack is connected to each other telepathically, and Alice can “follow” decisions and see the future after a decision is made.

I think a lot could be said about how the wolf pack telepathy is like Facebook (Jacob talks about the drama of a love triangle being broadcast around the wolf pack). And perhaps Alice has some kind of super-twitter that people can’t help using to blurt out their plans to her.

But I think the most interesting Social Media aspect to Twilight is Bella. Bella’s thoughts cannot be read, and in the Twilight world, privacy is a super-power.

And, it’s not just incidental, Bella’s ability to keep her thoughts to herself is an integral part of the plot. For example:

  1. It’s part of Edward’s attraction to her (the other part being his insatiable desire to have her for dinner)
  2. It probably saved her life with the Volturi in New Moon
  3. She uses it to mask feelings she might have for Jacob.
  4. (Breaking Dawn SPOILER) Her privacy abilities expand in Breaking Dawn to include being able to shield others.

In any case, with the world moving towards more sharing and openness, it’s interesting to remember the power of privacy as well.

Star Trek: Review from an ECM Perspective

Back in the eighties, David Letterman used to have a segment called Limited Perspective Movie Reviews, where movies would be reviewed by experts that only concentrated on a single aspect of the movie – for example, a dentist would review the teeth of the actors or a mortician would review Creepshow and only talk about how realistically the bodies decayed. In that spirit, I offer this short review of the usage of ECM in the new Star Trek movie.

Spoiler Alert: I have to give away some details of the movie in this review.

It’s a few hundred years in the future and information overload is still basically solved by serendipity. The entire plot hinges on Kirk seeing a similarity between some events from 25 years ago, a quick description of a distress signal from Vulcan, and an overheard conversation about an intercepted Klingon communication. 

There doesn’t seem to be much to tie them except a Romulan reference, which would be rare because, according to the original series, there were very few interactions with them. Any contact with Romulans was probably exceptional, so two within a day would be noteworthy, and Kirk had intimate knowledge of the older event.

But, why do they need to rely on luck? Shouldn’t their super-advanced computer systems alert them when there’s relevant information available? Kirk even mentions that the older event is well-chronicled in his “files” and that his captain knows all about it – so the problem is not capture, but something that we haven’t scratched the surface of yet – computer systems that notice connections and bring them to your attention. Even Wolfram Alpha doesn’t do anything with it’s computational model of all knowledge unless you ask it a question.

It seems that like today, they can collect data and search it, but that there isn’t any way for the system to analyze data as it is captured, make connections, and alert. Today, the closest I can come is with Google News Alerts and RSS feeds set up to search Twitter and other sources. But, I have to pick the keywords – I guess I could imagine some kind of Starfleet Twitter where someone is monitoring #romulan and sees the connection, but with so little traffic on the word, it doesn’t seem likely. But, it is its low traffic that makes it interesting this time – perhaps someone parked on Trending Topics would notice it.

So, I guess we’re stuck with that for at least another three hundred years – and being able to make those connections will still be a prized skill that makes one worthy of ridiculously quick promotions.