RSA Research Unit Hunts Cyber-Threats 'That Don't Have Names'

This article reports from the Black Hat conference about new work to detect cyber threats before they attack (when it is too late - see Stuxnet!). There's not a lot of detail but I expect to see a lot more research like this coming to the fore.

Researchers Demonstrate Practical Key Recovery Attack Against Smart Cards & Security Tokens

The story here is that researchers have shown it is now practical to use well known key recovery attacks on smart cards that use old encryption standards. The standards have been known to be vulnerable for some years to a particular attack method - in one case since 1998! The attacks require hundreds of thousands of attempts and so were previously thought to be impractical. But new research and performance improvements have made the cards vulnerable.

Flame, Stuxnet and Behaviour-based Anti-virus

Quite a few security commentators are calling the Flame malware 'the end of signature-based anti-virus'. Unfortunately it has been clear for some years that targeted attacks, and 'advanced persistent threats,' have signalled the inadequacy of signature-based prevention. The real issue here is where is behaviour-based anti-virus? There have been products around for some time in this area but I don't know how widespread take-up has been. Is it so poor that it could miss such a glaring threat as Flame? There is a critical need for innovation, and scope for new products. It is not the end of signature-based AV. Let's just hope there's a resurgence of behaviour-based protection measures to provide the defence-in-depth.