Welcome!

I Am Security

Iftach Ian Amit

Subscribe to Iftach Ian Amit: eMailAlertsEmail Alerts
Get Iftach Ian Amit via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Iftach Ian Amit

So, unless you are in the security industry and have been living under a rock in the last couple of weeks, you probably know what this #BadBIOS thing refers to. It started when Dragos Ruiu, a highly respected researcher and the founder and organizer of CanSecWest (and PacSec, and EuSecWest) started posting about his exxperience […] ... (more)

The China/Google thing, accountants and other miscreants

Aha! Can’t believe I managed to avoid the unbelievable hype flood that swept across the interwebs in the last month. And to think that the last post (long overdue, I know… had REALLY good reasons for not being able to post anything) was somewhat oracleish in predicting that this would be the focus of this year. Just to set the stage right – we are at a point where I just saw a USA Today “Money” section front page article on how Google’s engagement with the NSA post the breach will affect the security vendor market, and a few VCs were also quoted to the fact that we will be seein... (more)

Identity Crisis

Here’s a common question I get asked a lot: “What technology should I use to secure my server/network/[some technology]?” The question is usually presented by someone who’s in charge of “Security” in an organization. Now, I wouldn’t have had a problem with this if this was a technician, or a pen-tester of sorts, but I get really nervous when the CISO/CIO/Security manager is the one asking. I think that this question is highly inappropriate for two reasons: You should not be looking for “technology”. Buying a product is not going to make you more secure or less secure. You should n... (more)

About CyberWar, Deterrence, and Espionage

It’s been a long time since my last post, but trust me for all the good reasons (i.e. work). This one is long due, and has been recently fueled after I had a chance to attend RAND’s Martin Libicki’s brief at the Tel-Aviv University. Spy vs. Spy - copyright Kigs, devianart. Martin is a great source for debate and thought exercises as he is fluent in many realms of the subject at hand, and has been trained as an economist which makes it much easier to broaden the debate into politics and diplomacy. I’ll address a few key elements of the brief – at least the ones that speak to me t... (more)

Intelligence on Ashiyane and the Iranian Cyber Army

One of my favorite OSINT resources internet-haganah have opened up a new thread on their forums that are dedicated to Iran, called Ashiyane. This is basically the hacker forum that I was researching a couple of years ago (see my DefCon18 talk, and here, and here). The forum thread is here: http://forum.internet-haganah.com/showthread.php?440-Ashiyane And an interesting intelligence profile for the group actually quotes my past research (which unlike what it may seem was NOT done as part of my reserve duty tasks in the Israeli AriForce…) Keep up the great work guys! Truly humbled ... (more)