TheArchitect.co.uk - Jorgen Thelin's weblog
Enterprise technology for the real world.
After yesterday's net-buzz about a rogue mailbox archive application it's worth reminding ourselves about a classic security article: "10 Immutable Laws of Security"
- Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore
- Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore
- Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore
- Law #4: If you allow a bad guy to upload programs to your website, it's not your website any more
- Law #5: Weak passwords trump strong security
- Law #6: A computer is only as secure as the administrator is trustworthy
- Law #7: Encrypted data is only as secure as the decryption key
- Law #8: An out of date virus scanner is only marginally better than no virus scanner at all
- Law #9: Absolute anonymity isn't practical, in real life or on the Web
- Law #10: Technology is not a panacea
Item #1 is particularly important in relation to yesterday's news!
If you install an application on your machine, you are implicitly granting it a certain level of trusted access -- so you better be sure you know and trust the source of that application.
All content is
Copyright (c) 2010 Jorgen Thelin. All rights reserved.
The opinions expressed here represent my own views
and not necessarily those of my current, prior or future employer(s).
Content is provided "as-is", without any representations or warrenties of any kind.
Contents of the Weblog Feed are
licensed under a
Creative Commons License.
