Or at least you could about 30 years ago when MSFT was still in the habit of providing programmability in every one of their apps.
When you opened a jpg in some MSFT image viewer app, the app would locate and try to execute any data marked as being a “macro”. And of course it didn’t take long for bad guys to find a way to exploit a bug in the macro execution engine to escape the sandbox and run their own arbitrary code.
All this was before the internet got big and the design assumption was that all data files always come from local and trusted sources. As the WWW, and especially the higher speeds beyond dialup took hold, MSFT had a hell of a job patching everything they ever made to deal with a much more hostile flow of incoming data.
QR codes are predominately used to encode URLs for websites, and the ‘exploit’ of getting people to incautiously scan QR codes is that it sends them to a website where they download some virus-containing application or document. The only way an image file could contain self-operating malicious code is if it had some kind of self-animating function or in metadata that they image display application uses to activate some unprotected system call. And, as you note, there is no way to embed this into the scene from which a picture it taken; it would have to be inserted into the code of the image file itself.
These kind of tropes are irritating because it gives a false impression of vulnerability to people who aren’t knowledgeable about computer security while glossing over the actual vulnerabilities of easily guessed passwords, loading non-verified applications on your mobile devices, putting way too much personal information on social media, and of course phishing and other social engineering attacks which are the vast majority of security exploits. It’s bad writing that also misinforms the public when it would be just as easy to write a story involving realistic exploits that would make the public more generally aware of real vulnerabilities.
Thank you. As a teacher, I’m dismayed by how much lazy students use AI. But you’ve just shown me the first thing where I’ve ever said “Great job, ChatGPT”!
.
(Bye, I’m off to read some books that I’ve been putting off due to their length: The Brothers Karamazov by Tom Robbins;
Hunter S. Thompson’s Ulysses; The Canterbury Tales, by Carl Hiassen;
and just for grins I might read The Hitchhiker’s Guide books…
as written by Michael Crichton!)
DIsk drives of one type or another are as old as mainframes themselves, but they were originally of a fixed-head design and low capacity, so really only useful for system and working storage. There was a while when tape drives were the only high-capacity storage available for mainframes, and the only storage medium that was both high-density and removable. Mainframes typically had a long row of tape drives, which were a distinctive feature of the archetypal computer room.
However, I’m kinda doubtful that overshooting on a tape record seek was common and certainly was not the cause of the characteristic jerky motion of the tape reels. High-performance tape drives had long vacuum columns below both the supply and take-up reels. Several feet of tape would typically be looped down both columns. This way the actual tape transport mechanism at the read/write heads only needed to contend with the negligible mass of a couple of feet of loose tape and could position the tape over the heads with high precision. Meanwhile optical sensors monitored how much tape was in each column, and activated powerful motors to drive the reels one way or the other to keep the tape loops approximately halfway down each column. Which led to the impressive back-and-forth jerking of the tape reels in response to record seek operations.
Also from what I can recall, the Jurassic Park enterprise employed a single genius programmer, Newman (OK, Wayne Knight, the guy who played Newman on Seinfeld; the series was about halfway through its spectacular run when Jurassic Park was released) who single-handedly wrote all the custom applications used by the park. The 10-yo was nevertheless able to navigate all the custom apps (because, after all, she “knew UNIX”) to immediately get the info she needed. Also, IIRC, Newman apparently went to all the trouble to modify the authorization interface so that a failed login attempt would present an animated audiovisual clip of Newman wagging his finger. Which authorization obstacle was quickly cracked, IIRC. no doubt by the same 10-yo. Maybe he should have put more effort into security and less into animation!
But, hey, I can forgive all this. The movie certainly had the budget to hire a few geeks to get the computer stuff more believable, but the point of a movie like this was to be fun, and I still think Jurassic Park is one of the most entertaining movies ever made. Was it really necessary, when the Jeep was being chased by a T-rex, to show its reflection in the right-hand mirror bearing the etched legend “Objects are closer than they appear”? No, it was not, but it was fun!
Right, and it’d be theoretically possible to engineer a scene such that, when you took a picture of it, the JPEG would contain a virus… but you’d have to control everything to such an insane degree that you probably couldn’t even actually do it in a laboratory setting, and certainly not from some random CSI tech taking pictures from random angles.
This was also used in “The Running Man”. The runners guessed the password to the satellite uplink one number at a time. Furthermore, they had to memorize the whole long sequence until later.
Also used in “Swordfish”, this time in a complex 3D maze.
In the story, a main character loses an arm as a young child, from a snakebite. At the end of the movie, she was portrayed by a two-armed actress, and her missing arm flashed on and off.
We noticed that restaurant owners can login to view applicants at Signin . Although the app tries to force SSO for McDonald’s, there is a smaller link for “Paradox team members” that caught our eye.Without much thought, we entered “123456” as the username and “123456” as the password and were surprised to see we were immediately logged in!
As a wise man once said - that’s the kind of password and idiot would use on his luggage!
“You didn’t bring me along for my charming personality.”
Although most computer hacks you see in movies and television are pure screenwriter bullshit, Theo cracking into the Nakatomi system is at least plausible. As can be observed in the scene where Mr. Takagi is pressured for the password the screen indicates that the Nakatomi ‘Socrates’ computer is running some version of BSD Unix. The 9.2 doesn’t make much sense in terms of the Berkeley Standard Distribution numbering but Bell Labs had a BSD-derived distribution in about that time range that was in version 9 and 10. Unix of the era was not designed with security from the ground up and there were numerous exploits like the polkit vulnerability that could be used to gradually gain root access, grab the hash table, and do a reverse dictionary brute force attack to get into a user account. Even estimating the time it would take is not implausible if Theo had simulated this previously, although discussing it then rather than previously timetabling the task was obviously for the sake of exposition to the viewer.
