Iftach Ian Amit

Here’s a common question I get asked a lot: “What technology should I use to secure my server/network/[some technology]?” The question is usually presented by someone who’s in charge of “Security” in an organization. Now, I wouldn’t have had a problem with this if this was a technician, or a pen-tester of sorts, but I get really nervous when the CISO/CIO/Security manager is the one asking. I think that this question is highly inappropriate for two reasons: You should not be looking for “technology”. Buying a product is not going to make you more secure or less secure. You should not be trying to protect a technology. Your servers, networks, routers, PCs, etc… are not the focus of information security. Having been working with senior management – sometimes as an advisor/consultant, and sometimes as a “virtual CISO”, I know that this is not what we expect the CISO or s... (more)

Advanced Data Exfilration

This paper has been published in several security conferences during 2011, and is now being made fully available (as well as a PDF version for downloading) Abstract Penetration testing and red-team exercises have been running for years using the same methodology and techniques. Nevertheless, modern attacks do not conform to what the industry has been preparing for, and do not utilize the same tools and techniques employed by such tests. This paper discusses the different ways that attacks should be emulated, and focuses mainly on data exfiltration. The ability to “break into” a... (more)

Cyber[FUD]Fare – repost from fudsec.com

As promised – here is the “official” cross-post from my guest appearance on fudsec.com. Enjoy! I’ve been intravenously fed with FUD for as long as I’ve been in the business. The main strategy for understanding that you are facing FUD is to realize that there is a financial motivation behind the FUD-spreading entity. This has served me well over the years and managed to keep me out of trouble (i.e. buying/selling/liking any “you gotta have this!!!” technology). I have to admit that when I started seeing what the media is doing to the term CyberWar, I was a bit baffled. What’s the... (more)

Stuxnet Analysis Report

So, after quite some time of working behind the scenes, and making an effort to focus on essence rather than buzz, the CSFI have published their official report on Stuxnet. I have had the opportunity to assist (just a bit… work has been taking its toll) in the report writing – mostly in terms of countermeasures for a threat like this, and some basic analysis. Feel free to download the report form here:CSFI_Stuxnet_Report_V1 As well as watch the demonstration video on the CSFI website: http://csfi.us/?page=stuxnet Kudos to all the great contributions from the CSFI-CWD (Cyber Secur... (more)

The China/Google thing, accountants and other miscreants

Aha! Can’t believe I managed to avoid the unbelievable hype flood that swept across the interwebs in the last month. And to think that the last post (long overdue, I know… had REALLY good reasons for not being able to post anything) was somewhat oracleish in predicting that this would be the focus of this year. Just to set the stage right – we are at a point where I just saw a USA Today “Money” section front page article on how Google’s engagement with the NSA post the breach will affect the security vendor market, and a few VCs were also quoted to the fact that we will be seein... (more)