Welcome!

I Am Security

Iftach Ian Amit

Subscribe to Iftach Ian Amit: eMailAlertsEmail Alerts
Get Iftach Ian Amit via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Iftach Ian Amit

I’ve recently had the great fortune to be called in as an industry expert to comment on current news at the Fox Business “Money with Melissa Francis”. I’ll be the first one to tell you that every (read: EVERY) mass media outlet has an agenda. From Fox, through CBS, NBC, CNN to Al-Jazeera. They have […] ... (more)

Offtopic – a story about customer service (or lack of such)

So some of you know that I switched (back) to a mac. Great. One tiny thing mudded the whole experience – a couple of days after getting the Macbook Pro, I’m finding a single “stuck” pixel. Really annoying (nothing life-threatning, but definitely not Apple-like…). So I call support. Great guys on the phone, really appreciative (and just as annoyed as I was by the pixel). Too bad I was on my way back to Israel – the land of service that sucks. And so I’m faced with the local Apple representative (hope that they wouldn’t stay Apple affiliated after this) – who got the repair order ... (more)

Do as I say, not as I do. RSA, Bit9, Adobe, and others…

So you thought you had everything nailed down. You might have even gone past the “best practice” (which would have driven you to compliance, and your security to the gutter), and focused on protecting your assets by applying the right … Continue reading → ... (more)

Advanced Data Exfilration

This paper has been published in several security conferences during 2011, and is now being made fully available (as well as a PDF version for downloading) Abstract Penetration testing and red-team exercises have been running for years using the same methodology and techniques. Nevertheless, modern attacks do not conform to what the industry has been preparing for, and do not utilize the same tools and techniques employed by such tests. This paper discusses the different ways that attacks should be emulated, and focuses mainly on data exfiltration. The ability to “break into” a... (more)

Identity Crisis

Here’s a common question I get asked a lot: “What technology should I use to secure my server/network/[some technology]?” The question is usually presented by someone who’s in charge of “Security” in an organization. Now, I wouldn’t have had a problem with this if this was a technician, or a pen-tester of sorts, but I get really nervous when the CISO/CIO/Security manager is the one asking. I think that this question is highly inappropriate for two reasons: You should not be looking for “technology”. Buying a product is not going to make you more secure or less secure. You should n... (more)