Infinity Maxim: There are an unlimited number of security vulnerabilities for a given security device, system, or program, most of which will never be discovered (by the good guys or bad guys).
Comment: We think this, because we always find new vulnerabilities when we look at the same security device, system, or program a second or third time, and because we always find vulnerabilities that others miss, and vice versa.
Thanks for Nothin’ Maxim: A vulnerability assessment that finds no vulnerabilities or only a few is worthless and wrong.
Arrogance Maxim: The ease of defeating a security device or system is proportional to how confident/arrogant the designer, manufacturer, or user is about it, and to how often they use words like “impossible” or “tamper-proof”.
Be Afraid, Be Very Afraid Maxim: If you’re not running scared, you have bad security or a bad security product.
Comment: Fear is a good vaccine against both arrogance and ignorance.
So We’re In Agreement Maxim: If you’re happy with your security, so are the bad guys.
Ignorance is Bliss Maxim: The confidence that people have in security is inversely proportional to how much they know about it.
Comment: Security looks easy if you’ve never taken the time to think carefully about it.
Weakest Link Maxim: The efficacy of security is determined more by what is done wrong than by what is done right.
Comment: Because the bad guys typically attack deliberately and intelligently, not randomly.
Safety Maxim: Applying the methods of safety to security doesn’t work well, but the reverse may have some merit.
Comment: Safety is typically analyzed as a stochastic problem, whereas the bad guys typically attack deliberately and intelligently, not randomly. For a discussion of the reverse problem, see RG Johnston, Journal of Safety Research 35, 245-248 (2004).
High-Tech Maxim: The amount of careful thinking that has gone into a given security device, system, or program is inversely proportional to the amount of high-technology it uses.
Comment: In security, high-technology is often taken as a license to stop thinking critically.
Dr. Who Maxim: “The more sophisticated the technology, the more vulnerable it is to primitive attack. People often overlook the obvious.”
Comment: A quote from Tom Baker as Dr. Who in The Pirate Planet (1978)
Low-Tech Maxim: Low-tech attacks work (even against high-tech devices and systems).
Comment: So don’t get too worked up about high-tech attacks.
Nowadays I work as a security consultant; I have collected eleven pages worth of Dr. Johnston's wisdom - I keep them posted on the wall by my desk at work. In designing physical security systems, and even in the evolving field of cybersecurity, I find that all of these truisms apply sooner or later. - Sean Linnane

.
Lotta wisdom there.
ReplyDeleteHow 'bout this:
No matter how prepared you are, you will be surprised.
ReplyDeleteThank you, your article is very good
viagra asli
jual viagra
toko viagra
toko viagra asli
jual viagra asli
viagra jakarta
viagra asli jakarta
toko viagra jakarta
jual viagra jakarta
agen viagra jakarta
agen viagra
cialis asli
cialis jakarta
cialis asli jakarta
titan gel asli
titan gel jakarta
titan gel asli jakarta
viagra cod jakarta
obat viagra jakarta
obat viagra asli
viagra usa
viagra original
obat viagra
obat kuat viagra
jual cialis
toko cialis
obat cialis
obat cialis asli
obat kuat cialis
obat cialis jakarta
toko cialis jakarta
jual cialis jakarta
agen cialis jakarta
toko titan gel
jual titan gel
vitamale asli
permen soloco asli
maxman asli
vimax asli
viagra
titan gel
hammer of thor
hammer of thor asli
hammer of thor jakarta
hammer of thor asli jakarta