20 Total Quotes

Alan Paller Quotes

It gives anyone on the Internet who comes in as a browsing user the ability to take control of your site. Instead of looking at Web pages, they can make your computer do whatever they want.
Alan Paller
#Ability

all the new PCs and the new Web servers, multiplied by the fear of top management about security breaches and business-stopping system failures, kept these salaries [growing] three times as fast as salaries [across all industries].
Alan Paller
#Fear

It's not a major risk. It's not [doing] either of the two things that are terribly damaging. One is hurting people's machines, and one is knocking things [off-line].
Alan Paller
#Risk

[Saturday's worm] is the recruitment of soldiers, not telling the soldiers where to aim their guns.
Alan Paller
#Soldiers

CDC's prevention work, such as [administering] flu shots, is especially important, and I see a push by NIPC in that direction as well,
Alan Paller
#Prevention

The mature model at CDC could offer some wonderful guidelines for long-term planning at NIPC,
Alan Paller
#Planning

People have discovered that systems administrators have unfettered access to all the most private information being passed through their systems, ... With it comes a sense that there ought to be some controls on what they see and what they do with it. [However,] I have not yet seen any consensus on what they are going to do about these new discoveries.
Alan Paller
#Information

[Alan Paller, director of research at the SANS Institute in Bethesda, Md., said he also didn't see any ulterior motives in the NIPC's new warning.] Everything I know says that's exactly wrong, ... the largest criminal Internet attack to date.
Alan Paller
#Motives

[Alan Paller, director of the SANS Institute in Bethesda, Md., isn't so optimistic about how the new money would be used, however.] My concern would be the skill with which Washington consultants and IT vendors in particular might package every pet project as 'security-enhancing,' ... If there were a tough, rational culling process ... I'd be a fan.
Alan Paller
#Money

The bottom line is that security has been set back nearly six years in the past 18 months. Six years ago, attackers targeted operating systems and the operating system vendors didn't do automated patching. In the intervening years, automated patching protected everyone from government to grandma. Now the attackers are targeting popular applications, and the vendors of those applications do not do automated patching.
Alan Paller
#Past

We have made enormous progress over the past five years by forcing the vendors to deliver automated patching. Now the bad guys are saying: 'You did that, now we're going after the applications.' Now we have to start all over again.
Alan Paller
#Past

In the past 12 to 15 months, attackers have made a massive shift to attack applications. Automated patching started making it harder to find new vulnerable systems, so they went after applications that users are just not patching.
Alan Paller
#Past

American corporations are being riddled by (computer) attacks ? they are being defended very badly.
Alan Paller
#Corporations

This illustrates that even technologically savvy people have a hard time fighting off denial of service attacks.
Alan Paller
#Denial

Microsoft's delay is inexcusable. There's no excuse other than incompetence and negligence.
Alan Paller
#Delay

The shortcut to improved security [is] universal, repeatable monitoring, ... The Army is now trying Harris STAT. The big difference is that NASA picked the most critical vulnerabilities rather than looking at all 2,000. The latter always leads to overload and lack of action. NASA's approach works.
Alan Paller
#Army

Of course it's the government. Governments will pay anything for control of other governments' computers. All governments will pay anything. It's so much better than tapping a phone.
Alan Paller
#Computers

It turns out that the vast bulk of the federal information security money is spent on documenting these systems, not on securing or testing them against attacks. Most [agencies] are spending so much on the paperwork exercises that they don't have a lot of money left over to fix the problems they've identified.
Alan Paller
#Information

Fundamentally, it's an organization that is behind in making security part of its regular operations. It's very dangerous for health care data.
Alan Paller
#Health

There are no credit card numbers ... no [Defense Department] secrets. Although it would be terribly embarrassing for that data to get out, it's not terribly valuable ... unless somebody's trying to embarrass people.
Alan Paller
#Defense