Microsoft’s CryptoAPI flaw/CurveBall: a teaser of the quantum threat : quantum threat

The National Security Agency recently discovered a major cryptographic flaw in Microsoft’s low-level code within their operating system. This flaw, now known as CurveBall, was found within Windows CryptoAPI and effects the way Elliptic Curve Cryptography (ECC) x.509 certificates are validated, giving attackers the ability to “undermine how Windows verifies cryptographic trust,” as stated in the NSA’s Cybersecurity Advisory on this issue.

On 14th January 2020, Microsoft released a software update to fix this serious security vulnerability. Yet, due to the potentially severe nature of this vulnerability, they first made the patch available to the US government, military and “other high-value customers/targets that manage key Internet infrastructure.” If exploited by attackers, it would give them the ability to spoof digital signatures, essential for digital security and trust.

Initially reported by Brian Krebs at KrebsOnSecurity, this story has since made headlines in major news outlets, such as the Washington Post, Tech Crunch, and Wired, all of which include public comments from Anne Neuberger, director of the NSA’s Cybersecurity Directorate.

Continue Reading

As governments increasingly recognize the coming threat that quantum computers pose to the encryption that protects everything from military secrets to tax records, ISARA Corp., the world’s leading provider of quantum-safe and crypto-agile security, will moderate a panel at this week’s 10thAnnual Billington Cybersecurity Summit on how to start building a defensive barrier to keep sensitive data safe.

Continue Reading

Part of our mission at ISARA is to educate and raise awareness of the security risks introduced by large-scale quantum computing. Since I joined ISARA in 2016, I’ve spoken to individuals, enterprises, and governments around the world, and along the way, I’ve heard some incorrect assumptions about the impact of the quantum threat and what can be done about it today.

Continue Reading

By Paul Lucier, VP of Sales and Business Development, ISARA Corporation

Published on July 2, 2019

Awareness is spreading about the threat that large-scale quantum computing poses to current public key cryptography, and both nation-states and security professionals are taking note.

Over the last six months, we have seen a significant increase in discussion and investment in quantum-safe security development and testing.

Continue Reading

On March 7, ISARA Corporation’s Chief Technology Officer & Co-Founder, Mike Brown, was invited to join The Georgian Impact Podcast hosted by Jon Prial. This podcast allows entrepreneurs to recognize opportunities and threats that they are facing in the technology industry.

Continue Reading

Federal governments realize the important role they play in preparing for both the positive and negative disruption that large-scale quantum computing will bring with it. However, as other emerging technologies are rolled out, such as cloud computing, incorporating quantum-safe security from the outset is essential. In this article, Thomas Keelan, a research associate at the […]

Continue Reading

With increased investments in quantum technology by nation states such as China and Russia, the heat is on for the United States to start taking quantum seriously. Several bills have been proposed to fund quantum research and development in the private sector and academia. Winning the quantum race will require collaboration between allied nations, academia and the private sector.

Continue Reading