Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


09:35 AM
Connect Directly

You Can Quote Me on That

And we did - 12 months of memorable statements, gaffes, and asides from Dark Reading

An embarrassment of riches: That's what we found when we went back to a year's worth of stories on Dark Reading to find the most notable and quotable. It's a little early in our lifespan to be getting nostalgic, but if nothing else, what follows here is a good snapshot of the people, issues, and technology that shape today's security landscape.

Hit us up here or here and let us know your favorite.

So That's Why He Hums "Close to You"
"HD makes security hot. Everyone wants to take him to the prom."
— Dennis Cox, CTO, BreakingPoint, on his colleague HD Moore, in 10 Hot Security Startups

Yes We Can, And Do, Every Time We're in a Merge Lane
"Our problem as technologists is we can't pretend people don't exist. We must build security for people."
— Bruce Schneier, founder and CTO, BT Counterpane, in Schneier: In Touch With Security's Sensitive Side

What Happened to "Honey, Time to Get Up"?
"He [the FBI agent] had a gun to my head and said, 'Don't move,' and yanked my covers off. And there was this guy running past my room with a shotgun like [it was] a drug [bust]. This was extreme, because I was just some computer nerd."
— Marc Maiffret, chief hacking officer and CTO, eEye Digital Security, in From Script Kiddie to CTO

Why Hope Makes a Bad Strategy
"It's like putting a stick in the ground and hoping a guy running at you runs into that instead."
— Jose Nazario, software and security engineer, Arbor Networks, on the relative ineffectiveness of honeypots, in Enterprises Still Not Sweet on Honeypots

No Thanks, Bill
"As long as I'm releasing exploit code, I couldn't work for them, and I'm fine with that. My work is contrary to companies who sell security solutions... I don't want to be gagged by corporate culture."
— HD Moore, director of security research, BreakingPoint Systems, on job offers from Microsoft, in HD Moore Unplugged

This Also Qualifies Them to Work in PR
"People think that black hats target a specific company, but they don't. They see everyone, everywhere, and everything as a resource, IP address, or number, and they will use you to their best advantage. A lot of people think their companies are too small to be targets -- but they are, and so are their neighbors."
— Scott Swenka, security engineer for a Phoenix-based healthcare company, in Five Myths About Black Hats

WWF Meets "The Office"
"He raced toward us and began trying to pry the laptop from my colleague's hands, while cursing and calling us unprintable names. Finally my colleague was overpowered and lost the laptop. I was amazed at how strong this guy suddenly became, since he had to be 15 years older than my partner."
— Steve Stasiukonis, VP and founder, Secure Network Technologies, on a social engineering stunt gone awry, in Let's Wrestle for It

Yeah? Try Juggling a Chainsaw, Anvil, and Lit Torch, Too
"The problem IPS is trying to tackle is extremely hard -- to look at network traffic and understand the intent of it. It's like walking a tightrope between false positives and false negatives in an earthquake. It's moving all the time, and catching all variants of an attack is difficult."
— Thomas Ptacek, researcher, Matasano Security, in IDS/IPS: Too Many Holes?

First, We Kill All the Users
"You can't expect the user to have any input into the security equation -- it just doesn't work. It has to be taken out of the user's hands and built into the browsers, into the ISPs that route the traffic, into the operating system that has to render the pages. When you take it out of the user’s hands, it’s suddenly far more scalable, easier to update, and easier to adapt."
— Hacker Robert Hansen, a.k.a. RSnake, CEO, SecTheory, in Getting Users Fixed

Jaws of Strife
"No shit, it is literally jaw-dropping how stupid AOL has been. Don't forget this is the very data that Google refused to hand over the U.S. [Department of Justice] -- citing reasons of privacy."
— Blogger Ben Metcalfe, concerning AOL's inadvertent publication of live search data from 600,000+ subscribers, in Users Outraged by AOL Gaffe

Finally, Something We Can't Pin on Karl Rove
"For years, vendors treated the 'cyber-punk' as the boogeyman, and they built at least some of their business on the fear that some brilliant teen would launch a virus. Now some of them are painting organized crime as the boogeyman, spreading this notion that the Russian mafia is out to get every business."
— Marc Rogers, professor, Purdue University, in Eight Faces of a Hacker

What About Not Buying Google Stock?
"We thought we were doing everyone a favor. That was the biggest mistake of my life, not handing out an exploit."
— Hacker Jon Ellch, a.k.a. Johnny Cache, on the exploit of the Apple wireless vulnerability he developed with David Maynor, in Johnny Cache: Man in Black (Hat)

Me, I'd Need a Flashlight and a Good Map
"I just don't care... I've published enough working exploits that I can own your damn wireless drive. Anyone with a technical clue can figure out what really happened."
— Hacker Jon Ellch, a.k.a. Johnny Cache, also in Johnny Cache: Man in Black (Hat)

Phishing Rod: Buy It Now!
"There are bad guys targeting our systems every day -- it's an arms race in its most classic form. People see phishing attacks in their email on a regular basis. Some people are fooled by them. Some people learn to ignore them. Some people just get tired of seeing them and decide not to buy online anymore. Companies like eBay are targets. It's not our fault, but it's definitely our problem."
— Meg Whitman, CEO, eBay, in Banks, Retailers Seek to Regain User Trust

— The Staff, Dark Reading

  • Arbor Networks Inc.
  • BT Counterpane
  • BreakingPoint Systems
  • eBay Inc. (Nasdaq: EBAY)
  • eEye Digital Security
  • Matasano Security LLC
  • Microsoft Corp. (Nasdaq: MSFT)
  • Secure Network Technologies Inc.

    Terry Sweeney is a Los Angeles-based writer and editor who has covered technology, networking, and security for more than 20 years. He was part of the team that started Dark Reading and has been a contributor to The Washington Post, Crain's New York Business, Red Herring, ... View Full Bio

    Recommended Reading:

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 7/2/2020
    Ripple20 Threatens Increasingly Connected Medical Devices
    Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
    DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
    Dark Reading Staff 6/30/2020
    Register for Dark Reading Newsletters
    White Papers
    Current Issue
    How Cybersecurity Incident Response Programs Work (and Why Some Don't)
    This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
    Flash Poll
    The Threat from the Internetand What Your Organization Can Do About It
    The Threat from the Internetand What Your Organization Can Do About It
    This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2020-07-02
    Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
    PUBLISHED: 2020-07-02
    A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
    PUBLISHED: 2020-07-02
    In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
    PUBLISHED: 2020-07-02
    In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
    PUBLISHED: 2020-07-02
    In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.