The Ten Immutable Laws of Security

[Stiffler]

 
1. If a bad guy can persuade you to run his program on your computer, it?s
       not your computer anymore.

 
2. If a bad guy can alter the operating system on your computer, it?s
       not your computer anymore.

 
3. If a bad guy has unrestricted physical access to your computer, it?s
       not your computer anymore.

 
4. If you allow a bad guy to upload programs to your web site, it?s not
       your web site any more.

 
5. Weak passwords trump strong security.

 
6. A machine is only as secure as the administrator is trustworthy.

 
7. Encrypted data is only as secure as the decryption key.

 
8. An out of date virus scanner is only marginally better than no virus scanner
       at all.

 
9. Absolute anonymity isn't practical, in real life or on the web.

 
10. Technology is not a panacea.

Law #3: If a bad guy has unrestricted physical access to your computer, it?s not your computer anymore.
Panic! Someone can boot your winXP computer with a win2k CD and access/copy your files using Recovery Console. Well indeed you should panic if someone has unwanted physical access to your PC, he/she doesn't need a win2k CD he/she can use wininternals ERD CD, with that you don't need a password anyway. Worse he/she can get your harddisk out and plug it in it's own PC, or piss in your floppy drive!
OK it is a flaw, MS suggests that using Recovery Console it is password restricted, but if you are so in security better get these laws in your head!

source winxp.bink.nu

Jon

To find out more about the above laws Click Here.

To find out more about the security problem Click Here.