There is a silver bullet : learning.

Personal heuristics

  • You don't need the best solution (which doesn't exist), only to make it too costly for your opponent.
  • Know who you are dealing with, what is their motivation and how they enforce it. How fresh your information is will lead to efficient execution.
  • only 2 solutions, trust or understand

See also

To do

  1. package in a single file (zip, pdf, word...) that can be shared outside of the wiki
    1. "send it to friends" link with several anonymous sharing means
    2. host in independent places
    3. Cookbook:ExportHTML
      1. else consider ikiwiki for its "wiki compiler" view
  2. understand better the why, not just the how
  3. consider doing a Security or Locks page
    1. principle/motivation
      1. one can behind a fence without being wrong
      2. locks do not imply lawfulness or even moral and ethical rightfulness
      3. understanding is only a mean to enforce one owns belief, not an end in itself
      4. learning and teaching process
        1. know how long your own locks will last against which set of resources
    2. means
      1. physical locks
        1. doors, walls, biology (immune system e.g. T-cell/B-cell/TCR/protein signature), padlocks, fingerprint lock, iris lock, ... Wikipedia:Category:Locks
      2. non-physical locks
        1. technological
          1. password, firewall, encryption, ...
        2. non-technological
          1. secrecy, social selection, law, induced fear, ...
    3. solutions
      1. judge picking, bribing, threatening, hijacking, ransoming, reverse engineering, intelligence, social engineering, discovering exploits, scanning for discovered exploits, privilege escalation, decryption, brute force, dictionary testing, penetration testing, delegated trust, hit&run, honeypot, man-in-the-middle, cryptanalysis, ...
      2. hybrids
        1. attack on the infrastructure (SCADA, a la Wikipedia:Stuxnet) has been used in conjunction with social engineering (fake associated tech. support) to finally reach information (final target)
          1. regarding integration, see also Metasploit and SCADA Exploits: Dawn of a New Era? by Shawn Merdinger, InfosecIsland November 2010
          2. SCADA is this just the beginning?, IT Threat Evolution for Q1-2011, Securelist
      3. step back to understand the system as chain of sub-systems
    4. see also
      1. Feynman "problem" at Los Alamos
      2. The Code Book
      3. leveraging the other pages of this group