The Laws of Information
Digital Ebola
Updated whenever I get insight

Digi's 1st Law of Information:

For every legitimate access method, there is at least one form of security
compromise related to said access method.

Every mode of access has a weakness. For a security mechanism to work at all,
it has to be able to determine when to open and when to close. This is usually
determined by password, but can also rely on other things. When calculating
Digi's 1st Law, you count the amount of user login credentials (passwords, 
codephrases, biometric, etc), plus the access methods used, (telnet, ssh, ftp)
- There will always be at least one flaw in the security mechanism PLUS the 
user credential itself. 

Simple Access Example #1:

You run a machine with 50 users. All 50 users have shell access available via 
telnet. Thats 50 different passwords a attacker can possibly brute force. 
That is at least 50 possible entry points, not counting the vulnerabilities in
the security mechanisms related.


Simple Access Example #2:

Evil record company dislikes anyone copying their media. Their solution: 
invent new type of media that cannot be copied. Flaw: if media can be 
accessed (i.e. played) then media can be copied. 



Digi's 2nd Law of Information

When seeking information of any type, your efforts will be hampered, 
stalled or thwarted by information saturation.

Example:

The best way to hide a needle, is to toss it in the haystack. 



Digi's 3rd Law of Information

When technology fails, brute force will prevail

Processes are often automated by machines. When a company implements
technology, it will not always work. Sometimes this is a documentation system,
or process scheduler, or maybe something at counts widgets. Technology has 
made the mundane simple, due to automation. Often, when the technology fails,
a company will revert back to the old days, and throw people at the problem. 
Often times, the piece of technology in question will not be fixed. 

In terms of computer security, sometimes the best password cracker is you, 
your knowledge of the target, and some time.