Dailydave mailing list archives
the 11th immutable law: no such thing as immutable laws.
From: "Dave Aitel" <dave.aitel () gmail com>
Date: Tue, 23 Sep 2008 08:00:21 -0400
It's weird when non-hackers write "immutable security laws". It's like me writing "Immutable ballet laws". http://technet.microsoft.com/en-us/library/cc722487.aspx Law 1 and law 2 are the same thing. Law 4 only vaguely makes sense. Law 8 is like an anti-sodomy law that seems outdated the minute you put it on the books. And law 9 is a bizarre political opinion probably written when global PKI via Palladium seemed doable. Jesper Johansson has nicer things to say about them though. :> http://technet.microsoft.com/en-us/magazine/cc895640.aspx . Which is weird because what he should have said is "Ain't 10 immutable laws o' nothin'" and talked about some fish. -dave PS. No need to click -> [image: Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore] <http://technet.microsoft.com/en-us/library/cc722487.aspx#EKAA> Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore<http://technet.microsoft.com/en-us/library/cc722487.aspx#EKAA> [image: Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore] <http://technet.microsoft.com/en-us/library/cc722487.aspx#EJAA> Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore<http://technet.microsoft.com/en-us/library/cc722487.aspx#EJAA> [image: Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore] <http://technet.microsoft.com/en-us/library/cc722487.aspx#EIAA> Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore<http://technet.microsoft.com/en-us/library/cc722487.aspx#EIAA> [image: Law #4: If you allow a bad guy to upload programs to your website, it's not your website any more] <http://technet.microsoft.com/en-us/library/cc722487.aspx#EHAA> Law #4: If you allow a bad guy to upload programs to your website, it's not your website any more<http://technet.microsoft.com/en-us/library/cc722487.aspx#EHAA> [image: Law #5: Weak passwords trump strong security] <http://technet.microsoft.com/en-us/library/cc722487.aspx#EGAA> Law #5: Weak passwords trump strong security<http://technet.microsoft.com/en-us/library/cc722487.aspx#EGAA> [image: Law #6: A computer is only as secure as the administrator is trustworthy] <http://technet.microsoft.com/en-us/library/cc722487.aspx#EFAA> Law #6: A computer is only as secure as the administrator is trustworthy<http://technet.microsoft.com/en-us/library/cc722487.aspx#EFAA> [image: Law #7: Encrypted data is only as secure as the decryption key] <http://technet.microsoft.com/en-us/library/cc722487.aspx#EEAA> Law #7: Encrypted data is only as secure as the decryption key<http://technet.microsoft.com/en-us/library/cc722487.aspx#EEAA> [image: Law #8: An out of date virus scanner is only marginally better than no virus scanner at all] <http://technet.microsoft.com/en-us/library/cc722487.aspx#EDAA> Law #8: An out of date virus scanner is only marginally better than no virus scanner at all <http://technet.microsoft.com/en-us/library/cc722487.aspx#EDAA> [image: Law #9: Absolute anonymity isn't practical, in real life or on the Web] <http://technet.microsoft.com/en-us/library/cc722487.aspx#ECAA> Law #9: Absolute anonymity isn't practical, in real life or on the Web<http://technet.microsoft.com/en-us/library/cc722487.aspx#ECAA> [image: Law #10: Technology is not a panacea] <http://technet.microsoft.com/en-us/library/cc722487.aspx#EBAA> Law #10: Technology is not a panacea<http://technet.microsoft.com/en-us/library/cc722487.aspx#EBAA>
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- the 11th immutable law: no such thing as immutable laws. Dave Aitel (Sep 23)