Skip to main content
SpringerLink
Log in

Law 6: Security Is no Stronger Than Its Weakest Link

  • Chapter
  • First Online:
Ten Laws for Security

  • 1323 Accesses

Abstract

Security is the result of many elements that interact to build the appropriate defense. As a consequence, security cannot be stronger than its weakest element.

So in war, the way is to avoid what is strong and to strike at what is weak

Sun Tzu, The art of war [123]

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 79.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Unfortunately, modern historians do not believe Herodotus’s story is reliable.

  2. 2.

    This was the method used by hacker Muslix to defeat AACS, the content protection of Blu-ray discs [269].

  3. 3.

    In 2000, the US exportation rules relaxed this limit. Currently, the restriction is mainly for the countries that are declared enemies of the US or considered as supporting terrorism. The Waasenar Arrangement regulates the international exchange of conventional arms and dual-use goods and technologies. This arrangement encompasses cryptography as a weapon. Since 2014, it also forbids the export of:

    Software “specially designed” or modified to avoid detection by “monitoring tools,” or to defeat “protective countermeasures,” of a computer or network-capable device, and performing any of the following:

    (a) The extraction of data or information, from a computer or network-capable device, or the modification of system or user data; or (b) The modification of the standard execution path of a program or process in order to allow the execution of externally provided instructions.

  4. 4.

    There is even a protocol dedicated to remote management and updates: TR69.

  5. 5.

    malloc and free are standard C language commands used to allocate dynamically some memory buffers and later free the allocated spaces.

  6. 6.

    This is why the undeleted function of an OS can retrieve some files from the recycle bin. If the segments are still free, the function just reinitiates their location in the allocation table.

Author information

Authors and Affiliations

  1. Sony Pictures Entertainment, Culver City, California, USA

    Eric Diehl

Authors
  1. Eric Diehl
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Eric Diehl .

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Diehl, E. (2016). Law 6: Security Is no Stronger Than Its Weakest Link. In: Ten Laws for Security. Springer, Cham. https://doi.org/10.1007/978-3-319-42641-9_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-42641-9_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-42639-6

  • Online ISBN: 978-3-319-42641-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation