Dr. InfoSec's Quotes of the Week (007)

Friday, August 20, 2010

Christophe Veltsos

C6eac1ead1a5946e78fb19701ff40acd

Hackers Winning

"Why do hackers succeed? They're lucky, they're patient and they're brilliant. They're also better funded than you..." -- John Stewart, vice president and chief security officer, Cisco

Security Skills

"[Information security] professionals today are required to quickly detect and understand relationships and patterns within information and data to enable accuracy, timeliness and reliability of information to decision-makers for effective response. They need to understand the dynamics of their environment, gather metrics to know whether their controls are working, and then have the time to perform tool gap analysis to determine if a new technology or tool suite would fit better in their environment. This calls for a complete situational awareness across technology silos that enables detection of complex information and data patterns to quicken response time within organizations..." -- Seth Kulakow, former CISO for the Colorado Governor's Office of Information Technology

Google CEO

"If I look at enough of your messaging and your location, and use Artificial Intelligence, we can predict where you are going to go.  Show us 14 photos of yourself and we can identify who you are. You think you don't have 14 photos of yourself on the Internet? You've got Facebook photos..."-- Google CEO Schmidt

Social Security Numbers

"When a laptop is stolen, 99 percent of the time the [perpetrator] doesn't know he's got SSNs on it..." -- Thom VanHorn, VP of marketing for AppSec

Malware

"They’ll [i.e. hackers will] use the headlines of the day as bait. The malware will install itself on the user’s desktop or laptop, then dial out to another machine and say: I’ve infected this organization, come do something..." -- Wade Baker, director of risk intelligence for Verizon Business

Code-Powered Cars?

"It takes dozens of microprocessors running 100 million lines of code to get a premium car out of the driveway, and this software is only going to get more complex..." -- Robert N. Charette, writing for IEEE Spectrum

Ranum on Terminals

"It's 2010, and we still have operating systems that get infected with malware and keystroke loggers and stuff like that. As long as you have got endpoints that are so easily compromised, then you are going to have this problem. It doesn't really matter whose fault it is, you are going to have this problem because the endpoint has to be a reliable terminal, and it's not..." -- Marcus Ranum, CSO of Tenable Network Security

Social Engineering

"The thing [about social networking] that hasn't changed is the human factor. People are trusting of other people, especially if there is a request for help. One of the biggest things that worked for the Capture the Flag contest at Defcon was a contestant who said "Can you please help me with this?" Asking people for help, the human vulnerability, has not changed over the years [...] There is an inherent desire for people to help other people. There are trends of a positive nature, but they still get exploited. People are more security conscious today [...] The negative is we're so desensitized to certain attacks that we don't take notice to things that are occurring to us right under our nose..." -- Chris Hadnagy, Operations Manager for Offensive Security

Security Culture

"I find it interesting to compare and contrast the differences in information security emphasise and skills across the world. In the USA, for example, it's clear that technology rules. In the UK, process is King. (Our legacy to the world is ISO 27000). In the rest of the World, however, it's generally people and culture that top the agenda..." -- David Lacey, founding director of the Jericho Forum and the Institute for Information Security Professionals

Cross-posted from Dr. Infosec 

Possibly Related Articles:
8526
Network->General
Security Awareness
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.