There’s No Data Sheriff on the Wild Web (NY Times)

Eugene Spafford, a security expert and professor at Purdue University, told a House subcommittee last week that computer security experts had been aware for months that the PlayStation’s Web servers were outdated and that the company’s network lacked sufficient security — which he said Sony must have also known. But Professor Spafford does not see any new legislation in the near future that would force companies to take security more seriously. “Over the last five years there have been several bills that have been introduced through committees but never made it all the way through Congress,” he said in an interview. “Companies tend to fight the bills, saying it would be too expensive or onerous to implement better security.”

Spafford comments on RSA breach

Eugene Spafford tells Federal News Radio that, typically, it’s impossible to tell how long a breach has been going on.

Spafford comments on AT&T iPad hacking

“Having email addresses by itself is not much of a threat: people give them out all the time, and spammers can and do guess them easily,” said Eugene Spafford, executive director of the Center for Education and Research in Information Assurance and Security at Purdue University.

“It is more an issue if you can pair addresses with places of employment, such as government agencies,” he added. “Then it becomes possible to collect further information, and perhaps get a toehold into Google, Bing or other information sources.”

2 Winona State Students Are Suspected of Involvement in Large-Scale Cybercrimes

U.S. Government, Businesses Are Poorly Prepared for Cyber Attacks, Experts Say at AAAS

Spafford said academic specialists have been warning for more than 25 years about vulnerabilities in computer systems that can lead to identify theft, credit card fraud and other security intrusions.

Battling Cyber Threats

Computer security experts say the United States faces a radical shortage of highly skilled cybersecurity professionals who can prevent and combat cyber attacks. One federal official has estimated that there are only 1000 cybersecurity experts in the United States who have the deep technical knowledge required to safeguard national security; tens of thousands are needed, he believes.

Information Assurance Education 2011: A Year of Promise

Professor Spafford discusses the state of information assurance education in a podcast available on GovInfoSecurity.com.

Digital Forensics Conference Grabs Media Attention in the Middle East

Keynote presenters of this year’s conference are exceptional experts of the field. Paul Kurtz, a world renowned cyber security expert, former Assistant to the President of the United States and Senior Director for Critical Infrastructure Protection in the White House Homeland Security Council, presented on the first day. Dr. Marcus Rogers, research scholar, professor, and a fellow of CERIAS delivered his keynote address on the second day.

J.P. Morgan Wrestles Web Snarl

Computer Researcher Named Distinguished Fellow of Information Security Group

Eugene H. Spafford has been named as a Distinguished Fellow of the ISSA.