Encryption

It's apparent that the physics lexicon has been dragged kicking and screaming out of the 19th century with a recent paper published in Nature Photonics titled "Hacking commercial quantum cryptography systems by tailored bright illumination." I never thought I would live to see the word "hacking" used in its proper context in a physics paper. But enough about physics lingo. What about the quantum encryption hacks alluded to by the title?

Quantum hackers have performed the first 'invisible' attack on two commercial quantum cryptographic systems. By using lasers on the systems — which use quantum states of light to encrypt information for transmission — they have fully cracked their encryption keys, yet left no trace of the hack.

THE OLD METHODS are the best has once again been proven true, with a 32-year-old encryption algorithm having been shown to be able to withstand posited quantum cryptography attacks.

Developers of the 14 semifinalist algorithms for the new SHA-3 Secure Hash Algorithm standard will have a chance to defend their work next week at the second NIST candidate conference, being held at the University of California, Santa Barbara.

Research in Motion, the creator of the widely used enterprise-come-consumer BlackBerry device, has an uncertain position in India.

The Indian government’s internal security and intelligence services cannot break the encryption of the device, which makes countering terror threats and national security matters difficult - especially for a region which faces constant threats and attacks from domestic Maoist insurgents and extremist Islamic groups.

Some German IT experts are raising doubts about Germany's DE-Mail encryption system by pointing to what they call a security problem in the proposed e-mail network, which was opened to the public for registration earlier this month.

E-mail sent through DE-Mail's servers may be decrypted and re-encrypted up to two times before reaching its target, possibly giving third parties access to its content.

A well-known cryptographic attack could be used by hackers to log into Web applications used by millions of users, according to two security experts who plan to discuss the issue at an upcoming security conference.

The FBI has admitted defeat in attempts to break the open source encryption used to secure hard drives seized by Brazilian police during a 2008 investigation.

The Bureau had been called in by the Brazilian authorities after the country's own National Institute of Criminology (INC) had been unable to crack the passphrases used to secure the drives by suspect banker, Daniel Dantas.

SPOTTING a lone messenger in a crowd of decoys is tricky - a concept that might make it possible to improve the security of quantum cryptography.

Quantum links are said to be unhackable because the "key" used to establish a secure channel is encoded into the spin of a photon. If the photon is intercepted, it becomes altered in a detectable way. However, hackers have discovered loopholes that allow them to escape detection, for instance, by intercepting the photons and replacing them with copies.

Two researchers have released a tool which can be used to crack web server-encrypted session data contained in cookies and parameters hidden in HTML pages. The method used by Juliano Rizzo and Thai Duong's Padding Oracle Exploitation Tool (Poet) can also be used to crack CAPTCHAS.

Poet utilises the Padding Oracle Attack, first discovered in 2002, to decrypt cypher block chaining (CBC) mode encrypted data without the key. Web applications such as those generated using the popular JavaServer Faces framework (JSF) are affected.