Yesterday, it was announced that physicists at the University of Toronto in Canada have successfully attacked a commercial quantum cryptography system for the first time in history.

Quantum cryptography was considered by some to be unbreakable, however, like many other security systems, the technology was built making various assumptions, and in the real-world not all these assumptions have proved to be reliable. In this case, the assumption that the physicists targeted relates to the level of tolerance for noise and associated communication errors.

In order to ensure the security is still intact, quantum cryptographic systems monitor the communication error rate, because a high error rate is indicative that the communication is being intercepted. Because it is impossible to eliminate errors entirely, the cryptographers assumed that an acceptable level of noise or error rate would be 20%.

However, in practice, it was found that there are always errors introduced during the preparation of quantum states and this extra noise exposes the system to an “intercept and resend attack”. By intercepting and reading some quantum bits and then sending them on, in such a way that the error rate remains at only 19%, the physicists demonstrated that it is possible to break quantum encryption on a commercially available system.

Computer scientists in Japan say they’ve developed a way to break the WPA encryption system used in wireless routers in about one minute.

The attack gives hackers a way to read encrypted traffic sent between computers and certain types of routers that use the WPA (Wi-Fi Protected Access) encryption system. The attack was developed by Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University, who plan to discuss further details at a technical conference set for Sept. 25 in Hiroshima.

Last November, security researchers first showed how WPA could be broken, but the Japanese researchers have taken the attack to a new level, according to Dragos Ruiu, organizer of the PacSec security conference where the first WPA hack was demonstrated. “They took this stuff which was fairly theoretical and they’ve made it much more practical,” he said.

They Japanese researchers discuss their attack in a paper presented at the Joint Workshop on Information Security, held in Kaohsiung, Taiwan earlier this month.

The earlier attack, developed by researchers Martin Beck and Erik Tews, worked on a smaller range of WPA devices and took between 12 and 15 minutes to work. Both attacks work only on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm. They do not work on newer WPA 2 devices or on WPA systems that use the stronger Advanced Encryption Standard (AES) algorithm.

The encryption systems used by wireless routers have a long history of security problems. The Wired Equivalent Privacy (WEP) system, introduced in 1997, was cracked just a few years later and is now considered to be completely insecure by security experts.

At the Black Hat security conference, Austrian IT security specialist Peter Kleissner presented a bootkit called Stoned which is capable of bypassing the TrueCrypt partition and system encryption. A bootkit combines a rootkit with the ability to modify a PC’s Master Boot Record, enabling the malware to be activated even before the operating system is started.

Available as source code, Kleissner’s bootkit can infect any currently available 32-bit variety of Windows from Windows 2000 to Windows Vista and the Windows 7 release candidate. Stoned injects itself into the Master Boot Record (MBR), a record which remains unencrypted even if the hard disk itself is fully encrypted. During startup, the BIOS first calls the bootkit, which in turn starts the TrueCrypt boot loader. Kleissner says that he neither modified any hooks, nor the boot loader, itself to bypass the TrueCrypt encryption mechanism. The bootkit rather uses a “double forward” to redirect I/O interrupt 13h, which allows it to insert itself between the Windows calls and TrueCrypt. Kleissner tailored the bootkit for TrueCrypt using the freely available TrueCrypt source code.

Once the operating system has been loaded, Stoned can get to work and install malware, such as a banking trojan, in the system. Peter Kleissner, who is only 18 years old, has also included several plug-ins, for example a boot password cracker and a routine for infecting the BIOS. The framework layout of Stoned allows other programmers to develop their own plug-ins for the bootkit. Kleissner thinks that Stoned could also be of interest to investigation agencies, for example for developing a federal trojan.

Once installed, Stoned cannot be detected with traditional anti-virus software because no modifications of Windows components take place in memory, says Kleissner. Stoned runs in parallel with the actual Windows kernel. Even an anti-virus function in the BIOS can’t stop the bootkit, as modern Windows versions modify the MBR without referring to the BIOS.

However, administrator privileges or physical access to a system are required for an infection. At present, only machines running the traditional BIOS are vulnerable. The attack is unsuccessful when the BIOS successor the Extensible Firmware Interface (EFI) is at work on the motherboard. The most effective protection appears to be encrypting the entire hard disk with software that is based on the Trusted Platform Module (TPM).

For instance, using Windows’ own BitLocker encryption mechanism is said to be a reliable antidote, because an infected MBR’s hash value no longer corresponds to the hash value stored in the TPM, prompting the TPM to abort the boot process. Kleissner didn’t have an answer to the question whether a hardware-encrypted hard disk is capable of preventing an infection.

This quick demonstration shows how easily and how quickly law enforcement agencies and hackers are able to recover the raw disk image from an iPhone 3G[s]… and how anyone with a very basic skill set could get to all your live AND DELETED pictures, videos, contacts, email, and more.

Security experts from remote-expoit.org have recently released an open-source wireless keyboard sniffer known as Keyleriki.  This application is reportedly capable of intercepting and decoding keystrokes from Microsoft based wireless keyboards. The security group known as has finally released this software to the general public in the hopes of making manufacturers and the general public aware of this serious security concern.

The increased prevalence of wireless technology in business environments has lead to significant research by cyber criminals into ways to exploit our new found dependence on such equipment.  This is just one example of countless many exploits that are currently ‘in the wild’.  But this, is perhaps one of the more severe examples as there is no way to encrypt keystrokes other than relying on the obviously poor XOR protocols that are so weak they can be decrypted on the fly.

Whilst critics argue that the range of these attacks is minimal, they have been launched from as far away as 30 feet. What is the risk of an intruder talking their way into your office? Recent studies have shown that a great many corporations are still vulnerable to social engineering attacks.  With potentially no way to secure these keystrokes, corporations really do need to consider their security policies in the wireless age, but how do you ensure your policies are adequate to protect against this sort of attack?  Think about wired alternatives until a safe wireless solution comes along.

In conclusion, attacks like this are remarkably easy to avoid by simply having rugged staff training and regular hardware auditing.  Encryption, firewalls and anti-virus only go so far.  These days multi-layer security policies are essential in ensuring both data and now, even keystrokes are safe.

Recent sources close to the US government have admitted that army web servers have been the victim of attack by a group of ‘elite’ computer hackers known as M0sted.  This group, it claims, were able to use a remote injection exploit to gain access to a number of web servers belonging to the US Army Corps of Engineers.

Reportedly, other than setting up a number of redirects to their own homepage, it is not clear as to how far the attacks actually went and whether or not they actually managed to steal any sensitive records or classified information, but the fact that these hackers seem to have managed to exploit remote injection vulnerabilities to gain access to these servers is perhaps evidence that the US Army’s computer network is still the equivalent of Swiss cheese.

This particular attack was executed by a group of Turkish hackers, who may very well be operating for Al Qaeda.  The aim of this attack seemed to be website defacement, but it is unclear as to whether the group actually progressed beyond that to to access sensitive computer systems.

In this example, these attacks were not the cause of a glitch in hardware or software, but more likely than not the result of human error. Specifically, it would seem that the army was the victim of remote SQL-injection hack that gave these hackers the ability to insert anything of their choosing into the database of the server, which is the result of nothing other than bad coding.

The US army should be leading the fight against cybercrime, not becoming victim to it, instead, they operate under the impression their systems are “secure”.  In today’s age of targeted cyber attacks, this is literally the equivalent of putting your head in the sand.