QOTD on SSL & Trust

If anyone is trying to convince you to use a trust system, you have to ask, who do I have to trust and for how long?
-- Moxie Marlinspike, co-founder and CTO of Whisper Systems

Black Hat Researcher Releases Tool to Bypass SSL Certificate Authorities (see page 2) | eWeek.com

QOTD - ASIO DG on e-Spying Threat

Cyber espionage has emerged as a serious and widespread concern and one that will continue to gain prominence due to the ongoing digitisation of data and increasing reliance on technology in commercial, governmental and military business.
-- Mr David Irvine AO, Director-General of the Australian Security Intelligence Organisation

Src: Royal United Services Institute of Australia - Transcript of remarks by ASIO head

QOTD - US DoD on Threat to Intellectual Property

While the threat to intellectual property is often less visible than the threat to critical infrastructure, it may be the most pervasive cyber threat today. Every year, an amount of intellectual property larger than that contained in the Library of Congress is stolen from networks maintained by U.S. businesses, universities, and government departments and agencies.
Src: US Department of Defense Strategy for Operating in Cyberspace

QOTD on Securing Customer Data

Security is not a 6 month or 12 month initiative – it’s part of innovation and the ongoing evolution of commerce. As fast as you invent a lock, there is criminal finding a way to pick it.

Bottom line: Protecting customer data is the right thing to do. It will save you money, it will make you money, and it will engender trust with consumers so that they will want to transact with you more.
-- Sean Cook, CEO of ShopVisible

QOTD - Mogull on Social Engineering

People, by nature, are unpredictable and susceptible to manipulation and persuasion. Studies show that humans have certain behavioral tendencies that can be exploited with careful manipulation. Many of the most damaging security penetrations are, and will continue to be, due to social engineering, not electronic hacking or cracking.
-- Rich Mogull, research director for information security and risk at Gartner (in 2004), now Analyst & CEO at Securosis.

Src: Old scams pose the 'greatest security risk' - CNET News

The State of Malware in 2011

One of the most challenging aspects of information security is the need to stay up-to-date about the threats. This post from Symantec details the level of sophistication displayed by a current crop of malware, in this case, an entire malware distribution network whose purpose is to infect (& bury deep in the OS), harvest credentials, and also subvert the machine's CPU cycles to crack a mathematical problem ("bitcoin mining").

Src: Introducing Trojan.Badlib: A Malware Distribution Network | Symantec Connect Community