in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Bond Skyfall And Data Security: BBC Contributor Can't Suspend His Disbelief

Have you seen the latest installation of the James Bonds series, Skyfall?  If not, this post contains references to it.  More specifically, how Bond and company manage to break highly complex cryptographic security....in the span of 5 minutes.  If this were reality, companies like AlertBoot that offer mobile security software wouldn't be in business for too long.  Thankfully, movies are "based on reality" are not reality.

Self-professed Geek Can't Turn Blind Eye

There are a number of "glaring errors" that Dr. Kevin Curran -- labeled "IEEE Technical Expert" in the BBC article, but an on-line search suggests he is well more accomplished than this -- can't ignore in Skyfall (for those of you not into the smallest details of Bondian lore, Skyfall is the name of 007's family estate in Scotland).

Curran starts off with the fact that a server farm is so quiet and so...open.  Not only are the archvillain and Bond able to converse quietly in a room filled with servers, these are running at room temperature.  The villain's lair is supposedly somewhere close to Macau which is a pretty hot place.  Other countries "around" Macau's latitude: India, Saudi Arabia, Egypt, Cuba...in other words, this island is caliente.

On the other hand, Google did suggest that server rooms could be run at 80 degrees Farenheit (26 degrees Celsius).  But, Macau's "highest" average high temperature is 88.7 F / 31.5 C, so a certain degree of refrigeration would be necessary (or at least the ability to do so) .

Google's suggestion was going through my head as I watched the movie and casually switched my brain off, in order to further enjoy the film.  Further into the movie, the switch was kicked back to the "on" position with violent fits of suppressed laughter.

Complex Crypto that Could Only Possibly Be Designed by Five People in the World Gets Hacked in Five

There are other issues that the good Dr. Curran has pointed out, but I will dispense with these to comment on my pet peeve that was brought up in the BBC article:

Later we see an active hacking attempt on MI6 by Silva with Q and Bond watching an animation that represents the code involved in the attack....

Again, we security geeks are asked to suspend our knowledge of the complexities of cryptography when we find Bond being able to decipher part of the code in order to spot Granborough Road Tube station embedded in the cipher.

If only it was as easy as that. Code-breaking is incredibly difficult, just ask the poor people at GCHQ who only last week had to admit they were stumped by a 70-year-old message taped to the leg of a dead pigeon, and can really only be done nowadays by large amounts of computing power. [bbc.co.uk]

Tell me about it.

To go into a little more depth, I seem to recall Q claiming that the information was encrypted with such a complex and powerful encryption algorithm -- the implication is that the villain is the author -- that only the top five minds in the world, including his, would be able to even attempt a stab at cracking it.

The other must brain must belong to JB because he finds the key to the whole thing while Q's grey-matter based radar sounds nary a ping.  Elapsed time: I think it might have been 3 minutes.  Well, at least it's 2 minutes longer than what Hollywood generally portrays it to take, so kudos to Pinewood Studios.

Of course, we all know that, to create tension in that particular segment, breaking the crypto code relatively quickly was necessary; otherwise, you lose the audience.  On the other hand, it might lead more than a few individuals to believe that encryption software doesn't really provide much value when it comes to security.  Indeed, when I surf online message boards, it's more than a handful of "data security specialists" who claim that all encryption is a joke and that they can hack it in less than 24 hours.  And, no, they're not kidding or trolling.  They're serious.

A real attempt at cracking encryption involves lots of time, lots of servers, and lots of poring over data, to come up with possible suggestions for passwords, in whole or in part.  And even then, chances are the endeavor is ultimately headed towards failure.

Regardless, in spite of all, we have to give the movies the easy way out.  You can only spend so much time watching some egghead with hipsterish hairdo type on a keyboard: for $10, people want entertainment, not reality.  Reality in a James Bond movie setting would see our hero not cavorting with dangerous thugs on top of moving trains while Moneypenny shoots him in the shoulder.  No, we'd be treated to the glorious adventure of a paunchy guy sitting on a moderately comfortable chair drinking some coffee with glazed eyes.  His most dangerous struggle would be 5 across on the New York Times puzzle.  In pen.


Related Articles and Sites:
http://www.bbc.co.uk/news/technology-20555621

 
<Previous Next>

BYOD USB Encryption: US Defense Department School In Germany Announces Data Breach

Password Security: Researcher's Rig Cracks 348 Billion Hash Checks Per Second

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.