April 2007

Nature reports that, “Simulation proves it’s possible to eavesdrop on super-secure encrypted messages.” A summary of the attack is that the attacker instigates a quantum entanglement of properties of the photons so that they can infer the information (encoded in polarization) by measuring the entangled property (like momentum). It isn’t a real attack, but as…

Read More Quantum Cryptography Cracked!

Via Nate, “WOOT = Usenix + Blackhat:” The call for papers is now up for a new Usenix workshop, WOOT (Workshop On Offensive Technologies, but don’t think the name came before the acronym.) The workshop will be co-hosted with Usenix Security and will focus on new practical attacks. I was recently saying that vulnerability research…

Read More WOOT! Looks Exciting

My team at work announced the launch of “The Security Development Lifecycle” blog today. After the intro post, Michael Howard leads off with “Lessons Learned from the Animated Cursor Security Bug.” I’m pretty excited. We’re focused on transparency around what we’re learning as we continue to develop the SDL.

Read More Announcing…The Security Development Lifecycle Blog

So reports Sharon Gaudin in Information Week. Actually, I think she picked up the story as McAfee spun it: “Companies Say Security Breach Could Destroy Their Business:” One-third of companies said in a recent poll that a major security breach could put their company out of business, according to a report from McAfee. The security…

Read More One Third of McAfee Survey Respondents Are Not Paying Attention

“Don’t Mess With Our Chocolate,” says Guittard. Summary: the FDA is considering changing the definitions of “chocolate” and “chocolate flavored” and “chocolaty” so that they don’t have to put as much cocoa solids in it to make it be “chocolate.” The FDA is soliciting comments, and the cutoff is April 25, so that’s not much…

Read More Save Chocolate