Law Forum
  Law Books

Adverts from Google:

Computer Security Resources

We are lawyers, not computer experts, and certainly not security experts. But our work brings us up against questions of computer security nearly every day.

Here follow some links which may be of assistance. We do not include these by way of recommendation. They are just links.

Go Handbook of Applied Cryptography. This must be one of the jewels of on-line publishing. The entire volume in .pdf format.
GoThe Snake Oil FAQ. How to spot bad encryption.
GoIBM Anti-Virus On-Line Alerts - including also the latest in hoaxes.
Go Federation of American Scientists: Information Warfare and Information Security on the Web
Go Computer Virus Myths and Hoaxes
Go Stiller Research Virus control programs, alerts and hoax explanations.
Go Sophos Virus Alerts and Anti-Virus Software.
The information hiding homepage MP3Stego How to hide a password or copyright marker within MP3 music files.
Cryptome This is Bruce Schneier's site, and offers much excellent and authoritative advice.
Go Codes and Ciphers UK - A site maintained by Tony Sale.
SysInternals claim they can securely overwrite your sensitive files and cleanse your free space of previously deleted files using this DoD-compliant secure delete program.

As to computer security in general, a few rules (or nostrums):

  1. There are always two keys.

    You would never buy a lock which only came with one key. Why buy a security system which, for example, only allows one means of access to a bank account. This may be some biological measurement, a voice print, or retinal fingerprint. What happens if you suffer some physical impairment and lose ability to access the account? Well, if the security is genuinely as described, you have lost whatever was protected.

    Of course, though, it isn't. After your death your executors will be given access through whoever 'holds' the account, usually the bank manager. If they do that, then of course there never was 'only one key', the bank have the other key. Sadly, if they have teh other key, then, since any attack is just as likely to come from within the safe-keeping organisation, as from without, the apparent security offered by such systems is misleading.

    Would you buy a safe, and only get one key, accepting that someone else will keep teh other key safe for you?

  2. Whatever you lock in a safe, the key to the safe has that value.

    We understand about ordinary keys. Electronic keys are not that different.

  3. 'Poor Security is worse than No Security' Security can be difficult to arrange, and a nuisance when installed. Many make their own arrangements without understanding the threats properly. They do half a job. Thinking they have done a full job, everything is now commited to the weak protection of the poor security, and is at risk.

    With no security system in place, people distribute their assets so that a successful attack will recover something, but not everything.

  4. There can be no general rules for managing passwords.

    I can devise a good system for choosing and managing passwords. The more open I am about my system, the more others copy it, the less useful it becomes. However one must not rely upon ...

  5. Security from Obscurity is not security.

    If any substantial part of your system of security depends upon others not knowing which bits of your system are weak, then you system is all the weeaker.

  6. No security system is stronger than its weakest element.
Important: Please note that our law-bytes are retained for archival purposes only. The law changes, and these notes are often, now, out of date. You must take direct advice on your own personal situation and the law as it currently stands.
All information on this site is in general and summary form only. The content of any page on this site may be out of date and or incomplete, and you should not not rely directly upon it. Take direct professional legal advice which reflects your own particular situation.
Home |  lawindexpro |  Forum | 
| Two Doves Counselling | Faulty Flipper
Copyright and Database Rights: David Swarbrick 2012
18 October 2013 67 18 October 2013