Features Podcasts Family Video Comics Music Tech Science Books Film & TV Games ✚

Jill

Physical security maxims from Argonne National Laboratory

Mark Frauenfelder at 10:02 am Wed, Oct 15, 2008

— FEATURED —

Science

Last chance to enter the Armchair Taxonomist challenge!

Book Review

Black Code: how spies, cops and crims are making cyberspace unfit for human habitation

Book Review

We Can Fix it! - a graphic novel time travel memoir

Science

The technology that links taxonomy and Star Trek

— FOLLOW US —

Boing Boing is on Twitter and Facebook. Subscribe to our RSS feed or daily email.

 

— POLICIES —

Except where indicated, Boing Boing is licensed under a Creative Commons License permitting non-commercial sharing with attribution

 

— FONTS —

Tweet
Kindle
Vulnerability Assessment Team (VAT) Seals has a list of "somewhat cynical and tongue-in-cheek" security maxims that are nevertheless "essentially correct 80-90% of the time (unfortunately)."

Here are a few examples:

Insider Risk Maxim: Most organizations will ignore or seriously underestimate the threat from insiders.

Troublemaker Maxim: The probability that a security professional has been marginalized by his or her organization is proportional to his/her skill, creativity, knowledge, competence, and eagerness to provide effective security.

Feynman’s Maxim: An organization will fear and despise loyal vulnerability assessors and others who point out vulnerabilities or suggest security changes more than malicious adversaries.

Irresponsibility Maxim: It’ll often be considered “irresponsible” to point out security vulnerabilities (including the theoretical possibility that they might exist), but you’ll rarely be called irresponsible for ignoring or covering them up.

Physical security maxims from Argonne National Laboratory (via Schneier)

Mark Frauenfelder is the founder of Boing Boing and the editor-in-chief of MAKE and Cool Tools. Twitter: @frauenfelder. Come and hear Mark speak at the ALA conference in Chicago on July 1.

More at Boing Boing

The technology that links taxonomy and Star Trek

Hackers prepare for first "national holiday" in their honor

  • ill lich

    “Feynman’s Maxim” comes from Richard Feynman’s interest/hobby of lock-picking at Los Alamos. He often pointed out to his managers how easy it was to pick locks there, and they thanked him by citing him as a security threat.

  • Scuba SM

    My dad taught me a very important rule when I was fairly young: Always make sure you are a less attractive target than the next guy.

    That little maxim works on a surprisingly broad range of things, from avoiding speeding tickets to preventing your stuff from being stolen. No one will ever be able to stop a truly determined attacker, but if you follow the little maxim, you’ll be fine the vast majority of the time. It’s also contains a surprising amount of depth, as there are hundreds of ways to make yourself a less attractive target in any given situation.

    Please note that this maxim does not work well in dating situations.

  • russ3llr

    Toby@7

    Nope, read that back several times now and other than your italics I can’t see any difference between your version and theirs (or anything wrong with either).

    A little help…?

  • russ3llr

    Sorry…got it now. The internets make me lazy – feed me with a SPOON, damn your eyes!

  • SeamusAndrewMurphy

    Clarity thy name is Toby.

  • Sharon McEachern

    Ask me if I feel secure now. That’s okay, I didn’t feel all that secure before.

    For some reason these maxims I liken to Sebastian, the stray tomcat I took in four months ago. Although he’s been safe, warm, fed and received lots of attention and cuddles, mentally he’s still a struggling stray. He’s fearful, cannot get enough food and cries all the time.

    I think members of the Vulnerability Assessment Team (Seals) may be suffering from similar ailments and are mentally/emotionally vulnerable and fearful. But, that’s their job. Their paranoia may actually help them perform that job better. And, no, I don’t want their job.

    Sharon McEachern

  • Toby

    Insider Risk Maxim: Most organizations will ignore or seriously underestimate the threat from insiders.

    Doesn’t the Argonne Lab have a proofreader on staff, among all those untrustworthy insiders?

  • jahknow

    Priceless.

  • bardfinn

    Which is why I no longer work even tangentially in security.

  • Phikus

    Can’t wait to try on my new TSA uniform… For Halloween, of course!

  • VVelox

    Takes One to Know One: The fourth most common excuse for not fixing security vulnerabilities is that “our adversaries are too stupid and/or unresourceful to figure that out.”

    This reminds me of the ISP I use to work.

  • Wubby

    What is great about these is them many apply to so many other situations:

    Schneier’s Maxim #2: Control will usually get confused with Security.

    That can easily be applied to the political sphere.

    Rohrbach’s Maxim: No security device, system, or program will ever be used properly (the way it was designed) all the time.

    This could be applied to the law.

    Etc ETc ETC