Episode IV: The Empire strikes out (on their pen test)

Star Wars Episode IV.1.d: The Pentesters Strike Back from CyberPoint International on Vimeo.

While the Empire in Star Wars had a lot of fearsome war machinery, a rag-tag gaggle of rebels was able to defeat them thanks to their terrible computer and network security. The folks at the security company CyberPoint have taken clips from A New Hope (a.k.a. Episode IV, a.k.a. “The Original”) and used them to make a funny video that illustrates the many security mistakes that even the biggest organizations make with securing — or more accurately, failing to secure — their systems.

I know of a number of places whose systems were bamboozled by the system equivalent of the Jedi mind trick…


…and it’s amusing how many open USB ports there are in the Star Wars universe for R2-D2 to plug into and start injecting malware…

malicious dongles

…and while it’s forgivable for a 1970s screenwriter to not think that the Death Star’s tractor beam controls wouldn’t have some kind of way of preventing use by unauthorized parties, I’ve seen real-world, 21st-century organizations who should know better do exactly the same thing:

no authentication

In the spirit of all the current nerd hoopla about the new Star Wars movie (and yes, I’ve already seen it, and will probably see it again over the holidays), go watch the video and have a laugh at the Empire’s woefully inadequate security. Then go patch up your own organization’s weak spots. Kudos to CyberPoint for putting together the video, and here’s hoping Disney’s lawyers don’t send them a takedown notice.

I’ve got to give CyberPoint bonus points for using video from the original, non-special-edition version of Episode IV, complete with the English labels on the tractor beam controls (the Special Editions show all text in Aurebesh, the space alphabet), and theold-school ring-free Death Star explosion:

old school