Dark Reading

An embarrassment of riches: That's what we found when we went back to a year's worth of stories on Dark Reading to find the most notable and quotable. It's a little early in our lifespan to be getting nostalgic, but if nothing else, what follows here is a good snapshot of the people, issues, and technology that shape today's security landscape.

Hit us up here or here and let us know your favorite.

So That's Why He Hums "Close to You"
"HD makes security hot. Everyone wants to take him to the prom."
— Dennis Cox, CTO, BreakingPoint, on his colleague HD Moore, in 10 Hot Security Startups

Yes We Can, And Do, Every Time We're in a Merge Lane
"Our problem as technologists is we can't pretend people don't exist. We must build security for people."
— Bruce Schneier, founder and CTO, BT Counterpane, in Schneier: In Touch With Security's Sensitive Side

What Happened to "Honey, Time to Get Up"?
"He [the FBI agent] had a gun to my head and said, 'Don't move,' and yanked my covers off. And there was this guy running past my room with a shotgun like [it was] a drug [bust]. This was extreme, because I was just some computer nerd."
— Marc Maiffret, chief hacking officer and CTO, eEye Digital Security, in From Script Kiddie to CTO

Why Hope Makes a Bad Strategy
"It's like putting a stick in the ground and hoping a guy running at you runs into that instead."
— Jose Nazario, software and security engineer, Arbor Networks, on the relative ineffectiveness of honeypots, in Enterprises Still Not Sweet on Honeypots

No Thanks, Bill
"As long as I'm releasing exploit code, I couldn't work for them, and I'm fine with that. My work is contrary to companies who sell security solutions... I don't want to be gagged by corporate culture."
— HD Moore, director of security research, BreakingPoint Systems, on job offers from Microsoft, in HD Moore Unplugged

This Also Qualifies Them to Work in PR
"People think that black hats target a specific company, but they don't. They see everyone, everywhere, and everything as a resource, IP address, or number, and they will use you to their best advantage. A lot of people think their companies are too small to be targets -- but they are, and so are their neighbors."
— Scott Swenka, security engineer for a Phoenix-based healthcare company, in Five Myths About Black Hats

WWF Meets "The Office"
"He raced toward us and began trying to pry the laptop from my colleague's hands, while cursing and calling us unprintable names. Finally my colleague was overpowered and lost the laptop. I was amazed at how strong this guy suddenly became, since he had to be 15 years older than my partner."
— Steve Stasiukonis, VP and founder, Secure Network Technologies, on a social engineering stunt gone awry, in Let's Wrestle for It

Yeah? Try Juggling a Chainsaw, Anvil, and Lit Torch, Too
"The problem IPS is trying to tackle is extremely hard -- to look at network traffic and understand the intent of it. It's like walking a tightrope between false positives and false negatives in an earthquake. It's moving all the time, and catching all variants of an attack is difficult."
— Thomas Ptacek, researcher, Matasano Security, in IDS/IPS: Too Many Holes?

First, We Kill All the Users
"You can't expect the user to have any input into the security equation -- it just doesn't work. It has to be taken out of the user's hands and built into the browsers, into the ISPs that route the traffic, into the operating system that has to render the pages. When you take it out of the user’s hands, it’s suddenly far more scalable, easier to update, and easier to adapt."
— Hacker Robert Hansen, a.k.a. RSnake, CEO, SecTheory, in Getting Users Fixed

Jaws of Strife
"No shit, it is literally jaw-dropping how stupid AOL has been. Don't forget this is the very data that Google refused to hand over the U.S. [Department of Justice] -- citing reasons of privacy."
— Blogger Ben Metcalfe, concerning AOL's inadvertent publication of live search data from 600,000+ subscribers, in Users Outraged by AOL Gaffe

Finally, Something We Can't Pin on Karl Rove
"For years, vendors treated the 'cyber-punk' as the boogeyman, and they built at least some of their business on the fear that some brilliant teen would launch a virus. Now some of them are painting organized crime as the boogeyman, spreading this notion that the Russian mafia is out to get every business."
— Marc Rogers, professor, Purdue University, in Eight Faces of a Hacker

What About Not Buying Google Stock?
"We thought we were doing everyone a favor. That was the biggest mistake of my life, not handing out an exploit."
— Hacker Jon Ellch, a.k.a. Johnny Cache, on the exploit of the Apple wireless vulnerability he developed with David Maynor, in Johnny Cache: Man in Black (Hat)

Me, I'd Need a Flashlight and a Good Map
"I just don't care... I've published enough working exploits that I can own your damn wireless drive. Anyone with a technical clue can figure out what really happened."
— Hacker Jon Ellch, a.k.a. Johnny Cache, also in Johnny Cache: Man in Black (Hat)

Phishing Rod: Buy It Now!
"There are bad guys targeting our systems every day -- it's an arms race in its most classic form. People see phishing attacks in their email on a regular basis. Some people are fooled by them. Some people learn to ignore them. Some people just get tired of seeing them and decide not to buy online anymore. Companies like eBay are targets. It's not our fault, but it's definitely our problem."
— Meg Whitman, CEO, eBay, in Banks, Retailers Seek to Regain User Trust

— The Staff, Dark Reading