http://techweb.com/showArticle.jhtml?articleID=163104972 [After you read this article, fans of "24" might get a kick out of this: http://www.salon.com/ent/feature/2005/05/16/24/index_np.html - WK] By Fredric Paul TechWeb.com May 17, 2005 Did anyone happen to see the TV show "24" last week? You know, it's the Monday-night Fox series where counter-terrorist Jack Bauer, played by Kiefer Sutherland, spends a desperate day trying to save America from various forms of annihilation. Well, I've been Tivo-ing the series since it started four years ago, and it's had its share of jump-the-shark [1] moments. But I fell out of my Lay-Z-Boy last Monday night when a nuclear terrorist's attempt to penetrate the show's Counter Terrorist Unit's computer network was foiled by a new security system said to have been just installed the previous night. It wasn't just any security system, you see, it was a CISCO security system. You can see the clip on Cisco's Web site [2], (QuickTime required) and here's a rough transcript of the conversation between Chloe, the show's cranky computer expert, and Buchanan, the suit in charge of CTU: Chloe: How did this happen? Mr. Buchanan, the network security monitor lit up. Someone on the outside is trying to jam our satellite servers. Buchanan: Could this just be high network load? Chloe: No, it's definitely a denial of service attempt. What do you want me to do? Buchanan: Did it do any damage yet? Chloe: No, the Cisco system is self defending. Buchanan: Alright, have one of your people use the security auditor tool. Maybe it'll give us Marwan's network. [Note: Marwan is a terrorist attempting to blow up a stolen nuclear bomb.] Chloe: That was my point from the start. Buchanan: Chloe, we're in active code. We don't have time for your personality disorder. [Note: Lines like this are why I still love the show despite its numerous missteps.] You understand me? Chloe! Yes or no? Chloe: Yes, sir. During this conversation the words "Cisco Security Response System" appear on Chloe's computer screen, and the Cisco logo looms on large wall monitors in CTU's headquarters. After the exchange demonstrates the impregnability of the system, as far as I could tell the whole computer attack plot line is dropped as quickly as it was mentioned, mattering not a whit to the overall plot of the show. Discussion of this remarkably blatant incident is rife on the blogosphere [3], and I can see why. I was so stunned I contacted Cisco about it. A Cisco representative acknowledged it as "a cool placement," but said the VP of corporate marketing chose "not to disclose lots of details around our product placements for competitive reasons." He also declined to mention that Cisco posted the clip on its site; I found that URL via the blogosphere. He did add, though, that "Cisco has provided network technology solutions to the 24 production team for the past four years, since its inception. We believe this is an innovative way to generate awareness of our product solutions while enhancing content of the show." Well, most people don't seem to see it as enhancement of the show, but my annoyance with product placements is not the point. (For instance, a Cisco IP communications placement [4] on "24" didn't bother me hardly at all, nor did the Alienware laptops used by the bad guys.) Instead, I saw this placement as a reason to start worrying about the real state of homeland computer security, and about the false confidence we have concerning the issue. Do we really trust our homeland security to Cisco--or to any company for that matter? I mean, while the "Cisco Security Response System" works perfectly on TV, in real life Cisco--like most other companies--has had numerous security lapses. The company recently acknowledged that its routers, switches, and other products are vulnerable to denial-of-service attacks and that its IOS (Internetwork Operating System) may contain vulnerabilities that could permit an unauthorized user to complete authentication and access network resources and have other issues. Furthermore, Cisco's own source code was stolen last year, and the alleged perps have only recently been arrested. Now, I know Cisco takes security seriously. It's a big money-maker for the company, among other things. But the face it presents on "24" is that this is a problem already solved. The terrorists slink away, their hacking plans swiftly foiled--though it doesn't stop their overall operation. Is that really an accurate refection of the threat we face? And is it responsible of Cisco to present it that way? I'm curious to find out what you think of the product placement, and the message it sends. Feel free to drop me a line [5]. Fredric Paul is editor-in-chief of TechWeb. -0- [1] http://www.jumptheshark.com/t/24.htm [2] http://www.cisco.com/now/24/indexSecurity.html [3] http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=GGLD,GGLD:2004-43,GGLD:en&q=%2224%22+chloe+cisco [4] http://www.cisco.com/now/24/ [5] fpaul@private _________________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Wed May 18 2005 - 10:30:51 PDT