| Just sayin Posted: 09 Sep 2013 06:44 PM PDT In the June 17, 2013 online interview with Edward Snowden, there was this exchange: Question: Mathius1 17 June 2013 2:54pm Is encrypting my email any good at defeating the NSA survelielance? Id my data protected by standard encryption? Answer: Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it. I simply thought I'd point out a statement of mine that first appeared in print in 1997 on page 9 of Web Security & Commerce (1st edition, O'Reilly, 1997, S. Garfinkel & G. Spafford): Secure web servers are the equivalent of heavy armored cars. The problem is, they are being used to transfer rolls of coins and checks written in crayon by people on park benches to merchants doing business in cardboard boxes from beneath highway bridges. Further, the roads are subject to random detours, anyone with a screwdriver can control the traffic lights, and there are no police. I originally came up with an abbreviated version of this quote during an invited presentation at SuperComputing 95 (December of 1995) in San Diego. The quote at that time was everything up to the "Further...." and was in reference to using encryption, not secure WWW servers. A great deal of what people are surprised about now should not be a surprise -- some of us have been lecturing about elements of it for decades. I think Cassandra was a cyber security professor.... |
| Prof. Spafford Selected for the National Cyber Security Hall of Fame Posted: 09 Sep 2013 02:05 PM PDT NEWS RELEASE Contact: info@cybersecurityhalloffame.com National Cyber Security Hall of Fame releases Final Selectees for the Class of 2013 Baltimore, MD (September 3, 2013): The National Cyber Security Hall of Fame, today released the names of 5 cyber security pioneers who will be enshrined in the National Cyber Security Hall of Fame on Wednesday, October 9th at a gala banquet in Baltimore. In announcing the inductees, Mike Jacobs, the first Information Assurance Director for the National Security Agency (NSA) and Chairman of the National Cyber Security Hall of Fame said, "these honorees continue to represent the best and the brightest of our past. These individuals helped define an industry and secure a nation." Of the more than 250 nominations reviewed, the board of advisors named 5 inductees to the 2013 Cyber Security Hall of Fame: Willis H. Ware – Ph.D., Princeton University, 1951. Pioneer in all aspects of computer technology from hardware and software to public policy and legislation; created the first definitive discussion of information system security, as Chair of a Defense Department committee, treating the subject as both a technical matter and policy issue. James Anderson (posthumously) – Effectively started the field of intrusion detection, invented the concept of the reference monitor and originated the idea of contaminated media and loading an altered OS, the "2-card loader" issue, whose intellectual successors are such things as Stuxnet, and advanced persistent threats(APT) and arguably was the first computer virus. Eugene Spafford –One ofthemost recognized leaders in the field of computing and information security. He has an on-going record of accomplishment as a senior advisor and consultant on issues of security and intelligence, education, cybercrime and computing policy to a number of major companies, law enforcement organizations, academic and government agencies. A pioneer in the field of information security education; inventor, with Eugene Kim developed the first free, over the Internet, intrusion detection system – Tripwire; and renowned for first analyzing the "Morris Worm" one of the earliest computer worms. David Bell – Co-authored the "Bell-La Padula model" (with Leonard J. La Padula), the most widely used security model and the only security model referenced in the Trusted Computer Systems Evaluation Criteria. Extended computer-security principles from the Trusted Computer Systems Evaluation Criteria into other contexts, such as trusted networks and trusted database systems. James Bidzos – Internet and security industry pioneer; He served as CEO of RSA Data Security from 1986 through 1999. Along with RSA co-founder and MIT professor Ron Rivest, Bidzos built RSA into the premier cryptography company in the 80s and 90s, becoming the early standard bearer for authentication and encryption; founded and continues to lead VeriSign; created the RSA Conference in 1991, and was the Chairman of the event until his retirement from that position in 2004. Nominations were made by qualified organizations engaged in cybersecurity and were ranked and reviewed by the board using established criteria in five categories: Technology; Policy; Public Awareness; Education; and Business. The 2013 class is composed of those individuals who collectively invented the technologies, created awareness, promoted and delivered education, developed and influenced policy and created businesses to begin addressing the cybersecurity problem. Biographies for the 5 inductees will be available at our website: www.cybersecurityhalloffame.com. Tickets for the Cyber Security Hall of Fame Dinner event are $250 and available at: www.FBCinc.com/CyberMDconference. The National Cyber Security Hall of Fame was established to honor the individuals and organizations with the vision and leadership to create the foundational building blocks for the cybersecurity industry. In addition to Jacobs, the board of advisors includes:Martin Hellman (Hall of Fame inductee inaugural class, 2012);John Grimes(former Chief Information Officer, Department of Defense); Karl Gumtow (CEO & Founder, Cyberpoint International); Susan Landau (Visiting Scholar,Harvard University); Francis Landolf(former Senior Executive, NSA), Robert Lentz(former Chief Information Security Officer, Department of Defense); Carl Landwehr (Hall of Fame inductee inaugural class, 2012);William Newhouse (Cybersecurity Advisor, NIST); Robert Rodriguez(Founder & CEO, SINET); Richard Schaeffer, (former Information Assurance Director, NSA); Corey Schou (Professor of Informatics, Idaho State University); and Brian Snow (former NSA Information Assurance Directorate technical director). The Hall of Fame motto, Respect the Past: Protect the Future recognizes the history and contributions of those pioneers, innovators and educators who influenced the industry and laid the foundation for the tens of thousands information security and assurance technologists working at universities, federal agencies and businesses today who stand sentry on tomorrow's cyber security challenges and solutions. The 2013 National Cyber Security Hall of Fame Gala is part of a two-day Cyber Security month celebration that includes CyberMaryland 2013 conference. This two-day conference at the epicenter of the nation's cybersecurity innovation and education, will create opportunities for networking and idea sharing amongst the many cyber leaders and professionals across the country, including: federal, state and local government agencies, academic institutions, cybersecurity entrepreneurs, and industry leaders of research and development. About the National Cyber Security Hall of Fame The National Cyber Security Hall of Fame organization has been created and is being supported by companies and organizations committed to recognizing the individuals that played a key role in the creation of the Cyber Security Industry. For more information go to http://www.cybersecurityhalloffame.com/ |
0 comments:
Post a Comment