~/blog · intelligence log

Intelligence log.

Field notes on security, AI, risk and what actually works in practice. New entries roughly monthly.

▸ Latest dispatch · May 5, 2026

The Missing Layer In AI-Driven Engineering: Reliable Execution

Engineering teams have adopted AI at a remarkable pace. Code is being generated faster, infrastructure is being designed through prompts, and security issues are being surfaced in real time.

2026-05-05 5 min read forbes security devops

From the piece

Engineering teams have adopted AI at a remarkable pace. Code is being generated faster, infrastructure is being designed through prompts, and security issues are...

CyberQRM: Making Cyber Risk Quantification Actually Accessible

I’ve been consulting with organizations on cyber risk for years, and one pattern keeps repeating: security leaders recognize the need for quantitative risk assessment, but the gap between...

Read entry →2 min

Security Policy Is Already Code—We Just Don’t Treat It That Way

Organizations have more security policies than ever before: more frameworks to align to, more controls to implement, more documentation to maintain. Entire teams define, refine and map policy...

forbes security devops

Read entry →4 min

From VMC to IMC: A CFI’s Perspective

If you fly IFR out of busy airspace that has a departure procedure, you know the drill. “After departure, turn left heading one-eight-zero, expect radar vectors…” or something...

Read entry →7 min

The Hidden Cost Of Security Backlogs No One Puts On A P&L

On paper, everything looks fine. Release milestones are met. Cloud uptime holds. Audits pass. Yet quarter after quarter, delivery slows in ways hard to explain. Engineering leaders see...

forbes security devops

Read entry →4 min

Post-AI Engineering: Designing Infrastructure For AI That Writes Infrastructure

By 2026, AI won’t just help us write infrastructure. It will evolve it. The first generation of AI-assisted coding changed how we build software. The next will change...

forbes security devops

Read entry →3 min

GitOps And The Next Stage Of DevOps Evolution

In the past decade, DevOps has evolved from a cultural aspiration into a discipline that has reshaped how organizations build and ship software. Platform engineering has since emerged...

forbes security devops

Read entry →2 min

Hire Another Engineer Or Invest In Automation? Rethinking Platform Engineering In The AI Era

In 2025, platform teams face a critical choice: add headcount or buy/invest in automation and deterministic tooling to scale developer velocity and control costs. With margins tightening and...

forbes security devops

Read entry →3 min

AI In DevOps: Hype, Reality And Why Engineers Aren't Going Anywhere

Let’s cut through the noise: AI in DevOps is everywhere, and the hype machine is running at full throttle. Every vendor claims their AI tool will make your...

forbes security devops

Read entry →4 min

Deterministic AI: The Silent Architect Of Tomorrow's DevSecOps Revolution

In the high-stakes arena of modern software development, where speed and security collide, a quiet revolution is unfolding. While GenAI dominates headlines with its creative potential, a less...

forbes security devops

Read entry →3 min

The Silent Security Crisis In AI’s Code Gold Rush—And How To Fix It

CEO & Co-Founder at Gomboc AI .

forbes security devops

Read entry →3 min

Backpacking In Europe - Two Weeks Of Flights 2021

This is somewhat of a "stream of consciousness" diary of my EU Flight Trip – 10/25/21-11/8/21. Yes, it's long (sums up over 40 hours of flying), and veers...

Read entry →22 min

Elastic Permissions

Over the past two years my colleagues and friends have heard me talk about Elastic Permissions, and at some point I started hearing other people mention the term...

Read entry →2 min

Incentives and metrics

Read entry →3 min

The Product Versus Skill Pendulum In Security And The Need For Better Solutions

This post was originally published on Forbes

Read entry →4 min

Trust-Building For Security

This post was originally published on Forbes

Read entry →4 min

Why You Should Go Beyond The Typical Penetration Test

This post was originally published on Forbes

Read entry →2 min

Two Frameworks For Securing A Decentralized Enterprise

This post was originally published on Forbes

Read entry →4 min

Random CSO Musing

One of the biggest challenges of running a security organization is balancing the ongoing efforts, with strategic directions, all while keeping the “pressure” on to increase the maturity...

Read entry →1 min

How to Vendor/Sales in the Security Industry

I’ve been on the receiving end of sales pitches for years now. Ever since I took on senior leadership roles the constant trickle of various sales pitches just...

Read entry →3 min

Encouraged by the response to my last post (https://www.iamit.org/blog/2018/06/the-ian-amit-spectrum-of-pentesting-efficacy/ for those who missed it), and following up on a couple of recent Twitter/LinkedIn/WhatsApp conversations, I'd like to emphasize...

Read entry →3 min

The Ian Amit Spectrum of Pentesting Efficacy

It’s been a while since I posted (duh), but recently I’ve had something brewing in my mind that appeared to not have been clearly discussed before, so here...

Read entry →4 min

Dumpster fires and security incidents

Full disclosure: this post isn’t about security per-se. It’s here because of recent conversations I’ve had with people from outside the immediate security “industry” who wondered about Equifax...

Read entry →3 min

When great ideas go to the wrong places

Or: why attribution is not a technical problem. TL;DR: hacking is an art and a science, computer attacks (cyber these days) are only one manifestation of an aggressor,...

Read entry →3 min

PTES, remaining impartial, and insisting on high standards

The PTES (Penetration Testing Execution Standard) is standard that a small group of highly motivated and passionate practitioners have created (and yours truly). As such, it is designed...

Read entry →2 min

Infosec conferences/talks redux

Don’t mind me, just poking my head in here to make sure the cobwebs haven’t taken over this place yet :-P So yes - I’m going to be...

Read entry →4 min

Thoughts about the Apple vs FBI iPhone firmware case

Not trying to provide the full story here, just a few thoughts and directions as to security, privacy and civil rights. (for the backdrop - Appleâ€™s Tim Cook...

Read entry →3 min

An obituary to pentesting?

I just saw a blog post in which Mike Kemp discovers the realities of 2010Â (linkedin). (disclaimer - I know Mike and love him as a person, and this...

Read entry →2 min

Amazonian Trojans and Marketing Fear-Mongering

Hello there, welcome back to our scheduled programming on how to drum up clicks and views on your website “Powered by Fear Uncertainty and Doubt”. As most marketing...

Read entry →2 min

Debunking the "8200", "81" and other #### ex-Israeli Army Intelligence myth

I’m a known and pretty vocal advocate of self learning, self starting, and inquisitive entrepreneurial spirit. As such, I’ve witnessed over my years in the security industry, a...

Read entry →4 min

Keys? What are these for?

[caption id=”attachment_1249” align=”aligncenter” width=”525”] Still got it. 6 pin deadbolt. Picked with a half diamond after being pulled out of the door in favor for a mul-t-lock one…[/caption]...

Read entry →1 min

Social media and online interaction are dramatically changing the way our companies and employees interface with society at large. Recent examples of people tweeting or posting something silly...

Read entry →1 min

Hacking, community, friends, and professionalism

Adult. What a weird concept. I keep finding myself saying that word in different contexts, and it feels weird because deep inside I’m still pretty much a non-adult...

Read entry →3 min

Yes, you knew exactly what you were walking into...

I’m writing this in response to a very well put together article written by my friend Dave Lewis on CSO Online: “Are you a legitimate military target?”. In...

Read entry →1 min

http://www.onstrat.com/osint/ http://www.phibetaiota.net/ http://www.phibetaiota.net/assets/uploads/2013/07/2013-07-11-OSINT-2ool-Kit-On-The-Go-Bag-O-Tradecraft.pdf http://www.osint.fail/ http://www.uk-osint.net/

Read entry →1 min

Post RSA musings

So it finally happened - I’ve had my first RSA in 9 years. And what an experience. Suffice to say that I ended that week with no voice,...

Read entry →2 min

May the force? May in full force...

Lack of updates here usually means that time constraints are in effect… But apparently all that work is paying off as some of the research we have been...

Read entry →1 min

ISTS12 Keynote and Red Team

I’ve had the pleasure and the honor to keynote this year’s ISTS (Information Security Talent Search) that ran at the Rochester Institute of Technology (RIT). Additionally I was...

Read entry →1 min

Honest review - CSI:Cyber

There seems to be a lot of chatter (at least on my highly biased Twitter and Facebook feeds) about how terrible of a show CSI:Cyber was. People seem...

Read entry →3 min

Sensationalism - doing more damage than good

It took me a while to really decide to pull the trigger on this post. For several reasons: I think the way that @ZeroFOX handled this was impeccable....

Read entry →4 min

Killing (innovation) in the name of the law

I am not a lawyer. Nor I want to be one. But fortunately I have enough education and practice around legal systems - domestic and international to be...

Read entry →1 min

Read entry →1 min

When a door is not a door

This is going to be a short one, because so much has been written on this, and the level of (in)competence exhibited by so many people around this...

Read entry →2 min

"To the full extent of their capabilities"

Took me a while to clear up time and read Dave Aitel’s post on his experience with the NSA as compared to the interview that Edward Snowden did...

Read entry →1 min

Security and maturity - beating the averages

So, There’s this new (for me) LinkedIn “publishing” thing, that prompted me to try it as I was posting a semi-rant there. Let’s see how well that works...

Read entry →1 min

Getting things right goes a long way when you are bleeding

I’m starting to see a trend here with the weekend posts. I can stomach most of the FUD during the work days, but things get to me through...

Read entry →2 min

Relying on AV? Really?

I tried to hold back on this one, but if you’ve read this blog (or met me in person) you know it’s hard… Another amazing research coming out...

Read entry →2 min

Hacking, Business, and Politics

Iâ€™ve recently had the great fortune to be called in as an industry expert to comment on current news at the Fox Business â€œMoney with Melissa Francisâ€. Iâ€™ll...

Read entry →2 min

Women in infosec? That thing again?

I usually don’t weigh in on the topic, well, because I don’t have the right equipment for once, and furthermore, I think that the majority of discussions around...

Read entry →2 min

Breaking news: Spy agencies are spying!

Please say it ain’t so! Spy agencies are spying? I’m actually going to go out on a limb here and present my (again - MY) opinion, which might...

Read entry →3 min

On BadBIOS and Bad Behavior

So, unless you are in the security industry and have been living under a rock in the last couple of weeks, you probably know what this #BadBIOS thing...

Read entry →6 min

A trip down cyber memory lane, or from C64 to #FF0000 teaming

Reposting this from the original post I put on the IOActive website for the national cyber security awareness month… So, it’s National Cyber Security Awareness Month, and here...

Read entry →3 min

Seeing RED in your future? - Recap from DerbyCon 3.0

Yes, I know, It’s been a while since I updated anything here. Work, life, etc… So here’s a quick update/recap on some of the latest: SecurityZone 2013 was...

Read entry →1 min

Mail Encryption for Android?

So, now that the saga with having a decent GPG mail client for Mac has been finally resolved (huge kudos to the guys at gpgtools!), it’s time to...

Read entry →1 min

Hiding behing the keyboard

This post is basically a placeholder to make sure that the materials concerning an ongoing investigation are published for everyone to see. The other reason is that it...

Read entry →6 min

Red Team Training Comes to Vegas!

So, as you might have heard, Chris Nickerson and I have been accepted to run training at BlackHat USA 2013. We are super excited about it, and as...

Read entry →1 min

Do as I say, not as I do. RSA, Bit9, Adobe, and others...

So you thought you had everything nailed down. You might have even gone past the “best practice” (which would have driven you to compliance, and your security to...

Read entry →2 min

Phishing/Threatening done wrong

It’s been a long time since I posted here since life and work really got in the way (in a very good way!) to publishing here. But I...

Read entry →3 min

Ambulance chasing or DNA research?

I am fortunate enough that some of the new topics that I have discusd lately have generated interest in the community and the industry. As such, there are...

Read entry →2 min

Apple, meet GPG, GPG, meet Apple.

Why is it so f&^#ing difficult to get this right? I’m looking at you “recently identified as the most valuable public company” - Apple! The guys at GPGTools...

Read entry →1 min

Vegas 2012 by the Numbers

So, I’m finally back from a very long week in Vegas. How long you ask? well, here are some numbers that start to reflect how it felt: Number...

Read entry →2 min

Security Awareness and Security Context - Aitel and Krypt3ia are both wrong?

It was pretty obvious that after an Information Security persona such as Dave Aitel has posted his “Why you shouldn’t train employees for security awareness” article, there would...

Read entry →3 min

This one time, at Defcon... (a blast from the past)

Wow, there’s a blog here… Lucky for me there are other people who write new content that somehow relates to this blog so I have a chance to...

Read entry →1 min

SexyDefense comes to Vegas!

One of the best things that probably happened to the research on SexyDefense is that it has been accepted to BlackHat Briefings in Las Vegas! It is truly...

Read entry →1 min

So you thought you were protected: How hackers can break into your business

This is a translation of the original article published in Calcalist on May 20th 2012. A group of professional hackers, employed by the most sensitive organizations to...

Read entry →8 min

So, Source Boston proved to be a great venue for theÂ inaugurationÂ of the Sexy Defense paper and talk that I was working on recently. Had a great time both...

Read entry →1 min

March - April Events

After a quiet start for the year (and keeping up with my promise to try and cut down on travel) we are fast approaching exciting times. March will...

Read entry →3 min

Cyber, Cyber, Cyber. What are we talking about anyway?

A long draught (almost a month) in this blog is finally coming to an end after I had some great conversations with good friends at the cyber un-conference...

Read entry →3 min

Guest post: Why you need patch management

Today we have another guest post from our friends at GFI - this time on patch management (which unfortunately is one of the reasons that so many pentests...

Read entry →3 min

Hackers, Credit Cards, and the Media

In the past couple of weeks there has been an interesting “hacking” trend going on in Israel. It started from the publication of a few thousand credit card...

Read entry →4 min

Advanced Data Exfiltration - full paper

This paper has been published in several security conferences during 2011, and is now being made fully available (as well as a PDF version for downloading) Abstract...

Read entry →13 min

IL-CERT finally picking up speed

It’s been a long time since I talked about IL-CERT. My personal story with the IL-CERT (or lack thereof) started somewhere in 2009 when I was dealing with...

Read entry →2 min

[Offtopic] AirPlay on the home network

Just a quick share on something that made me very happy this week (that’s what happens when the wife is not around):Â Enabling AirPlay on a non-apple device to...

Read entry →1 min

Intelligence on Ashiyane and the Iranian Cyber Army

One of my favorite OSINT resources internet-haganah have opened up a new thread on their forums that are dedicated to Iran, called Ashiyane. This is basically the hacker...

Read entry →1 min

So, what about that SecurityZone?

Thanks to Chris John Riley’s post, I was inspired to share my views and experiences from SecurityZone. Some of which I have already shared on the last post...

Read entry →3 min

Introducing SexyDefence

After a long time of no updates, I’m finally back to a “normal” schedule, but as always - there’s some new project that emerges from just being around...

Read entry →1 min

SecurityZone - to finish this year with a bang!

So, some of you have heard of SecurityZone, some are skeptical and some just jealous. Here’s the gist of it from my view: Professional: Awesome lineup. We managed...

Read entry →1 min

Information Security, Homeland Security, and finding someone to pin it on

In the recent spree of cyber attacks on a plethora of US and international government and federal related establishments a lot of speculations are being thrown around as...

Read entry →2 min

Post Brucon thoughts - guesstimates in an engineering field

So, another epic Brucon has ended, and while everyone is getting their thoughts together again (the amount of super smart people I have had the pleasure to have...

Read entry →1 min

Career in Information Security

So, here comes the time when I say out loud something about where I work on this blog… My company - Security Art, is at the challenging phase...

Read entry →2 min

Radio Interview with Galatz [Hebrew]

Following is my radio interview with Galatz’s “Security Belt” programme where we discuss Cyber Security issues, the political and diplomatic aspects of them, and the recent attacks on...

Read entry →1 min

7 Steps to consider when running a Vulnerability Assessment

Today I’m proud to give this stage to some friends from GFI (have some good friends from the former Sunbelt guys that were acquired by GFI last year)....

Read entry →3 min

Upcoming conferences schedule: August-November 2011

So, as if I didn’t have enough flights this year, here is where you can find me and hang out / grab a beer / talk shop /...

Read entry →1 min

What the * is wrong with mobile security

Long time no post. Sorry about that <insert favorite excuse>. Anyway, as you can probably imagine, here’s another rant brewing. We have been dealing with a barrage of...

Read entry →3 min

How great perimeter defenses are hurting you

I have looked for a good example for a real-world security practice that is misconceived and that also applies to information security. Recently I have had a chance...

Read entry →2 min

Local PayPal Phishing - and why we need a CERT

This just came in the mail: (twice - at two different mailboxes - I must be a high value target for these guys) A classic phishing email, with...

Read entry →1 min

The curious case of Dropbox security

After the disclosure of the host_id authentication issues that plagued the popular Dropbox service last week, a new issue came up with the fact that Dropbox can detect...

Read entry →2 min

SCADA, control systems and security - not necessarily enemies

Insights from the NISA International SCADA Security Forum conference (NISA stands for National Information Security Authority, which is a division of the Israeli Security Agency). We all know...

Read entry →2 min

Defense through Offense, and how APT fits there

I’m guessing that having “APT” in anything that goes outside for public consumption these days is mandatory, but this post actually has a good reason to do so....

Read entry →2 min

Defining Penetration Testing

I have been fortunate enough to be working with a group of peers from the security industry over the past few months (since November 2010) on finally creating...

Read entry →1 min

About CyberWar, Deterrence, and Espionage

It’s been a long time since my last post, but trust me for all the good reasons (i.e. work). This one is long due, and has been recently...

Read entry →3 min

Information Security Intelligence Report for 2010 and Predictions for 2011

Looking back at 2010 shows a widening gap between cybercrime and law enforcement capabilities, in conjunction to nations that have started the cyber-race to develop defensive and offensive...

Read entry →2 min

the art of not thinking about elephants

We have been quite busy here at Security Art in the last few weeks (as the blog posting frequency suggests), but I figured I would provide a quick...

Read entry →2 min

Building a brand loyalty - how NOT to

Disclaimer: this is a rant. OK, so I travel a lot. Over a dozen trips this year to be more precise (17 and counting). As such, I tend...

Read entry →5 min

Picking up the glove - DC9723

Every time I get back from the annual DefCon/BlackHat/BSides conferences in Vegas, i usually run into some of the local security folks that managed to make the trip...

Read entry →1 min

The power of collaboration (BlueHat post)

Some additional BlueHat wrap-upÂ - Â a collaborative post with a dear colleague of mine Fyodor Yarochkin has just been posted on the BlueHat blog. The interesting thing about this...

Read entry →1 min

Stuxnet Analysis Report

So, after quite some time of working behind the scenes, and making an effort to focus on essence rather than buzz, the CSFI have published their official report...

Read entry →1 min

The Botnet Wars - industry Q&A

I was approached recently by Bart PÂ from Panda security in order to participate in an industry expert Q&A about the botnet wars (apparently he did his homework as...

Read entry →1 min

Learning from stux, and connecting more dots in infosec

So everyone has been fully focused on Stuxnet - trying to figure out (again) what 0-days were involved, how were networks crossed, which command-and-control channels are utilized and...

Read entry →4 min

Pentesters and businessman are doing it wrong

Following my last post on the realistic cost of a pen-test (which as I mentioned was derived from long conversations on the topic with a couple of friends...

Read entry →2 min

The realistic cost of a web application pen-test

So I was having some really interesting conversations over the last couple of days with some of the best people I know in the security industry (yeah, I’m...

Read entry →1 min

Security Innovation is now an Art

Itâ€™s very intriguing to see how our perceptions sometimes work against us - I have noted my â€œbusinessâ€ connections on LinkedIn regarding the recent merge of the Security...

Read entry →1 min

Updated speaking schedule!

As noted before, for some reason beyond my understanding I am going to be speaking at both SOURCE Barcelona and Brucon in September, as well as in Excaliburcon...

Read entry →1 min

Remembering "The Shoe"

If you have been listening to any security podcasts in the past year or so, Iâ€™m sure you must have stumbled across the ISDPodcast (InfoSec Daily). If you...

Read entry →1 min

Tying up loose ends before Vegas (scammer closure)

Instead of updating the post in question (again), I figured I’ll post all the new info here and call this a wrap. So, we all know about the...

Read entry →4 min

The Turkish hack and another case for IL-CERT

You have been living under a rock if you haven’t heard of the Turkish hack a couple of days ago. Basically - a Turkish hacker forum that bolsters...

Read entry →2 min

How [not to] scam security people

I have been playing around with some wireless security for one of my customers lately. Having a pretty solid understanding of how things work, but also having been...

Read entry →11 min

Cloud Security Alliance Conference (Israel) - CFP

Just wanted to let you all know (as a member of the CSA-IL board) that we will be having a conference on September 2nd who’s title is “Cloud...

Read entry →1 min

FIRST and IL-CERT

Funny thing how I got to go to Miami last week… So, one time, at security camp, I figured that there isn’t a whole lot of infrastructure in...

Read entry →2 min

Identity crisis

Hereâ€™s a common question I get asked a lot: â€œWhat technology should I use to secure my server/network/[some technology]?â€ The question is usually presented by someone whoâ€™s in...

Read entry →2 min

The community to the rescue again

Iâ€™ve had some hard time coming up with this post. I had the great opportunity to travel quite a bit lately - specifically to Berlin where basically EVERYBODY...

Read entry →2 min

Upcoming Conference Schedule

I have been fortunate enough to be picked up by several CFP of great conferences, which basically gave me the opportunity to participate at conferences I wanted to...

Read entry →1 min

Being in the middle (or: things we didn't manage to learn in a decade)

This is going to be painful, so hold on. Instead of mumbling short tweets about things I think that suck, I decided to keep everything in and just...

Read entry →6 min

Cyber[Crime|War] - connecting the dots - BlackHat EU 2010

Hola from Barcelona! It’s been a very productive couple of days here. Quite a lineup for this version of the BlackHat briefings out here. I had the great...

Read entry →1 min

Cyber[FUD]Fare - repost from fudsec.com

As promised - here is the “official” cross-post from my guest appearance on fudsec.com. Enjoy! Iâ€™ve been intravenously fed with FUD for as long as Iâ€™ve been in...

Read entry →4 min

New post on fudsec.com - CyberFUDfare

Just a quick FYI - a new post by yours truly has been published over at fudsec.com. One of my favorite blogs with some really cool contents (still...

Read entry →1 min

It's all about the money

In my recent coverage of CyberCrime and CyberWar, I have neglected my old “friends” at the criminal world and gave them a little less attention (at least on...

Read entry →1 min

ExoticLiability podcast interview

OK, so a quick shameless plug for me and a couple of good friends at EL: I had theÂ pleasure of throwing it all out with the ExoticLiability crew...

Read entry →1 min

Offtopic - a story about customer service (or lack of such)

So some of you know that I switched (back) to a mac. Great. One tiny thing mudded the whole experience - a couple of days after getting the...

Read entry →1 min

The China/Google thing, accountants and other miscreants

Aha! Can’t believe I managed to avoid the unbelievable hype flood that swept across the interwebs in the last month. And to think that the last post (long...

Read entry →3 min

CyberCrime, CyberWarfare, and 2010

I’ll spare you the “2009 security in review” which you can read just about anywhere else you go now. I’ll also avoid the “what to expect in security...

Read entry →1 min

Mapping and Security Research

From the “We should have trademarked this” department: McAfee came out with their “Mapping the Mal Web“[PDF] report and are proving that innovation is best left for the...

Read entry →1 min

AHA! A blast from the past...

I just ran across this great blog post from Lori MacVittie at Web2.0 Journal. Can’t say exactly why it sparked my interest, but after reading it I realized...

Read entry →1 min

ExcaliburCon summary and general China notes

So, It’s been quite some time since ExcaliburCon has been concluded, and I have been delaying this post due to some other work related activities that jumped on...

Read entry →2 min

DefCon 17 talk video available!

For your viewing pleasure - if youÂ happenedÂ to miss out on DefCon 17 earlier this year, the full video and slides of my talk “Down the Rabbit Hole -...

Read entry →1 min

Clouds, and the winds that blows them away...

You must have seen this coming - I was holding off from discussing cloud security for quite some time for a few good reasons, but now it’s time...

Read entry →3 min

Malicious ads circa 2007

Sometimes the only thing you can say about something boils down to the sound of your palm hitting your forehead. We have been seeing many ways in which...

Read entry →2 min

Down the rabbit hole all the way to Miami

So the talk at Hacker Halted was really good - I was impressed with the quality of the audience and the presentations. As promised, I’m posting my slide...

Read entry →1 min

Two steps forward, one step back - controling botnets...

Just stumbled across this: http://www.symantec.com/connect/blogs/google-groups-trojan - basically, botnets are utilizing Google groups (could have been any other mailing list system for the sake of argument) to communicate between...

Read entry →1 min

Drawing the line - securing an organization while thinking of users...

My latest post on the Israeli Insurance Association (http://www.igudbit.org.il/Index.asp?ArticleID=1235&CategoryID=98 [HEBREW]) discusses the challanges of managing risk in a complex organizational environment where you have to take into account...

Read entry →1 min

Cyberwarfare and Cybercrime - more links turn out in study

Whenever you look at cybercrime/eCrime, the question always pops up - what is the link between this highly sofisticated economy and aggregation of technologies, with government affairs or...

Read entry →1 min

Botnet communications moving to Web2.0

A great find by Jose Nazario shows how botnets have moved on from relying on old-school communication schemes (usually IRC or direct HTTP connections) to utilizing the tools...

Read entry →1 min

Practical vs. Regulatory - the votes are in!

I was thinking about translating my recent article I wrote for the Israeli Insurance Association (see my last post), but decided to completely rewrite it so it would...

Read entry →3 min

(Hebrew) Information Risk Management - Israeli Insurance Industry

Just a quick cross post to an article I wrote for the Israeli Insurance Association (this one in Hebrew - an English post will be uploaded to this...

Read entry →1 min

Twitter spam - Spitter? Tpam?

Unless you’ve been living under a rock in the past couple of years, you have been exposed to Twitter in some shape or form. Having adopted the means...

Read entry →1 min

Getting a business degree as part of Security Research?

What a great time to start thinking of travel â€“ the weather is fairing up, June is here, and fortunately for me, I have a chance to take...

Read entry →6 min

Are you LinkedIn/Facebooked/Twittered/Beboed/Viadeoed/etc?

Iâ€™ve just finished reading a great little note from Brian Krebs on the Washington Post that enabled me to â€œoutâ€ (donâ€™t worry, I wonâ€™t) an incident that some...

Read entry →1 min

Credit cards on a clearance sale and your internet security

You may have already gotten yourself familiar with how eCrime works from our past research and field presence, but here is one more great example of this fascinating...

Read entry →1 min

Fighting eCrime? We are not there yet!

I was just reviewing the latest FBI report from the Internet Crime Complaint Center (IC3) here (PDF), and although Iâ€™m sure that a lot of security vendors out...

Read entry →1 min

Are you Conficker-proof? Do you really need to be?

What a great way to sum up my last couple of posts â€“ the Conficker media frenzy, and social aspects of web attacks. You canâ€™t come up with...

Read entry →1 min

Conficker madness - good or bad?

Just like BBCâ€™s botnet debacle which fueled a vivid discussion amongst security circles, debating if the exposure is good (i.e., raising awareness to the threat) or bad (i.e.,...

Read entry →1 min

Social aspects of web security - the March edition

Itâ€™s that time of the year againâ€¦ March madness is engulfing us with news and pre-season activities, and everyone is out and about to see what we would...

Read entry →1 min

The great AV vs. AV debacle starts again?

Itâ€™s been a while since security vendors clashed on technology and made â€œboldâ€ statements referring to the competition. Maybe is the recession, and in an attempt to grab...

Read entry →1 min

It's a browser! It's an Operating System! It's... brOSer?!

After looking into the security issues and requirements that Microsoft has been working on in terms of the future browser, and based on our earlier predictions on the...

Read entry →1 min

More on the browser OS - from Microsoft Research

After talking about how your next operating system is not going to be related to Windows or Mac or Linux (hint â€“ you are reading this post using...

Read entry →1 min

If Gears was a problem then how about running Gmail offline on Air?

So, yesterday I wrote about the new (and much expected) vulnerabilities in Googleâ€™s Gears technology. The issue is clear â€“ Gears is picking up speed and traction as...

Read entry →1 min

The oracle strikes again - "Browser OS" threats start to appear

Moving on from the social networking issues we outlined in the past couple of weeks, after following the predictions, and their materialization (here, here, here in the announcement...

Read entry →1 min

Social networking threats - the "hacker" story

As the social networking threats angle is picking up a lot of traction lately <pat_on_own_back>,Â the folks at Netragard have posted a great write-up on using social networks...

Read entry →1 min

Blocking Facebook? Not popular, and not effective

OK, so we know that social networking sites have their issues and threats associated with them, weâ€™ll be the first to admit it. But on the same note,...

Read entry →1 min

Fighting an infection vector with new standards - ClickJacking

If you havenâ€™t heard yet, the newest version of Microsoftâ€™s Internet Explorer 8 (RC1) have been endowed with support for â€œAnti-Clickjackingâ€ (for more background on clickjacking, check out:...

Read entry →1 min

BlueHat post on the state of web security

Iâ€™ve been asked to contribute once again to the Microsoft BlueHat blog, and have written a quick â€œstate of the web securityâ€ post. Check it out, and as...

Read entry →1 min

More predictions see the light of day?

A recent report from McAffee reaffirms our 2009 predictions, and talks about how eCrime is starting to benefit from ex-employees, noting that this trend is not limited to...

Read entry →1 min

Gear up - predictions for 2009 has begun to materialize

How about answering email messages when you are not online? Easy, right? But, if you are using a webmail account that used to be a problem; so was...

Read entry →1 min

What's been on people's minds lately?

As we have been predicting (and following during 2008), the criminalâ€™s mind is very much attuned to public mind. The current issues that everyone (well, at least a...

Read entry →1 min

Supreme court, freedom of speech and internet filtering

It was bound to happen. It didnâ€™t work in Third World countries, attempts to do it in Western civilization failed one by one, and now it is proven...

Read entry →1 min

Conficker continues its rounds. Hits 9 million mark

It is funny how security works, isnâ€™t it? When you think you got rid of the old-school (aka â€œstupidâ€) threats, reality hits you right back. Confiker/Downadup is a...

Read entry →1 min

Social networking strikes again

A lot of write-ups have been covering this, so here are a few from InformationWeek, Dancho, SCMagazine and McAfee. Besides saying the ever satisfying â€œtold you soâ€, nothing...

Read entry →1 min

Who owns your online identity? Facebook squatters on the rise

I have just read a couple of excellent posts (on SquaredPeg, and InsideFacebook) that talk about something I have been preaching for a while â€“ your online identity...

Read entry →1 min

Christmas shopping online - make sure you get what you PAY for

In the line of our ongoing â€œeducationâ€, we all know by now that eCrime is no longer lurking right there waiting for victims to come knocking, but is...

Read entry →1 min

AIRC Threat report and the link to McColo

As promised, the AIRC Threat Report for November is out. And as also promised, the link to McColo is revealed here â€“ during the time when we were...

Read entry →1 min

Hosting provider crackdown?

Recently, there has been a lot of focus from the security research community on a hosting provider named McColo corporation (out of San Jose, CA). Reports on spam,...

Read entry →1 min

Obama Leads in US Presidential Election Poll - the eCrime Way

And the leader according to the highly non-scientific research done using Google for a specific attack vector is: Barack Obama. Obama related sites have managed to get infected...

Read entry →1 min

Taking the Red Pill Down the Rabbit Hole

Iâ€™ve been contemplating a title for this post for a long time, eventually I decided to merge two of my favorites (and leave the third alone: looking for...

Read entry →2 min

Neosploit - The rumors of my demise have been greatly exaggerated

Despite being reported as â€œout of businessâ€ in late July/August, (see this blog, and this article as well), Neosploit, one of the most widely used tools by cybercriminals,...

Read entry →1 min

Blocking legitimate sites in real-time

I Ran into this on Slashdot: http://tech.slashdot.org/tech/08/09/21/1827209.shtml. It seems like the Google filter for malicious sites was blocking a whole domain name - including all sub-domains, which happened...

Read entry →1 min

Snooping into Palin emails? Watch out for the criminals snooping on you!

Following the recent news on how an anonymous group has managed to take over Sarah Palin’s Yahoo! email account; we have noticed some interesting happenings. As wikileaks which...

Read entry →1 min

Less phish, more meat? Malweb proving to be more efficient than phishing scams.

In a somewhat below-the-radar report, the anti-phishing working group (APWG) Q1 report is for the first time in its report showing a decrease in the number of phishing...

Read entry →1 min

Chrome, IE8, FF3 - is there anything new?

As websites are getting to be treated more like applications, users, both end-users and especially business ones, are moving from traditional old-school desktop applications (remember when â€œclient-serverâ€ architecture...

Read entry →1 min

Crimeware server catering to grab and run criminals

During our research for the latest Malicious Page of the Month that has just been released, we came across a domain that was being used as a command...

Read entry →2 min

On the (dis)merits of privacy

Following up on my last post, after filing a complaint with the abuse department of privacyprotect.org (and blogging about the problem), I have just received an update noting...

Read entry →1 min

Taking down a malicious site - the good, the bad, and the ugly...

As part of the “closure” on the February Malicious Page of the Month, which involved meoryprof.info (taken down), and spywaresafe.net we have contacted the appropriate parties in order...

Read entry →2 min

Optimizing Cross Site Scripting - and general security practices

We have been working recently on a XSS attack that impactedÂ a huge number ofÂ potential victims, as the attack itself has been â€œoptimizedâ€ by SEO (Seacrh Engine...

Read entry →3 min

Crimeware server and the international man of mystery

While conducting research for the latest Malicious Page of the Month we have just released, we tried to track down the origins of the crimeware. Obviously, this is...

Read entry →2 min

The impact of just 5 random letters...

We have been watching in amazementÂ the impact our latest Malicious Page of the Month had on the industry and media. From coverage at Fox Business News, and the...

Read entry →1 min

And the winner for "top virus" of 2007 is...

Not a virus. Not even a malware. Neither is the runner upâ€¦ It’s the method of how malware is populated. According to a report, the most common malware...

Read entry →1 min

New Orkut worm takes us back in the wayback machine

I just love it how old news are recycled with a bit of a flare when they become relevant again. The latest Orkut worm reports talk about the...

Read entry →1 min

IFRAME is a security risk???

Ok, I have just read the latest in â€œIFRAME Securityâ€ articles and had to write something about it. While going through my usual RSS feeds, I stumbled onto...

Read entry →1 min

Playing with obfuscators - teaching an old dog new tricks...

So our Malicious Page of the Month for September is out now. Going over the details of the document, I wanted to re-visit an old habit I had...

Read entry →1 min

Widgets+Advertisements=?

Coincidence or just sheer luck, but I just happened to stumble upon this article announcing that Google has come up with a widget that serves advertisements, and quoting...

Read entry →1 min

Hitting the nail on the head

When we here at the MCRC are publishing our quarterly trends reports (http://www.finjan.com/Content.aspx?id=827), we are always facing the possibility that what we have been working on and predicting...

Read entry →1 min

The perils of running a security blog

This is a bit off-the-beaten-path of this blog’s usual in-depth hardcore security posts. I was going through some of the support related emails that have some relevance to...

Read entry →2 min

Vista Sidebar Vulnerability

Or how a contact may get too close for comfort… It’s finally here. August 14th, and we are finally in liberty to talk about the vulnerability in the...

Read entry →1 min

Post BlackHat, pre DefCon

So it’s been a really hectic couple of days here in Vegas. We are here (myself and 2 members of MCRC - Aviv & Amir), running between presentations,...

Read entry →1 min

Malicious space on MySpace

Last Wednesday (June 13th), SecureBrowsing has alerted us on a â€œcuteâ€ MySpace profile being used as a malicious code attack vector. This is not the first catch by...

Read entry →1 min

Have something to hide? make a lot of noise about it!

There has been a lot of noise on the web over the past few days in regard to the MPack toolkit being used in the Italy region. Everyone...

Read entry →1 min

Malicious code, exploit vectors or top-programmer job?

What would you say if you saw one of these code snippets in a website you browse to: dim tass Set tass = CreateObject("CnsHelper.CH") If IsObject(tass) then HasCns...

Read entry →1 min

Google's "Ghost in a Browser", WebSense, and more...

First things first - big Kudos to Google for their research paper. We at MCRC have found it to be very reassuring for us - now we know...

Read entry →1 min

Tying it all up - explosive exploits...

The funniest thing happened yesterday - at a watercooler conversation our CTO informs us of a site that uses techniques from almost all of our trend reports (which...

Read entry →1 min

Analyzing an AJAX Attack Vector in the wild

We have just finished working on a new monthly released paper that will focus on a new “page” (dubbed “Malicious Page of the Month”). This month we have...

Read entry →1 min