QOTD on Bypassing AV

For someone doing a targeted attack, AV is not too much of an obstacle. The fraudster has all the information he needs to run tests against an AV program and ensure he can defeat it. Today you can buy, in the underground market, tests for banking Trojans to ensure they're not detected by AV.
-- Toralv Dirro, security strategist for McAfee Labs

QOTD - Worldwide Threat Assessment of the US Intelligence Community

Threats are more diverse, interconnected and viral than at any time in history. Attacks, which might involve cyber and financial weapons, can be deniable and unattributable. Destruction can be invisible, latent and progressive.
-- James Clapper, Director of National Intelligence 

Src: Report: Cyberattacks a key threat to U.S. national security - CNN.com
Direct link to testimony (PDF)

QOTD - On passive attacks

While many organizations worth compromising for IP theft likely have robust perimeter defenses, not all have controls in place to defense against a scenario (in which) the attackers wait for the victims to come to them.
-- Nicholas Percoco, Senior VP of SpiderLabs (part of Trustwave)

Src: Many Watering Holes, Targets In Hacks That Netted Facebook, Twitter and Apple | The Security Ledger

QOTD - Post-Crypto World?

If someone can own your computer and see everything you're doing, it doesn't matter that the data is encrypted. If you can't trust the computer you're running crypto on, it doesn't matter how good the crypto is.
-- Dr. Matthew Green, Assistant Research Professor, Department of Computer Science, Johns Hopkins University

Src: Are we now living in a post-crypto world? - CSO Online - Security and Risk

QOTD - Shamir on APTs & Crypto

It's very hard to use cryptography effectively if you assume an APT [Advanced Persistent Threat] is watching everything on a system.
-- Adi Shamir, renowned cryptographer & A.M. Turing Award Winner

Src: Are we now living in a post-crypto world? - CSO Online - Security and Risk