[Cryptography] The Laws (was the principles) of secure information systems design
Ray Dillinger
bear at sonic.net
Wed Jul 13 18:16:38 EDT 2016
On 07/12/2016 01:30 PM, Peter Fairbrother wrote:
> I've been revising the principles, and came up with this. It's an early
> version.
>
> As ever, corrections and suggestions are welcome.
I've come up with a few enlightening definitions: Sometimes
people make better security decisions if they look at them.
Some of them could be laws I suppose. Here are the ones I
put on the one-page version of the handout.
"Backward Compatible" -- Vulnerable to Downgrade Attack.
"Backup" -- Additional Target.
"Big Data" -- Whatever people didn't secure.
"CA" -- Some clown in Uzbekistan who paid somebody a bribe.
"Cloud" -- Computers that someone else can access at will or
take away from you at will.
"Common Carrier" -- Compromised Carrier.
"DRM" -- A technology which gives the key to the attacker.
"Firmware Update" -- A reminder that the software you can see
is not the only software that contains holes.
"IoT" -- Internet of Targets.
"Keyboard" -- A device for entering mistakes into a computer.
"Password" -- If a human can remember it a computer can guess it.
"Proprietary" -- Unreviewed.
"Protocol" -- A procedure ANY part of which may not be followed.
"Routine" -- With absolutely the minimum possible amount of
attention or checking required to usually get results.
"Secure" -- Less valuable to a crook than something else they
could steal or break with the same effort.
"Social Media" -- Surveillance As a Business Model.
"Switch" -- listening post.
"Trusted" -- Capable of screwing you over.
"USB" -- Un-Secure Bus.
"Virtual" -- Looks like something that it isn't.
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160713/9341a5df/attachment.sig>
More information about the cryptography
mailing list