Steve’s Views Rotating Header Image

September, 2008:

Physical Security Maxims

Security whether physical, computer or any other area, is seldom understood. Arbitrary ideas that saves someone from doing something is usually chosen. It is next to impossible to overstate the amount of ignorance and stupidity demonstrated whenever security is considered. This list brings home the balance of secure vs insecure. Of course security is about balancing security vs useable and practical.

Here’s excerpts from a list of maxims produced and assembled by Roger G. Johnston, Ph.D., CPP in the Vulnerability Assessment Team at Argonne National Laboratory.

(You can see the whole list at  www.schneier.com)

Physical Security Maxims
Roger G. Johnston, Ph.D., CPP

Security Maxims
The following maxims, based on our experience with physical
security, nuclear safeguards, & vulnerability assessments, are
not absolute laws or theorems, but they will be essentially
correct 80-90% of the time.

Infinity Maxim: There are an unlimited number of security
vulnerabilities for a given security device, system, or program,
most of which will never be discovered (by the good guys or
bad guys).

Arrogance Maxim: The ease of defeating a security device
or system is proportional to how confident/arrogant the designer,
manufacturer, or user is about it, and to how often they use
words like “impossible” or “tamper-proof”.

Ignorance is Bliss Maxim: The confidence that people have in
security is inversely proportional to how much they know about it.

Be Afraid, Be Very Afraid Maxim: If you’re not running
scared, you have bad security or a bad security product.

High-Tech Maxim: The amount of careful thinking that has
gone into a given security device, system, or program is
inversely proportional to the amount of high-technology it uses.

Schneier’s Maxim #1: The more excited people are about a given
security technology, the less they understand (1) that technology
and (2) their own security problems.

September 24 Is World Day Against Software Patents

Foundation for a Free Information Infrastructure, has a press release declaring Sep 24 World Day Against Software Patents:

Brussels, 2nd September 2008 — A global coalition of more than 80 software companies, associations and developers has declared the 24th of September to be the “World Day Against Software Patents”. Five years ago, on 24 September 2003, the European Parliament adopted amendments to limit the scope of patent law and thereby protect small software companies from the harmful effects of broad and trivial software patents. A global petition asking to effectively stop software patents worldwide will be launched on 24 September 2008, together with specific additional requests for certain regions such as Europe, the United States or India.

Full Press Release.