Cryptography

The Norwegian University of Science and Technology (NTNU) and the
University of Erlangen-Nürnberg together with the Max Planck Institute
for the Science of Light in Erlangen have recently developed and tested a
technique exploiting imperfections in quantum cryptography systems to
implement an attack. Read the full article. [Science Daily]

Organized cyber thieves stole more than $600,000 from the Catholic Diocese of Des Moines, Iowa
earlier this month with the help of
dozens of unwitting co-conspirators hired through work-at-home job
scams, at least one of whom was told the money was being distributed to
victims of the Catholic Church sex abuse scandals. Read the full article. [KrebsonSecurity]

According to the developers, the latest release of the free SSH
connectivity tools include a number of bug fixes and several new
features. Read the full article. [The H Security]

In this video from the OWASP AppSec Research conference in Sweden, security researcher Ivan Ristic of Qualys discusses practical methods for breaking SSL.

Penn State researchers managed to
identify the pass code patterns on two Android smartphones (the HTC G1
and the HTC Nexus One), 68 percent of the time using photographs taken under
different lighting conditions, and camera positions. Read the full article. [ZDNet]

Dennis Fisher talks with Alex Hutton of the Verizon Business RISK team about the new Data Breach Investigations Report, the involvement of the Secret Service in this year’s report and the need for more and better data on attacks and successful defenses.

A password of less than seven characters will soon be “hopelessly
inadequate” even if it contains symbols as well as alphanumerical
characters, according to computer scientists at the Georgia Tech
Research Institute. Read the full article. [The Register]