Hacker humor, you
have been warned...Some nice, some twisted, all funny!
Computer Security Maxims
Antique Maxim: A security device, system, or program is most vulnerable near the end of its life.
Payoff Maxim: The more money that can be made from defeating a technology, the more attacks, attackers, and hackers will appear.
I Hate You Maxim 1: The more a given technology is despised or distrusted, the more attacks, attackers, and hackers will appear.
I Hate You Maxim 2: The more a given technology causes hassles or annoys security personnel, the less effective it will be.
Shannon’s (Kerckhoffs’) Maxim: The adversaries know and understand the security hardware and strategies being employed.
Corollary to Shannon’s Maxim: Thus, “Security by Obscurity”, i.e., security based on keeping long-term secrets, is not a good idea.
Gossip Maxim: People and organizations can’t keep secrets.
Plug into the Formula Maxim: Engineers don’t understand security. They think nature is the adversary, not people. They tend to work in solution space, not problem space. They think systems fail stochastically, not through intelligent malicious intent.
Rohrbach’s Maxim: No security device, system, or program will ever be used properly (the way it was designed) all the time.
Rohrbach Was An Optimist Maxim: Few security devices, systems, or programs will ever be used properly.
Insider Risk Maxim: Most organizations will ignore or seriously underestimate the threat from insiders.
We Have Met the Enemy and He is Us Maxim: The insider threat from careless or
complacent employees & contractors exceeds the threat from malicious insiders (though the latter is not negligible.)
Troublemaker Maxim: The probability that a security professional has been marginalized by his or her organization is proportional to his/her skill, creativity, knowledge, competence, and eagerness to provide effective security.
Computer Security Maxims 
