Adnan Masood's Weblog! عدنان مسعود - 10 Immutable Laws of Security

10 Immutable Laws of Security

Read the following "10 Immutable Laws of Security" on technet recently, thought they are definitely worth sharing; old but worthy gems.

Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore

Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore

Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore

Law #4: If you allow a bad guy to upload programs to your website, it's not your website any more

Law #5: Weak passwords trump strong security

Law #6: A computer is only as secure as the administrator is trustworthy

Law #7: Encrypted data is only as secure as the decryption key

Law #8: An out of date virus scanner is only marginally better than no virus scanner at all

Law #9: Absolute anonymity isn't practical, in real life or on the Web

Law #10: Technology is not a panacea

1/18/2010 8:22:31 AM (Pacific Standard Time, UTC-08:00)

Comments [1] | Trackback

2/25/2010 9:22:21 PM (Pacific Standard Time, UTC-08:00)

I've been working on the publication of a Windows Vista exploit that targets User Account Control (UAC), the part of Windows Vista that prompts users to explicitly grant administrative approval whenever a privileged operation takes place. Once I finish my whitepaper and proof-of-concept code for it, I'll submit it to Microsoft and give them a week before I publically disclose it to Bugtraq. Why am I giving them only a week to respond to it? Because in Microsoft's mind, it doesn't seem to be a "security" issue at all; according to the 10 Immutable Laws of Security, it shouldn't be an issue.

JN0-532 |bryson53AT NOSPAMlive dot com

Name
E-mail
Home page

	Remember Me
Comment (HTML not allowed)
Enter the code shown (prevents robots):

All content © 2010, Adnan Masood

About the Author

Adnan Masood's MCPD Transcript Logo - Microsoft Certified Professional Developer

Adnan Masood's MCTS Transcript Logo - Microsoft Certified Technology Specialist

Adnan Masood's MCSD Transcript Logo - Microsoft Certified Solution Developer Adnan Masood's MCAD Transcript Logo - Microsoft Certified Application Developer
Adnan Masood's SCJP Transcript Logo

Co-founder of the San Gabriel Valley .NET Developers Group

Member Association for Computer Machinery special interest group on data mining and knowledge discovery

Subscribe to RSS Feed Syndicate XML

Locations of visitors to this page

On this page

Calendar

March 2010

Sun

Mon

Tue

Wed

Thu

Fri

Sat

28

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

1

2

3

4

5

6

7

8

9

10

Archives

Full Archives By Category

February, 2010 (1)

January, 2010 (4)

November, 2009 (2)

October, 2009 (3)

September, 2009 (5)

August, 2009 (1)

January, 2009 (6)

November, 2008 (2)

October, 2008 (4)

September, 2008 (9)

August, 2008 (7)

April, 2008 (4)

February, 2008 (8)

January, 2008 (4)

November, 2007 (1)

October, 2007 (1)

September, 2007 (2)

August, 2007 (3)

April, 2007 (5)

March, 2007 (2)

February, 2007 (2)

January, 2007 (8)

December, 2006 (5)

November, 2006 (13)

October, 2006 (10)

September, 2006 (11)

August, 2006 (2)

April, 2006 (7)

March, 2006 (7)

February, 2006 (12)

January, 2006 (13)

December, 2005 (21)

November, 2005 (31)

October, 2005 (28)

September, 2005 (7)

August, 2005 (10)

July, 2005 (12)

March, 2005 (2)

December, 2004 (10)

November, 2004 (4)

October, 2004 (2)

September, 2004 (6)

August, 2004 (10)

April, 2004 (4)

March, 2004 (13)

February, 2004 (4)

Sitemap

Research & Development

Blogroll OPML

Doonesbury Daily Dose

The Dilbert Blog

USGS M>5 Earthquakes

Black Cat Journal

Nauman Leghari's Blog

Software by Rob

Urdu Blog Content Service

4GuysFromRolla.com Headlines

Adnan Masood's Weblog!

Christian Weyer: Smells like service spirit

ComputerZen.com - Scott Hanselman

Dan Wahlin's WebLog

dan-wahlin-blog

DotNetSlackers Latest ASP.NET News

Geekswithblogs.net

In the Minority (Ken Getz)

John Bristowe's Weblog

Kate Gregory's Blog

Microsoft Architecture Resource Center

MSDN Just Published

MSDN Subscriber Downloads

MSDN: .NET Framework and CLR

MSDN: Visual Studio

MSDN: Web Services

namespace LavanyaDeepak {}

Rick Strahl's WebLog

Rob Chartier's Excogitation

Scobleizer - Microsoft Geek Blogger

Scobleizer: Microsoft Geek Blogger

shahine.com/omar/

Shut-Up and Smile

Technical Careers @ Microsoft

Weblogs @ ASP.NET

microsoft-research

Lambda the Ultimate - Programming Languages Weblog

Microsoft Research Downloads

Microsoft Research News and Headlines

Microsoft Research Publications

Andrew Ulanowski's Blog

CMP DevNet .NET Cast

Dale Brice-Nash

David Chappell :: Weblog

DonXml's Grok This

Greg's Cool [Insert Clever Name] of the Day

Jeff Jones Blog

Jennifer Campions Blog at Interface Technical Training

Message for you, sir!

Michael Palermo

On the road to Indigo

Service Station, by Aaron Skonnard

SimonAllardiceInterfaceTechnicalTraining

Stephen Forte's WebBlog

UK Developer Blogs

Blogroll

Disclaimer

Powered by: newtelligence dasBlog 1.8.5223.2

The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.

E-mail

Theme design by Jelle Druyts