Welcome!

I Am Security

Iftach Ian Amit

Subscribe to Iftach Ian Amit: eMailAlertsEmail Alerts
Get Iftach Ian Amit via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Latest Blogs from Iftach Ian Amit
Or: why attribution is not a technical problem. TL;DR: hacking is an art and a science, computer attacks (cyber these days) are only one manifestation of an aggressor, which has very limited traits that can trace it to its origin. Relying on technical evidence without additional aspect...
The PTES (Penetration Testing Execution Standard) is standard that a small group of highly motivated and passionate practitioners have created (and yours truly). As such, it is designed to define how a penetration test should be executed – from start to finish. We tried not to sk...
Don’t mind me, just poking my head in here to make sure the cobwebs haven’t taken over this place yet
Not trying to provide the full story here, just a few thoughts and directions as to security, privacy and civil rights. (for the backdrop – Apple’s Tim Cook letter explains it best: https://www.apple.com/customer-letter/) From a technical perspective, Apple is fully capable to al...
I just saw a blog post in which Mike Kemp discovers the realities of 2010 (linkedin). (disclaimer – I know Mike and love him as a person, and this is my way of poking at him a bit – no disrespect here, but pretty much the opposite) Now, go read that post (yes, I know, it...
Hello there, welcome back to our scheduled programming on how to drum up clicks and views on your website “Powered by Fear Uncertainty and Doubt”. As most marketing organizations know, sometimes you need to be a little creative when coming up with news and research. You dra...
I’m a known and pretty vocal advocate of self learning, self starting, and inquisitive entrepreneurial spirit. As such, I’ve witnessed over my years in the security industry, a lot of occasions where the halo or myth surrounding some so-called “elite” units in t...
Keys? What are these for
Social media and online interaction are dramatically changing the way our companies and employees interface with society at large. Recent examples of people tweeting or posting something silly or offensive and being responded to by doxxing or even threats of physical abuse are, unfortu...
Adult. What a weird concept. I keep finding myself saying that word in different contexts, and it feels weird because deep inside I’m still pretty much a non-adult (can’t really say kid, so non-adult would work best here). Lately, all the buzz was around (another) overblown...
I’m writing this in response to a very well put together article written by my friend Dave Lewis on CSO Online: “Are you a legitimate military target?“. In the article Dave talks about how security researchers, practitioners, and security vendors are suddenly “s...
http://www.onstrat.com/osint/ http://www.phibetaiota.net/ http://www.phibetaiota.net/wp-content/uploads/2013/07/2013-07-11-OSINT-2ool-Kit-On-The-Go-Bag-O-Tradecraft.pdf
So it finally happened – I’ve had my first RSA in 9 years. And what an experience. Suffice to say that I ended that week with no voice, a bad back, and minimally functioning knees, but given the premise of the show I’d peg is as a huge success. First – having BS...
Lack of updates here usually means that time constraints are in effect… But apparently all that work is paying off as some of the research we have been working on is starting to get front-and-center stage. May marks a busy month where I’ll be bouncing around a few places (S...
I’ve had the pleasure and the honor to keynote this year’s ISTS (Information Security Talent Search) that ran at the Rochester Institute of Technology (RIT). Additionally I was also fortunate to get a seat with the Red Team during the event itself and work closely with some...
There seems to be a lot of chatter (at least on my highly biased Twitter and Facebook feeds) about how terrible of a show CSI:Cyber was. People seem to be extremely concerned about the fact that the show did not portray all the hacking related activities (cyber, infosec, whatever you w...
It took me a while to really decide to pull the trigger on this post. For several reasons: 1. I think the way that @ZeroFOX handled this was impeccable. As far as “we” are concerned this issue was to bed once the instigator (@avriette) balked out on actually having a constr...
I am not a lawyer. Nor I want to be one. But fortunately I have enough education and practice around legal systems – domestic and international to be “dangerous” enough so I can actually get my job done wherever I need to. This, however, is a constant balancing act, e...
This is going to be a short one, because so much has been written on this, and the level of (in)competence exhibited by so many people around this has almost driven me crazy. Yes, the Sony hack. Not going to comment on what has been done, what should have been done, the sophistication ...
Took me a while to clear up time and read Dave Aitel’s post on his experience with the NSA as compared to the interview that Edward Snowden did with James Bamford of Wired. Make sure you do too, and then come back here for a quick reality adjustment. So, just to set things straig...
So, There’s this new (for me) LinkedIn “publishing” thing, that prompted me to try it as I was posting a semi-rant there. Let’s see how well that works out: https://www.linkedin.com/today/post/article/20140531211959-1510435-security-and-maturity-beating-the-aver...
I’m starting to see a trend here with the weekend posts. I can stomach most of the FUD during the work days, but things get to me through the weekend. Oh well. There goes a “mandatory” heartbleed post: Yes, it’s a bad one. No it’s not the worst one. And no...
I tried to hold back on this one, but if you’ve read this blog (or met me in person) you know it’s hard… Another amazing research coming out of your favorite AV vendor – uncovering ground breaking security implications. Take a minute to read this: http://www.sym...
I’ve recently had the great fortune to be called in as an industry expert to comment on current news at the Fox Business “Money with Melissa Francis”. I’ll be the first one to tell you that every (read: EVERY) mass media outlet has an agenda. From Fox, through CBS, NBC, CNN to Al-Jazee...
I usually don’t weigh in on the topic, well, because I don’t have the right equipment for once, and furthermore, I think that the majority of discussions around it are led by people who woefully misrepresent most of the women in infosec that I know. But I have to share this...
Please say it ain’t so! Spy agencies are spying? I’m actually going to go out on a limb here and present my (again – MY) opinion, which might pass as complicated by people with very deterministic views (or are being spoon-fed said views through the media of their choi...
So, unless you are in the security industry and have been living under a rock in the last couple of weeks, you probably know what this #BadBIOS thing refers to. It started when Dragos Ruiu, a highly respected researcher and the founder and organizer of CanSecWest (and PacSec, and EuSec...
Reposting this from the original post I put on the IOActive website for the national cyber security awareness month… So, it’s National Cyber Security Awareness Month, and here at IOActive we have been lining up some great content for you. … Continue reading →
Yes, I know, It’s been a while since I updated anything here. Work, life, etc… So here’s a quick update/recap on some of the latest: SecurityZone 2013 was an excellent experience. Always great to get back to Cali to meet … Continue reading →
So, now that the saga with having a decent GPG mail client for Mac has been finally resolved (huge kudos to the guys at gpgtools!), it’s time to get some encryption love on an Android device. I don’t know if … Continue reading →
This post is basically a placeholder to make sure that the materials concerning an ongoing investigation are published for everyone to see. The other reason is that it seems like people think they can get away with anything when hiding … Continue reading →
So, as you might have hears, Chris Nickerson and I have been accepted to run training at BlackHat USA 2013. We are super excited about it, and as people have been asking us a ton of questions, in the old … Continue reading →
So you thought you had everything nailed down. You might have even gone past the “best practice” (which would have driven you to compliance, and your security to the gutter), and focused on protecting your assets by applying the right … Continue reading →
It’s been a long time since I posted here since life and work really got in the way (in a very good way!) to publishing here. But I just had to share this as it has some relevance to security… … Continue reading →
I am fortunate enough that some of the new topics that I have discusd lately have generated interest in the community and the industry. As such, there are obviously  voices that do not agree with the approach (I still like … Continue reading →
Why is it so f&^#ing difficult to get this right? I’m looking at you “recently identified as the most valuable public company” – Apple! The guys at GPGTools are doing some fantastic work in bringing a comprehensive GPG implementation into … Continue re...
So, I’m finally back from a very long week in Vegas. How long you ask? well, here are some numbers that start to reflect how it felt: Number of days in Vegas: 6+1 (un-planned extra day due to a missed … Continue reading →
It was pretty obvious that after an Information Security persona such as Dave Aitel has posted his “Why you shouldn’t train employees for security awareness” article, there would be a lot of flak from the industry. A lot has been … Continue reading →
Wow, there’s a blog here… Lucky for me there are other people who write new content that somehow relates to this blog so I have a chance to point to them and say “cool stuff, look there!”. My good friend … Continue reading →
One of the best things that probably happened to the research on SexyDefense is that it has been accepted to BlackHat Briefings in Las Vegas! It is truly one of the highest indicators for me that we are on the … Continue reading →