The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)
Center for Education and Research in Information Assurance and Security

Didn’t we learn anything from WarGames?

Friday, February 17, 2006 by Ed Finkler
in Kudos, Opinions and Rants, Secure IT Practices
Share:

My s.o. and I watched WarGames last night, and I enjoyed it not only for the kitschy nostalgia of an 8-inch floppy disk, but for some of the lessons of good information security practices that we still have trouble remembering:

  1. Don’t write down your password.  Matthew Broderick’s character is able to break into his high school’s computer system and alter his grades because he reads the password off the secretary’s desk every couple weeks.
  2. Don’t make high-security systems publicly accessible.  The W.O.P.R. computer (wasn’t that a great name?) that controls the launch of the US nuclear arsenal is accessed over a public phone line.  Firewalls, anyone?  Bueller?

It does seem like folks are generally getting a lot better with #2, but #1 seems to be a tougher nut to crack.  It’s understandable, because it’s much more of a human behavior issue, but sometimes you just wonder, have we learned nothing in 20 years? smile

 

Tags for this post:

Leave a comment (8 so far) »

Comments

Posted by Pascal Meunier
on Monday, February 20, 2006 at 09:37 AM

Actually, Bruce Schneier recommends writing down passwords *and* keeping them in your wallet (a safe location).  Obviously that secretary didn’t do that.

Posted by Dan
on Wednesday, April 19, 2006 at 05:58 AM

teh vogue now is to prefer good passwords that are hard to remember, and let people write them down.  A password that someone can remember, especially on a windows system, can be broken in minutes by someone with access to the machine.  We advise our windows users to write their password down, and requires passwords to have 1 or 2 non-alphanumerics, 1 or 2 numbers, 1 or 2 capital letters, and 1 or 2 lowercase letters, and be between 6-8 characters long total.  Feel free to write it down somewhere until it gets drilled into your brain.

Posted by Ed Finkler
on Wednesday, April 19, 2006 at 06:05 AM

If someone has physical access to the machine, all bets are off.

I like Schneier’s recommendation: write down your passes, but put them in your wallet.  That’s at least something you tend to consider very bad to lose or let someone else rifle through, so it might be a good compromise for your average joe user.

Posted by Tom Crawford
on Tuesday, April 25, 2006 at 04:18 AM

Don’t forget that Falken’s password was his son’s name. That’s typically not a good idea.

Also, how many times did Broderick try to get into that system? (I believe is was during the 5 minute 80s movie music montage.) They didn’t have some sort of logging for failed login attempts?

Posted by Damian
on Tuesday, April 25, 2006 at 12:06 PM

Regardsless of what the password was or how long it took….

All he had to do was ‘Go right through Falkens maze’

:o

Posted by Ed Finkler
on Tuesday, April 25, 2006 at 12:27 PM

I just want a huge floppy drive like Broderick’s.  I wonder if I can fit a DVD rip on one of those 8-inchers….

Posted by Nello Lucchesi
on Wednesday, April 26, 2006 at 07:23 AM

“...reads the password off they secretary’s desk…”

Probably “they” should be “the”

Posted by Ed Finkler
on Wednesday, April 26, 2006 at 09:39 AM

Why yes, you’re right.

Leave a comment

Commenting is not available in this section entry.

Previous entry »

« Next entry