10 Immutable Laws of Security

I was browsing the MSDN Blogs and come across this interesting post in the IEBlog about SSL and TLS security. Digging through, I ended up with this quite informative Microsoft TechNet article.

The 10 Immutable Laws of Security:

• Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore


• Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore


• Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore


• Law #4: If you allow a bad guy to upload programs to your website, it's not your website any more


• Law #5: Weak passwords trump strong security


• Law #6: A computer is only as secure as the administrator is trustworthy


• Law #7: Encrypted data is only as secure as the decryption key


• Law #8: An out of date virus scanner is only marginally better than no virus scanner at all


• Law #9: Absolute anonymity isn't practical, in real life or on the Web


• Law #10: Technology is not a panacea

I highly recommend you read this 10 Immutable Laws of Security at Microsoft TechNet.

The Geek Wedding

Nothing geeky about it, really.

My wedding went on as any conventional Sri Lankan Sinhalese wedding. My wife Chãndima wore Kandyan for the wedding on 28th March 2005 and an Indian saree for the home-coming ceremony, on the 2nd of April 2005.

  

Check out more wedding photos as a slideshow in my MSN Space.