If you use the Bleeding Edge Snort rules to alert on spyware, there’s a request for data on the Bleeding Edge blog. One user has already contributed virus data. Now they’re looking to add in spyware data for anaylysis purposes.
Here’s an interesting paper entitled Honeypots Revealed.
Here’s a year-old paper on a type of non-cryptographic attack on public key cryptography called Fuzzy Fingerprinting.
Using PKI isn’t all beer and skittles. It’s meant for very specific applications, not as a cure-all (even for PKI-token-based logins). Here’s a paper discussing some of the shortcomings.