[Updated with a leaked copy of the response from Imperial Security.] To: Grand Moff Tarkin Re: “The Pentesters Strike Back” memo Classification: Imperial Secret/Attorney Directed Work Product Sir, We have received and analyzed the “Pentesters Strike Back” video, created by Kessel Cyber Security Consulting, in support of their report 05.25.1977. This memo analyzes the video,…Read More Pen Testing The Empire
It’s time for some Friday Star Wars blogging! Reverend Robert Ballecer, SJ tweeted: “as a child I learned a few switches & 4 numbers gives you remote code ex on a 23rd century starship.” I responded, asking “When attackers are on the bridge and can flip switches, how long a password do you think is…Read More Star Wars, Star Trek and Getting Root on a Star Ship
IANS members should have access today to a new faculty report I wrote, entitled “Threat Modeling in An Agile World.” Because it’s May the Fourth, I thought I’d share the opening: As Star Wars reaches its climax, an aide approaches Grand Moff Tarkin to say, “We’ve analyzed their attack pattern, and there is a danger.”…Read More Threat Modeling and Star Wars
This post has spoilers for Rogue One, and also Return of the Jedi. We learn in Rogue One that the Death Star’s main gun is powered by Kyber crystal. We know from various sources that it’s rare. Then the Death Star is tested, destroying Jedah, where they’re mining the crystals. Note that both times its…Read More Kyber Crystal and the Death Star
There’s some really interesting leaked photos and analysis by Charles Goodman. “Leaked photos from the Rogue One sequel (Mainly Speculation – Possible Spoilers).”Read More Rogue One Sequel already being filmed!
Someone once asked me why I like Star Wars more than Star Trek. I was a bit taken aback, and he assumed that since I use it so much, I obviously prefer it. The real reason I use Star Wars is not that it’s better, but that there’s a small canon, and I don’t have…Read More Rogue One: The Best Star Wars Yet?
C-3PO: Sir, the possibility of successfully navigating an asteroid field is approximately 3,720 to 1. Han Solo: Never tell me the odds. I was planning to start this with a C-3PO quote, and then move to a discussion of risk and risk taking. But I had forgotten just how rich a vein George Lucas tapped…Read More Security Lessons from C-3PO
Offered up without comment: Star Wars Episode IV.1.d: The Pentesters Strike Back from CyberPoint International on Vimeo.Read More "The Pentesters Strike Back"
In “The Galactic Empire Has Terrible Cybersecurity,” Alex Grigsby looks at a number of high-profile failures, covered in “A New Hope” and the rest of the Star Wars canon. Unfortunately, the approach he takes to the Galactic Empire obscures the larger, more dangerous issue is its cybersecurity culture. There are two errors in Grigsby’s analysis,…Read More Cybersecurity Lessons from Star Wars: Blame Vader, Not the IT Department
I had not seen this excellent presentation by the engineer who built the Death Star’s exhaust system. In it, he discusses the need to disperse energy from a battle station with the power draw to destroy planets, and the engineering goals he had to balance. I’m reminded again of “The Evolution of Useful Things” and…Read More Governance Lessons from the Death Star Architect