the 11th immutable law: no such thing as immutable laws.

["Dave Aitel" <dave.aitel () gmail com>]

It's weird when non-hackers write "immutable security laws". It's like me
writing "Immutable ballet laws".
http://technet.microsoft.com/en-us/library/cc722487.aspx

Law 1 and law 2 are the same thing. Law 4 only vaguely makes sense. Law 8 is
like an anti-sodomy law that seems outdated the minute you put it on the
books. And law 9 is a bizarre political opinion probably written when global
PKI via Palladium seemed doable.

Jesper Johansson has nicer things to say about them though. :>
http://technet.microsoft.com/en-us/magazine/cc895640.aspx . Which is weird
because what he should have said is "Ain't 10 immutable laws o' nothin'" and
talked about some fish.

-dave
PS. No need to click ->

 [image: Law #1: If a bad guy can persuade you to run his program on your
computer, it's not your computer anymore]
<http://technet.microsoft.com/en-us/library/cc722487.aspx#EKAA> Law #1: If a
bad guy can persuade you to run his program on your computer, it's not your
computer anymore<http://technet.microsoft.com/en-us/library/cc722487.aspx#EKAA>
 [image: Law #2: If a bad guy can alter the operating system on your
computer, it's not your computer anymore]
<http://technet.microsoft.com/en-us/library/cc722487.aspx#EJAA> Law #2: If a
bad guy can alter the operating system on your computer, it's not your
computer anymore<http://technet.microsoft.com/en-us/library/cc722487.aspx#EJAA>
 [image: Law #3: If a bad guy has unrestricted physical access to your
computer, it's not your computer anymore]
<http://technet.microsoft.com/en-us/library/cc722487.aspx#EIAA> Law #3: If a
bad guy has unrestricted physical access to your computer, it's not your
computer anymore<http://technet.microsoft.com/en-us/library/cc722487.aspx#EIAA>
 [image: Law #4: If you allow a bad guy to upload programs to your website,
it's not your website any more]
<http://technet.microsoft.com/en-us/library/cc722487.aspx#EHAA> Law #4: If
you allow a bad guy to upload programs to your website, it's not your
website any more<http://technet.microsoft.com/en-us/library/cc722487.aspx#EHAA>
 [image: Law #5: Weak passwords trump strong security]
<http://technet.microsoft.com/en-us/library/cc722487.aspx#EGAA> Law #5: Weak
passwords trump strong
security<http://technet.microsoft.com/en-us/library/cc722487.aspx#EGAA>
 [image: Law #6: A computer is only as secure as the administrator is
trustworthy] <http://technet.microsoft.com/en-us/library/cc722487.aspx#EFAA>
Law
#6: A computer is only as secure as the administrator is
trustworthy<http://technet.microsoft.com/en-us/library/cc722487.aspx#EFAA>
 [image: Law #7: Encrypted data is only as secure as the decryption key]
<http://technet.microsoft.com/en-us/library/cc722487.aspx#EEAA> Law #7:
Encrypted data is only as secure as the decryption
key<http://technet.microsoft.com/en-us/library/cc722487.aspx#EEAA>
 [image: Law #8: An out of date virus scanner is only marginally better than
no virus scanner at all]
<http://technet.microsoft.com/en-us/library/cc722487.aspx#EDAA> Law #8: An
out of date virus scanner is only marginally better than no virus scanner at
all <http://technet.microsoft.com/en-us/library/cc722487.aspx#EDAA>
 [image: Law #9: Absolute anonymity isn't practical, in real life or on the
Web] <http://technet.microsoft.com/en-us/library/cc722487.aspx#ECAA> Law #9:
Absolute anonymity isn't practical, in real life or on the
Web<http://technet.microsoft.com/en-us/library/cc722487.aspx#ECAA>
 [image: Law #10: Technology is not a panacea]
<http://technet.microsoft.com/en-us/library/cc722487.aspx#EBAA> Law #10:
Technology is not a
panacea<http://technet.microsoft.com/en-us/library/cc722487.aspx#EBAA>

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave