Feedback and/or contributions to make this better are appreciated and welcome
Highlighted quotes of the week:
“Real IT/security talent will work where they make a difference, not where they reduce costs, “align w/business,” or serve other lame ends.” – Richard Bejtlich
“woodworking tools do not make chairs == security tools do not make security.” – Rafal Los
“Sec guys cannot avoid IE use in the enterprise. But we could secure it a bit by using EMET. M$ should give support, though.” – Román Medina-Heigl Hernández
“TSA bodyscans/pat-downs are to national security what WAF’s DLP’s and NAC’s are to infosec.” – Wim Remes
“To enforce a security policy for users without explanation is like forcing kids to eat vegetables… It will #fail” – Xavier Mertens
“…only 1 cookie was marked as both SECURE and HTTPOnly. Clearly these cookies should be rotated after an actual login, but why establish a session at all if you aren’t going to protect it with these basic cookie flags?” – Michael Coates
“Avg # of days in a year a website is vulnerable to at least 1 *serious vulnerability: 200” – Jeremiah Grossman
“Any dictator would admire the uniformity and obedience of the U.S. media.” – Noam Chomsky
“MD5, which usually poses a serious computational challenge to reverse