It's the end of 2012 and another Bond movie is still cyberstalking unwary theater-goers...
Top three funniest moments I've been witness to in person this year was going to the Skyfall showing with the BSides Delaware conference, after a Bond-themed tailgate party organized by @DeviantOllam, complete with Vesper Martinis!
Imagine about thirty BSides attendees watching a Bond movie and trying to behave themselves. That's bad enough, if it was Thunderball or Dr. No. or even A View To a Kill or Quantum of Solace. Those bad guys had their own silly plots but they were all, um, cyber-less, or at least a lot less cyber...
Not Skyfall, oh no. Skyfall revolved around a Stuxnet-like theme of cyber terrorism/war/etc. that COULD have been well-executed, but just wasn't. Anyone in the BSides conference could have earned a quarter million dollars as an expert consultant to the script-writers and made it better than it was. Since the script-writers and producers deemed it absolutely un-lame to just write a bunch of cyber-sounding nonsense, hilarity ensued in that dark theater in Wilmington. It was hard to keep a straight face and stay quiet. It turned into a hacker version of an episode of Mystery Science Theater 3000.
I happened to be sitting next to @SpaceRog, who knows a thing or two about hacking and defense. Let's just say that as the show went into cyberdouchery territory, then further into FUDtaculariousness, I kept feeling twitches and hearing winces from my immediate right. If it was possible to kill a person with "cyber," the Skyfall producers might have found it, and it involved zero pacemaker-hacking, just really, really terrible writing.
The preview is available on the tubez here http://www.youtube.com/results?search_query=skyfall+preview Check it out and imagine, if you haven't seen it already, the head of MI6 AKA M dealing with a very bad situation, revolving around theft of classified information as well as cyber-terrorism in the way of blowing things up and causing things to crash. SCARY STUFF!!! She's getting a lot of heat from her political masters and is pretty frustrated with her imploding career. Cyber-badness caused this. Mistakes were made, solutions to be found, and right quick...
As a tribute to the lazy ridiculosity that is the Skyfall cyberscript, I bring you a Twitter hashtag I've been working on for a few days. Won't you be my cyber-neighbor and participate?
#Skyfail (Originally #CyberSkyfall and #SkyfallCyberLines)
-"Don't mind me, I'm just inducing acute cirrhosis over here..." M, we'd really rather u didn't drink all da Jager b4 noon
-"So he's in AND out AND in, is that right?" Yes, M, I'm afraid so. "Gimme your weapon, I'm going to shoot him myself."
-"If he's already in AND out, what are we doing 2 make sure he doesn't come back?" M, he's still here, never really left.
-"Why can't we stop him from getting in?" M he's already IN. "Can we stop him from getting out?" He's out already. "WHAT?"
-"What's the SIEM telling us? We spent a bloody fortune on it, after all." M, the db types don't get along w GUI types...
-If only we'd listened to that guy from Gartner when he came 2do the benchmarking assessment. That Spider chart was cool
-Quick, Nigel, get me the hyperZ Purple Pill escape preventer, I think he's bypassed our Deep Header Locator!
-Maybe if we use the cross-over cable on the PwnPlug we can reroute the application-aware honeypot 2 active-defence mode!
-"How're we doing on the isolation phase of the incident?" M, the manual says we're still in the OMG WTF BBQ phase. "I C."
-"Why didn't we find this vulnerability before we got hacked?" M, we discarded all CVSS scores below 8.73... "I see"
-Hack ScarJo's email, you get 10 years prison. Hack MI6 & u get 2 molest 007. What's wrong with this pic?
-"Don't be such a wuss, it's just a .BAT file..." By @CaseyJohnEllis
-When this is all over and we're done with the SCADA/HVAC remediation, I'm going to EuroDisney...
-How come Dr. Evil gets a power swivel-chair and I don't, hmm? Can u tell me that? "Maam, we had 2 airgap the control..."
-Um, change request form for removing USB port control... Signed by one "Tupac H@x0r." In crayon. Really, guys?
-Yes, I know South Carolina got a $700k bill from Mandiant, but they're the only ones we have who work weekends!
-We finally gave up on figuring this out by ourselves n called Mandiant. No, they're not technically cleared for this...
-Like Sting said in his song: "When the world is running down, you make the best of what's still around!" AMIRITE?
-It's M, she's gone over the edge. Finally discovered the depth of our incompetence. She really can't handle the truth
-More coming in Skyfail Part Deux.
Latest SecurityWatch Newsletter is now Available
2 weeks ago