1. Client-side security doesn't work.
2. You cannot securely exchange encription keys without a shared piece of information.
3. Malicious code cannot be 100 percent protected against.
4. Any malicious code can be completely morphed to bypass signature detection.
5. Firewalls cannot protect you 100 percent from attack.
6. Any intrusion detection system (IDS) can be evaded.
7. Secret cryptographic algrothms are not secure.
8. If a key isn't required, you do not have encryption, you have encoding.
9. Passwords cannot be securely stored on the client unless there is another password to protect them.
10. In order for a system to begin to be considered secure, it must undergo an independent security audit.
11. Security through obscurity does not work.
12. If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore.
13. If a bad guy can alter the operating system on your computer, it’s not your computer anymore.
14. If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore.
15. If you allow a bad guy to upload programs to your Web site, it’s not your Web site any more.
16. Weak passwords trump strong security.
17. A machine is only as secure as the administrator is trustworthy.
18. Encrypted data is only as secure as the decryption key.
19. An out-of-date virus scanner is only marginally better than no virus scanner at all.
20. Absolute anonymity isn’t practical, in real life or on the Web.
21. Technology is not a panacea.

Please lalasticlala do the needful, security is essential in staying safe online..

Source www.ithoughtsecurity.com/2015/08/infosec-laws-of-security.html

You can't just write jargons and not prefer solutions

iThoughtSec:


1. Client-side security doesn't work.
2. You cannot securely exchange encription keys without a shared piece of information.
3. Malicious code cannot be 100 percent protected against.
4. Any malicious code can be completely morphed to bypass signature detection.
5. Firewalls cannot protect you 100 percent from attack.
6. Any intrusion detection system (IDS) can be evaded.
7. Secret cryptographic algrothms are not secure.
8. If a key isn't required, you do not have encryption, you have encoding.
9. Passwords cannot be securely stored on the client unless there is another password to protect them.
10. In order for a system to begin to be considered secure, it must undergo an independent security audit.
11. Security through obscurity does not work.
12. If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore.
13. If a bad guy can alter the operating system on your computer, it’s not your computer anymore.
14. If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore.
15. If you allow a bad guy to upload programs to your Web site, it’s not your Web site any more.
16. Weak passwords trump strong security.
17. A machine is only as secure as the administrator is trustworthy.
18. Encrypted data is only as secure as the decryption key.
19. An out-of-date virus scanner is only marginally better than no virus scanner at all.
20. Absolute anonymity isn’t practical, in real life or on the Web.
21. Technology is not a panacea.

Please lalasticlala do the needful, security is essential in staying safe online..

Source www.ithoughtsecurity.com/2015/08/infosec-laws-of-security.html

@21 Imagine a life without technology?