Stephen Elliott Interviewed by NBC’s Today Show (Video)

Stephen Elliott Interviewed by NBC’s Today Show (Video)

Stephen Elliott Interviewed by NBC’s Today Show (Video)

Posted: 26 Sep 2013 06:45 AM PDT

NBC's Today show visited the International Center for Biometric Research at Purdue. Stephen Elliott, Associate Professor in Technology Leadership & Innovation and CERIAS Fellow, demoed the latest in biometric technologies and discussed how fingerprint and iris reading are increasingly replacing passwords as the preferred computer security method. Visit NBCNews.com for breaking news, world news, and news about the economy

Career Bobs

Posted by Rohan ingale at 1:08 AM 0 comments

Stephen Elliott Interviewed by NBC’s Today Show

Stephen Elliott Interviewed by NBC’s Today Show

Stephen Elliott Interviewed by NBC’s Today Show

Posted: 25 Sep 2013 01:37 PM PDT

NBC's Today show visited the International Center for Biometric Research at Purdue this week. Stephen Elliott, Associate Professor in Technology Leadership & Innovation and CERIAS Fellow, demoed the latest in biometric technologies and discussed how fingerprint and iris reading are increasingly replacing passwords as the preferred computer security method. The segment will air approximately at 7:40am (EST) Thursday (09/26) morning.

Career Bobs

Posted by Rohan ingale at 1:13 AM 0 comments

A Valuable Resource for Young People (limited time offer)

A Valuable Resource for Young People (limited time offer)

A Valuable Resource for Young People (limited time offer)

Posted: 22 Sep 2013 11:25 AM PDT

Over the years, I've gotten to know many people working in security and privacy. Too few have focused on issues relating to children and young adults. Thankfully, one of these people is Linda McCarthy. A security professional with an impressive resume that includes senior positions at Sun Microsystems and Symantec, Linda has had actual "boots-on-the-ground" experience in the practice of information protection. Linda has written several books on security, including "Intranet Security - Stories from the Trenches," and "IT Security: Risking the Corporation." She also co-authored the recent free, quite popular, Facebook tutorial on security and privacy. I have read these, heard her speak, and worked with her on projects over the years -- Linda is thoughtful, engaging and an effective communicator on the topics of security and privacy. I'm not the only person to think so -- not too long ago she was a recipient of the prestigious Women of Influence award, presented by CSO Magazine and Alta Associates, recognizing her many achievements in security, privacy and risk management. About a decade ago, based on some personal experiences with young adults close to her, Linda took on the cause of education about how to be safe online. Youngsters seldom have the experience (and the judgement born of experience) to make the best choices about how to protect themselves. Couple that naiveté with the lure of social contact and the lack of highly-visible controls, and toss in a dash of the opportunity to rebel against elders, and a dangerous mix results. Few people, young or old, truly grasp the extent and reach in time and space of the Internet -- postings of pictures and statements never really go away. Marketers, for one, love that depth of data to mine, but it is a nightmare that can haunt the unwary for decades to come. Long term loss of privacy isn't the only threat, of course. Only last week news broke of yet another tragic suicide caused by cyberbullies; there is a quiet epidemic of this kind of abuse. Also, Miss Teen USA, Cassidy Wolf, spoke a few days ago about being the victim of cyberstalking and sexual extortion. These are not things kids think about when going online -- and neither do their parents. This is the complex milieu that Linda is confronting. In 2006, Linda began to focus on writing for the younger set and produced "Own Your Space: Keep Yourself and Your Stuff Safe Online," which is a nice introduction that kids seem to appreciate. A few years ago, Linda updated it and under a Creative Commons license it is now available as a free download from Microsoft (among others). I wrote about the release of that update in this blog in 2010. Earlier this year, Linda released a new book, "Digital Drama: Staying Safe While Being Social Online" (also available en español). This book covers a multitude of issues, including privacy, reputation, online bullying and stalking, avoiding predators, spotting scams, how to manage settings and online persona, and a wealth of other valuable insights for young people -- and therefore it is also of value to their parents, teachers, and an older audience that may not have the expertise but faces many of the same concerns. Linda's book doesn't address all the problems out there -- she doesn't address the really dark side of youth gang culture, for instance -- but this book does admirably cover many of the major issues that face kids who really want to stay out of trouble. What makes this especially useful is a limited-time offer. In support of National Cyber Security Awareness Month, Microsoft has provided support to allow Linda to offer a free digital download of "Digital Drama" from Amazon.com (the Spanish version, too). Parents, teachers, teens, tweens, kids, and the young at heart can all get that free download from 12am on Tuesday, September 24th until 11:59pm on Friday, September 27 (2013; times are PDT). (If you are reading this blog after that week, you should still check out the book.) To quote from the "About this book" section of Amazon: Every day, millions of teens log on and make decisions that can compromise their safety, security, privacy, and future. If you are like most teens, you are already using social networking sites like Twitter and Facebook and have your smartphone super-glued to your hand. You tag your friends in photos, share your location and thoughts with friends, and post jokes online that later may be misunderstood. At the same time, you might not realize how that information can affect your reputation and safety, both online and offline. We've all heard the horror stories of stolen identities, cyber stalking, pedophiles on the Internet, and lost job, school, and personal opportunities. All teens need to learn how to protect themselves against malware, social networking scams, and cyberbullies. Learn crucial skills: - Deal with cyberbullies - Learn key social networking skills - Protect your privacy - Create a positive online reputation -Protect yourself from phishing and malware scams Spaf sez, "Check it out."

Career Bobs

Posted by Rohan ingale at 1:05 AM 0 comments

Call for Papers: 2014 Symposium and Bootcamp on the Science of Security (HotSoS)

Call for Papers: 2014 Symposium and Bootcamp on the Science of Security (HotSoS)

Call for Papers: 2014 Symposium and Bootcamp on the Science of Security (HotSoS)

Posted: 19 Sep 2013 01:57 PM PDT

2014 Symposium and Bootcamp on the Science of Security (HotSoS) sponsored by NSA April 8-9, 2014, Raleigh, North Carolina, United States More information »

Career Bobs

Posted by Rohan ingale at 1:10 AM 0 comments

Purdue’s Spafford to Receive Two Top Honors in Cybersecurity

Purdue’s Spafford to Receive Two Top Honors in Cybersecurity

Purdue’s Spafford to Receive Two Top Honors in Cybersecurity

Posted: 17 Sep 2013 06:05 AM PDT

WEST LAFAYETTE, Ind. - Purdue University professor Eugene H. Spafford, a recipient of numerous honors and federal appointments, will soon receive two of the biggest awards in his field. The computer science professor and executive director of Purdue's Center for Education and Research in Information Assurance and Security will be inducted into the National Cyber Security Hall of Fame in Baltimore on Oct. 9. He also has been selected for the Harold F. Tipton Lifetime Achievement Award. The honors are by two separate organizations, but he was informed within hours from both entities of his selection. "What's special about these awards is the value of what I've done is seen outside of academia," said Spafford, a frequent cybersecurity source for national and international news media. "It's evidence that the work here makes a difference in the business and how people live their lives. It encourages others in academia that they can also make a difference and there is value in doing what we do. While succeeding in the academy, as a field, we are having an impact in many areas." Spafford, a Purdue faculty member since 1987, is one of the most recognized leaders in the information security field, having served as an adviser or consultant for major companies, law enforcement, academic and government agencies. He has served in roles with two U.S. presidents, and worked with the U.S. departments of Justice and Energy, the U.S. Air Force, National Security Agency, and Federal Bureau of Investigation. Among his honors, Network World named him in 2006 as one of the 50 most powerful people in networking. The Washington Post profiled him in 2000 as one of the most influential policy experts in information security. He has testified before Congress many times on cybersecurity. He was one of the first Morrill Award recipients at Purdue University, recognizing the significance of his contributions to scholarship, education, and service. The Harold F. Tipton Lifetime Achievement Award honors individuals for their overall contributions to the information security profession, according to the (ISC)2 website. (ISC)2 is a not-for-profit organization that educates and certifies information security professionals throughout their careers. "Dr. Spafford's innovations and advocacy have shaped the information security industry, and we are proud to recognize him for his body of work and lifelong service to our field," commented Board Awards Committee chair professor Corey Schou, Fellow of (ISC)2, CSSLP. "From being the first to analyze the Morris worm to having a prominent role in the Usenet backbone cabal, his work has propelled us light years ahead of where we would be without his contributions." The National Cyber Security Hall of Fame was created and is supported by companies and organizations committed to recognizing those who played a key role in the industry's creation, according to the hall's website. Writer: Jim Bush, 765-494-2077, jsbush@purdue.edu Source: Eugene Spafford, 765-494-7825, spaf@purdue.edu

Career Bobs

Posted by Rohan ingale at 1:33 AM 0 comments

Cryptographers Have an Ethics Problem (MIT Review)

Cryptographers Have an Ethics Problem (MIT Review)

Cryptographers Have an Ethics Problem (MIT Review)

Posted: 16 Sep 2013 06:44 AM PDT

Eugene Spafford, executive director of the CERIAS institute at Purdue University and an officer of the ACM, cautioned me against reaching simplistic ethical judgments. He said if a person is hacking computers and stealing messages to prevent a terrorist attack, they're not necessarily in violation of the society's code, which allows for "varying interpretations." More information »

Prof. Spafford Receives Lifetime Achievement Award

Posted: 16 Sep 2013 06:40 AM PDT

Press Release - 09/13/2013 (ISC) Security Congress 2013 – Chicago, IL, September 25, 2013 — (ISC) ("ISC-squared"), the world's largest not-for-profit information security professional body and administrators of the CISSP®, announced today that its Board of Directors has selected Dr. Eugene H. Spafford, Ph.D., CISSP, Fellow of the ACM, the AAAS, the IEEE and (ISC)2 and Distinguished Fellow of ISSA, as the recipient of the 2013 (ISC)2 Harold F. Tipton Lifetime Achievement Award, and Diana-Lynn Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP, for the 2013 James R. Wade (ISC)2 Service Award. The prestigious Harold F. Tipton Lifetime Achievement Award recognizes an individual for lifelong contributions to the advancement of the information security profession. Named after Harold F. Tipton, CISSP, an industry pioneer and (ISC)2 co-founder, the award is given annually to recognize those who have dedicated themselves to carrying on Mr. Tipton's legacy of passionately promoting and enhancing the information security profession. An innovator and advocate for both technology and professionalism, Dr. Eugene H. Spafford has more than 30 years of experience in computing as a student, researcher consultant and professor, including 26 years as a professor of Computer Sciences at Purdue University. He is also the founder and Executive Director of the Center for Education and Research in Information Assurance and Security. Some of his work is at the foundation of current security practice, including intrusion detection – such as the first free, over the Internet intrusion detection system - Tripwire®, firewalls, and whitelisting. His most recent work has been in cyber security policy, forensics, and future threats. In 2012, he was named as one of Purdue's inaugural Morrill Professors — the university's highest award for the combination of scholarship, teaching, and service. Among many other activities, he is currently the chair of the Public Policy Council of ACM (USACM), is a member of the EPIC Advisory Board, and is editor-in-chief of the journal Computers & Security. In addition to being the selected as this year's Harold F. Tipton Award recipient, Dr. Spafford was just inducted to the National Cyber Security Hall of Fame. "Dr. Spafford's innovations and advocacy have shaped the information security industry, and we are proud to recognize him for his body of work and lifelong service to our field," commented Board Awards Committee chair Prof. Corey Schou, Fellow of (ISC)2, CSSLP. "From being the first to analyze the Morris worm to having a prominent role in the Usenet backbone cabal, his work has propelled us light years ahead of where we would be without his contributions." "I am honored to receive this prestigious and respected award," said Dr. Spafford. "Organizations like (ISC)2 remind us of the evolution the information security industry has seen over the last 30 years. I hope my work continues to contribute to that evolution and serves to bring greater awareness of the essential role information security plays in our society." The annual James R. Wade (ISC)2 Service Award recognizes volunteers who have made a sustained and valuable contribution to (ISC)2. The award's namesake was instrumental in shaping (ISC)2 and the information security profession through his active and tireless volunteerism. With over 25 years of experience in information security, Diana-Lynn Contesti is the Chief Information Security Officer (CISO) for a Global Fortune 100 company headquartered in Luxembourg. In this role, Diana provides oversight on the information security program and develops standards and guidelines that are used internationally. Prior to joining the global staff, she provided Information security best practices to the local organization, including developing policies, security awareness, forensic investigations, and data classification schemas. Diana has delivered many presentations on the security related to SCADA systems, as well as APT, UNIX security and securing Active Directory and is a published author of the Official (ISC)2 Guide to the SSCP® CBK® (first edition). An active (ISC)2 volunteer for 15 years, Ms. Contesti is a former Chair and current member of the (ISC)2 Board of Directors, serves on the (ISC)2 Application Security Advisory Board (ASAB) and recently championed the formation of the (ISC)2 Women in Security initiative, aimed at providing greater support for women in security and increasing awareness of information security as a career option for women at all stages of their lives. Additionally, Ms. Contesti has been a member of the item writing team for the past seventeen years and is an outgoing member of the North American Advisory Board (NAAB). "I knew Mr. Wade personally for many years, and I saw the change he inspired in our organization and the impact he had on the profession," reflected Ms. Contesti. "The honor I feel for being selected to receive this award in his namesake is indescribable. I am grateful to have the opportunity to give back to an industry and an organization that has given me so much." "Ms. Contesti's passion for the mission of (ISC)2 is an inspiration," added Schou. "This award does not begin to demonstrate our gratitude for her contributions, both to the organization and the members we serve. "Both Dr. Spafford's and Ms. Contesti's are inspiring examples for established and aspiring information security professionals alike. We applaud them for their achievements and devotion to furthering the information security profession and to inspiring a safe and secure cyber world for all." For more information on (ISC)2's awards programs, please visit www.isc2.org/awards. About (ISC)2 (ISC)2 is the largest not-for-profit membership body of certified information and software security professionals worldwide, with over 90,000 members in more than 135 countries. Globally recognized as the Gold Standard, (ISC)2 issues the Certified Information Systems Security Professional (CISSP) and related concentrations, as well as the Certified Secure Software Lifecycle Professional (CSSLP), the Certified Cyber Forensics Professional (CCFPSM), Certified Authorization Professional (CAP), and Systems Security Certified Practitioner (SSCP) credentials to qualifying candidates. (ISC)2's certifications are among the first information technology credentials to meet the stringent requirements of ISO/IEC Standard 17024, a global benchmark for assessing and certifying personnel. (ISC)2 also offers education programs and services based on its CBK®, a compendium of information and software security topics. More information is available at www.isc2.org.

Career Bobs

Posted by Rohan ingale at 1:07 AM 0 comments

Just sayin

Just sayin

Just sayin

Posted: 09 Sep 2013 06:44 PM PDT

In the June 17, 2013 online interview with Edward Snowden, there was this exchange: Question: Mathius1 17 June 2013 2:54pm Is encrypting my email any good at defeating the NSA survelielance? Id my data protected by standard encryption? Answer: Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it. I simply thought I'd point out a statement of mine that first appeared in print in 1997 on page 9 of Web Security & Commerce (1st edition, O'Reilly, 1997, S. Garfinkel & G. Spafford): Secure web servers are the equivalent of heavy armored cars. The problem is, they are being used to transfer rolls of coins and checks written in crayon by people on park benches to merchants doing business in cardboard boxes from beneath highway bridges. Further, the roads are subject to random detours, anyone with a screwdriver can control the traffic lights, and there are no police. I originally came up with an abbreviated version of this quote during an invited presentation at SuperComputing 95 (December of 1995) in San Diego. The quote at that time was everything up to the "Further...." and was in reference to using encryption, not secure WWW servers. A great deal of what people are surprised about now should not be a surprise -- some of us have been lecturing about elements of it for decades. I think Cassandra was a cyber security professor....

Prof. Spafford Selected for the National Cyber Security Hall of Fame

Posted: 09 Sep 2013 02:05 PM PDT

NEWS RELEASE Contact: info@cybersecurityhalloffame.com National Cyber Security Hall of Fame releases Final Selectees for the Class of 2013 Baltimore, MD (September 3, 2013): The National Cyber Security Hall of Fame, today released the names of 5 cyber security pioneers who will be enshrined in the National Cyber Security Hall of Fame on Wednesday, October 9th at a gala banquet in Baltimore. In announcing the inductees, Mike Jacobs, the first Information Assurance Director for the National Security Agency (NSA) and Chairman of the National Cyber Security Hall of Fame said, "these honorees continue to represent the best and the brightest of our past. These individuals helped define an industry and secure a nation." Of the more than 250 nominations reviewed, the board of advisors named 5 inductees to the 2013 Cyber Security Hall of Fame: Willis H. Ware – Ph.D., Princeton University, 1951. Pioneer in all aspects of computer technology from hardware and software to public policy and legislation; created the first definitive discussion of information system security, as Chair of a Defense Department committee, treating the subject as both a technical matter and policy issue. James Anderson (posthumously) – Effectively started the field of intrusion detection, invented the concept of the reference monitor and originated the idea of contaminated media and loading an altered OS, the "2-card loader" issue, whose intellectual successors are such things as Stuxnet, and advanced persistent threats(APT) and arguably was the first computer virus. Eugene Spafford –One ofthemost recognized leaders in the field of computing and information security. He has an on-going record of accomplishment as a senior advisor and consultant on issues of security and intelligence, education, cybercrime and computing policy to a number of major companies, law enforcement organizations, academic and government agencies. A pioneer in the field of information security education; inventor, with Eugene Kim developed the first free, over the Internet, intrusion detection system – Tripwire; and renowned for first analyzing the "Morris Worm" one of the earliest computer worms. David Bell – Co-authored the "Bell-La Padula model" (with Leonard J. La Padula), the most widely used security model and the only security model referenced in the Trusted Computer Systems Evaluation Criteria. Extended computer-security principles from the Trusted Computer Systems Evaluation Criteria into other contexts, such as trusted networks and trusted database systems. James Bidzos – Internet and security industry pioneer; He served as CEO of RSA Data Security from 1986 through 1999. Along with RSA co-founder and MIT professor Ron Rivest, Bidzos built RSA into the premier cryptography company in the 80s and 90s, becoming the early standard bearer for authentication and encryption; founded and continues to lead VeriSign; created the RSA Conference in 1991, and was the Chairman of the event until his retirement from that position in 2004. Nominations were made by qualified organizations engaged in cybersecurity and were ranked and reviewed by the board using established criteria in five categories: Technology; Policy; Public Awareness; Education; and Business. The 2013 class is composed of those individuals who collectively invented the technologies, created awareness, promoted and delivered education, developed and influenced policy and created businesses to begin addressing the cybersecurity problem. Biographies for the 5 inductees will be available at our website: www.cybersecurityhalloffame.com. Tickets for the Cyber Security Hall of Fame Dinner event are $250 and available at: www.FBCinc.com/CyberMDconference. The National Cyber Security Hall of Fame was established to honor the individuals and organizations with the vision and leadership to create the foundational building blocks for the cybersecurity industry. In addition to Jacobs, the board of advisors includes:Martin Hellman (Hall of Fame inductee inaugural class, 2012);John Grimes(former Chief Information Officer, Department of Defense); Karl Gumtow (CEO & Founder, Cyberpoint International); Susan Landau (Visiting Scholar,Harvard University); Francis Landolf(former Senior Executive, NSA), Robert Lentz(former Chief Information Security Officer, Department of Defense); Carl Landwehr (Hall of Fame inductee inaugural class, 2012);William Newhouse (Cybersecurity Advisor, NIST); Robert Rodriguez(Founder & CEO, SINET); Richard Schaeffer, (former Information Assurance Director, NSA); Corey Schou (Professor of Informatics, Idaho State University); and Brian Snow (former NSA Information Assurance Directorate technical director). The Hall of Fame motto, Respect the Past: Protect the Future recognizes the history and contributions of those pioneers, innovators and educators who influenced the industry and laid the foundation for the tens of thousands information security and assurance technologists working at universities, federal agencies and businesses today who stand sentry on tomorrow's cyber security challenges and solutions. The 2013 National Cyber Security Hall of Fame Gala is part of a two-day Cyber Security month celebration that includes CyberMaryland 2013 conference. This two-day conference at the epicenter of the nation's cybersecurity innovation and education, will create opportunities for networking and idea sharing amongst the many cyber leaders and professionals across the country, including: federal, state and local government agencies, academic institutions, cybersecurity entrepreneurs, and industry leaders of research and development. About the National Cyber Security Hall of Fame The National Cyber Security Hall of Fame organization has been created and is being supported by companies and organizations committed to recognizing the individuals that played a key role in the creation of the Cyber Security Industry. For more information go to http://www.cybersecurityhalloffame.com/

Career Bobs

Posted by Rohan ingale at 1:31 AM 0 comments

Prof. Spafford to Keynote ISSA International Conference

Prof. Spafford to Keynote ISSA International Conference

Prof. Spafford to Keynote ISSA International Conference

Posted: 06 Sep 2013 06:12 AM PDT

The Information Systems Security Association (ISSA) announced today a high-profile line-up of speakers for its fourth annual ISSA International Conference (#ISSAConf) to be held October 9-10 at the Nashville Convention Center in Nashville, TN. More information »

Career Bobs

Posted by Rohan ingale at 1:07 AM 0 comments