Microsoft: 10 Immutable Laws of Security

LuluSec and Anonymous: Anti-Security Manifesto

Creator: Microsoft Security Response Center is a division of Microsoft that investigates thousands of security reports every year to determine if a flaw results from one of their products.

Purpose: Microsoft Security Response Center investigates thousands of security reports every year. Not all real security problems result from product flaws. The most likely list of issues have been collated below.

Manifesto: 10 Immutable Laws of Security

Law #1: If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore

Law #2: If a bad guy can alter the operating system on your computer, it’s not your computer anymore

Law #3: If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore

Law #4: If you allow a bad guy to upload programs to your website, it’s not your website any more

Law #5: Weak passwords trump strong security

Law #6: A computer is only as secure as the administrator is trustworthy

Law #7: Encrypted data is only as secure as the decryption key

Law #8: An out of date virus scanner is only marginally better than no virus scanner at all

Law #9: Absolute anonymity isn’t practical, in real life or on the Web

Law #10: Technology is not a panacea

 

Source

Complete descriptions and full manifesto