Schneier introduced me to the term "countermeasure" which is simply some mechanism that either attempts to prevent or effectively respond to a security incident.
I had to think of this while watching Weird Science (the movie) on cable this weekend. For those of you who weren't a young boy in the 1980s, Weird Science is about a couple of high-school nerds, Gary and Wyatt, who use their computer skills to create a woman they name Lisa who has supermodel looks (played by Kelly LeBrock), magic powers, and who will do whatever Gary and Wyatt want her to do (yes, this was a movie squarely targeted at adolescent males).
They create her through a computer program that simulates the creation of a woman, both physical and mental characteristics. They hack into a government facility to get more computer power, wire a Barbie doll up to their computer and voil, there she is.
Anyhow, it's a movie worth seeing, if only for the performance of Bill Paxton as Wyatt's incredibly obnoxious brother Chet, but the reason I mention it here is because of something to do with computer security.
As mentioned before, through a circa 1985 personal computer, Wyatt and Gary hack into a government facility to "steal more computer power". Ok, fair enough. But what was really cool to me then and hilarious to me now was the government system's response to being hacked. I have never attempted to hack a system but I imagine that if you got user access to a computer you hacked, you would either see a command prompt or a typical Windows / Linux / whatever GUI. But not the government computer that Wyatt hacks. When Wyatt bypasses the security program he is treated to a vivid artsy display of 3-dimensional graphics including freaky faces and whirling clocks - sort of suggesting that they've entered a secret wonderful computer world that they didn't know existed.
I realize that this is a movie so I'm not criticizing it for not being realistic. It's just that after working as a programmer it's funny to imagine a scenario that would lead to the existence of such a "feature". Say you're a system designer for the National Security Agency (NSA) and security is of utmost importance. You're in a meeting discussing what should be the response to a system security breach.
- Shut down all systems to the outside world until we can find the specific hole and intruder?
- Or perhaps we don't realize the intrusion and the user just sees the typical command prompt?
- No, we display cutting-edge 3D graphics that recognize and reward the intruder for his skillful hack - bravo intruder!
I wonder if the NSA sub-contracted to a graphics programming shop to improve the quality of the break-in graphics? And what was the budget to design and implement said graphics?
Ah, movies that involve computer programming are funny. But I guess in a movie that's based on the premise that using 286 PC, a modem and a Barbie doll, you can generate a living breathing woman resembling Kelly LeBrock who can perform magic ... then in comparison displaying fancy graphics in response to a security breach is pretty believable!
Then again, Microsoft Excel 1997 included a hidden flight-simulation video game, so perhaps it's not so far-fetched to have such a feature!