At Christmas I wrote a piece for the BBC based upon Scott Culp's 10 immutable laws of computer security. My assertion was that the laws are as valid today as they were all those years ago. However, many have commented to me that rule 3, which reads " If a bad guy has unrestricted physical access to your computer, it's not your computer anymore", is no longer true due to the use of encryption on disks. I think recent research suggests my assertion is true.
I wrote recently about work that had been published showing how encryption keys could be recovered from laptops using relatively cheap antenna and standard equipment. The technique works through walls no less. Then in the last week I've seen two other papers which are focussing down even further on side channel attacks based on various forms of differential analysis of physical characteristics one can measure in the circuitry of otherwise secure devices.
