Researchers Demonstrate Practical Key Recovery Attack Against Smart Cards & Security Tokens

The story here is that researchers have shown it is now practical to use well known key recovery attacks on smart cards that use old encryption standards. The standards have been known to be vulnerable for some years to a particular attack method - in one case since 1998! The attacks require hundreds of thousands of attempts and so were previously thought to be impractical. But new research and performance improvements have made the cards vulnerable.

Flame, Stuxnet and Behaviour-based Anti-virus

Quite a few security commentators are calling the Flame malware 'the end of signature-based anti-virus'. Unfortunately it has been clear for some years that targeted attacks, and 'advanced persistent threats,' have signalled the inadequacy of signature-based prevention. The real issue here is where is behaviour-based anti-virus? There have been products around for some time in this area but I don't know how widespread take-up has been. Is it so poor that it could miss such a glaring threat as Flame? There is a critical need for innovation, and scope for new products. It is not the end of signature-based AV. Let's just hope there's a resurgence of behaviour-based protection measures to provide the defence-in-depth.

Secure Variant of the McEliece Cryptosystem

The McEliece public-key encryption scheme has become an interesting alternative to standard modern cryptosystems. Compared with other schemes it is not known to be broken by a quantum computer. It is also relatively efficent with a reasonable key size.

This work from the arxiv resource, shows the first construction of a McEliece based public-key cryptosystem secure against chosen ciphertext attacks