This is somewhat of a "stream of consciousness" diary of my EU Flight Trip – 10/25/21-11/8/21. Yes, it's long (sums up over 40 hours of flying), and veers off the...
Read Entry >Over the past two years my colleagues and friends have heard me talk about Elastic Permissions, and at some point I started hearing other people mention the term (yay for...
Read Entry >This post was originally published on Forbes
Read Entry >This post was originally published on Forbes
Read Entry >This post was originally published on Forbes
Read Entry >One of the biggest challenges of running a security organization is balancing the ongoing efforts, with strategic directions, all while keeping the “pressure” on to increase the maturity across the...
Read Entry >I’ve been on the receiving end of sales pitches for years now. Ever since I took on senior leadership roles the constant trickle of various sales pitches just kept increasing....
Read Entry >Encouraged by the response to my last post (https://www.iamit.org/blog/2018/06/the-ian-amit-spectrum-of-pentesting-efficacy/ for those who missed it), and following up on a couple of recent Twitter/LinkedIn/WhatsApp conversations, I'd like to emphasize the importance...
Read Entry >It’s been a while since I posted (duh), but recently I’ve had something brewing in my mind that appeared to not have been clearly discussed before, so here goes. I’ve...
Read Entry >Full disclosure: this post isn’t about security per-se. It’s here because of recent conversations I’ve had with people from outside the immediate security “industry” who wondered about Equifax from a...
Read Entry >Or: why attribution is not a technical problem. TL;DR: hacking is an art and a science, computer attacks (cyber these days) are only one manifestation of an aggressor, which has...
Read Entry >The PTES (Penetration Testing Execution Standard) is standard that a small group of highly motivated and passionate practitioners have created (and yours truly). As such, it is designed to define...
Read Entry >Don’t mind me, just poking my head in here to make sure the cobwebs haven’t taken over this place yet :-P So yes - I’m going to be blogging waaay...
Read Entry >Not trying to provide the full story here, just a few thoughts and directions as to security, privacy and civil rights. (for the backdrop - Apple’s Tim Cook letter explains...
Read Entry >I just saw a blog post in which Mike Kemp discovers the realities of 2010Â (linkedin). (disclaimer - I know Mike and love him as a person, and this is my...
Read Entry >Hello there, welcome back to our scheduled programming on how to drum up clicks and views on your website “Powered by Fear Uncertainty and Doubt”. As most marketing organizations know,...
Read Entry >I’m a known and pretty vocal advocate of self learning, self starting, and inquisitive entrepreneurial spirit. As such, I’ve witnessed over my years in the security industry, a lot of...
Read Entry >[caption id=”attachment_1249” align=”aligncenter” width=”525”] Still got it. 6 pin deadbolt. Picked with a half diamond after being pulled out of the door in favor for a mul-t-lock one…[/caption]
Read Entry >Social media and online interaction are dramatically changing the way our companies and employees interface with society at large. Recent examples of people tweeting or posting something silly or offensive...
Read Entry >Adult. What a weird concept. I keep finding myself saying that word in different contexts, and it feels weird because deep inside I’m still pretty much a non-adult (can’t really...
Read Entry >I’m writing this in response to a very well put together article written by my friend Dave Lewis on CSO Online: “Are you a legitimate military target?”. In the article...
Read Entry >http://www.onstrat.com/osint/ http://www.phibetaiota.net/ http://www.phibetaiota.net/assets/uploads/2013/07/2013-07-11-OSINT-2ool-Kit-On-The-Go-Bag-O-Tradecraft.pdf http://www.osint.fail/ http://www.uk-osint.net/
Read Entry >So it finally happened - I’ve had my first RSA in 9 years. And what an experience. Suffice to say that I ended that week with no voice, a bad...
Read Entry >Lack of updates here usually means that time constraints are in effect… But apparently all that work is paying off as some of the research we have been working on...
Read Entry >I’ve had the pleasure and the honor to keynote this year’s ISTS (Information Security Talent Search) that ran at the Rochester Institute of Technology (RIT). Additionally I was also fortunate...
Read Entry >There seems to be a lot of chatter (at least on my highly biased Twitter and Facebook feeds) about how terrible of a show CSI:Cyber was. People seem to be...
Read Entry >It took me a while to really decide to pull the trigger on this post. For several reasons: I think the way that @ZeroFOX handled this was impeccable. As far...
Read Entry >I am not a lawyer. Nor I want to be one. But fortunately I have enough education and practice around legal systems - domestic and international to be “dangerous” enough...
Read Entry >This is going to be a short one, because so much has been written on this, and the level of (in)competence exhibited by so many people around this has almost...
Read Entry >Took me a while to clear up time and read Dave Aitel’s post on his experience with the NSA as compared to the interview that Edward Snowden did with James...
Read Entry >So, There’s this new (for me) LinkedIn “publishing” thing, that prompted me to try it as I was posting a semi-rant there. Let’s see how well that works out: https://www.linkedin.com/today/post/article/20140531211959-1510435-security-and-maturity-beating-the-averages?trk=prof-post...
Read Entry >I’m starting to see a trend here with the weekend posts. I can stomach most of the FUD during the work days, but things get to me through the weekend....
Read Entry >I tried to hold back on this one, but if you’ve read this blog (or met me in person) you know it’s hard… Another amazing research coming out of your...
Read Entry >I’ve recently had the great fortune to be called in as an industry expert to comment on current news at the Fox Business “Money with Melissa Francisâ€. I’ll be the...
Read Entry >I usually don’t weigh in on the topic, well, because I don’t have the right equipment for once, and furthermore, I think that the majority of discussions around it are led by...
Read Entry >Please say it ain’t so! Spy agencies are spying? I’m actually going to go out on a limb here and present my (again - MY) opinion, which might pass as...
Read Entry >So, unless you are in the security industry and have been living under a rock in the last couple of weeks, you probably know what this #BadBIOS thing refers to....
Read Entry >Reposting this from the original post I put on the IOActive website for the national cyber security awareness month… So, it’s National Cyber Security Awareness Month, and here at IOActive...
Read Entry >Yes, I know, It’s been a while since I updated anything here. Work, life, etc… So here’s a quick update/recap on some of the latest: SecurityZone 2013 was an excellent...
Read Entry >So, now that the saga with having a decent GPG mail client for Mac has been finally resolved (huge kudos to the guys at gpgtools!), it’s time to get some...
Read Entry >This post is basically a placeholder to make sure that the materials concerning an ongoing investigation are published for everyone to see. The other reason is that it seems like...
Read Entry >So, as you might have heard, Chris Nickerson and I have been accepted to run training at BlackHat USA 2013. We are super excited about it, and as people have...
Read Entry >So you thought you had everything nailed down. You might have even gone past the “best practice” (which would have driven you to compliance, and your security to the gutter),...
Read Entry >It’s been a long time since I posted here since life and work really got in the way (in a very good way!) to publishing here. But I just had...
Read Entry >I am fortunate enough that some of the new topics that I have discusd lately have generated interest in the community and the industry. As such, there are obviously  voices...
Read Entry >Why is it so f&^#ing difficult to get this right? I’m looking at you “recently identified as the most valuable public company” - Apple! The guys at GPGTools are doing...
Read Entry >So, I’m finally back from a very long week in Vegas. How long you ask? well, here are some numbers that start to reflect how it felt: Number of days...
Read Entry >It was pretty obvious that after an Information Security persona such as Dave Aitel has posted his “Why you shouldn’t train employees for security awareness” article, there would be a...
Read Entry >Wow, there’s a blog here… Lucky for me there are other people who write new content that somehow relates to this blog so I have a chance to point to...
Read Entry >One of the best things that probably happened to the research on SexyDefense is that it has been accepted to BlackHat Briefings in Las Vegas! It is truly one of...
Read Entry >This is a translation of the original article published in Calcalist on May 20th 2012. A group of professional hackers, employed by the most sensitive organizations to detect security...
Read Entry >So, Source Boston proved to be a great venue for the inauguration of the Sexy Defense paper and talk that I was working on recently. Had a great time both developing the...
Read Entry >After a quiet start for the year (and keeping up with my promise to try and cut down on travel) we are fast approaching exciting times. March will have a...
Read Entry >A long draught (almost a month) in this blog is finally coming to an end after I had some great conversations with good friends at the cyber un-conference here in...
Read Entry >Today we have another guest post from our friends at GFI - this time on patch management (which unfortunately is one of the reasons that so many pentests are so...
Read Entry >In the past couple of weeks there has been an interesting “hacking” trend going on in Israel. It started from the publication of a few thousand credit card records (out...
Read Entry >This paper has been published in several security conferences during 2011, and is now being made fully available (as well as a PDF version for downloading) Abstract Penetration testing...
Read Entry >It’s been a long time since I talked about IL-CERT. My personal story with the IL-CERT (or lack thereof) started somewhere in 2009 when I was dealing with some incidents...
Read Entry >Just a quick share on something that made me very happy this week (that’s what happens when the wife is not around):Â Enabling AirPlay on a non-apple device to stream both...
Read Entry >One of my favorite OSINT resources internet-haganah have opened up a new thread on their forums that are dedicated to Iran, called Ashiyane. This is basically the hacker forum that...
Read Entry >Thanks to Chris John Riley’s post, I was inspired to share my views and experiences from SecurityZone. Some of which I have already shared on the last post on SexyDefence,...
Read Entry >After a long time of no updates, I’m finally back to a “normal” schedule, but as always - there’s some new project that emerges from just being around extremely smart...
Read Entry >So, some of you have heard of SecurityZone, some are skeptical and some just jealous. Here’s the gist of it from my view: Professional: Awesome lineup. We managed (and I...
Read Entry >In the recent spree of cyber attacks on a plethora of US and international government and federal related establishments a lot of speculations are being thrown around as authorities are...
Read Entry >So, another epic Brucon has ended, and while everyone is getting their thoughts together again (the amount of super smart people I have had the pleasure to have conversations with...
Read Entry >So, here comes the time when I say out loud something about where I work on this blog… My company - Security Art, is at the challenging phase where we...
Read Entry >Following is my radio interview with Galatz’s “Security Belt” programme where we discuss Cyber Security issues, the political and diplomatic aspects of them, and the recent attacks on Israeli sites...
Read Entry >Today I’m proud to give this stage to some friends from GFI (have some good friends from the former Sunbelt guys that were acquired by GFI last year). Vanessa is...
Read Entry >So, as if I didn’t have enough flights this year, here is where you can find me and hang out / grab a beer / talk shop / hack: August...
Read Entry >Long time no post. Sorry about that <insert favorite excuse>. Anyway, as you can probably imagine, here’s another rant brewing. We have been dealing with a barrage of mobile application...
Read Entry >I have looked for a good example for a real-world security practice that is misconceived and that also applies to information security. Recently I have had a chance to read...
Read Entry >This just came in the mail: (twice - at two different mailboxes - I must be a high value target for these guys) A classic phishing email, with the only...
Read Entry >After the disclosure of the host_id authentication issues that plagued the popular Dropbox service last week, a new issue came up with the fact that Dropbox can detect whether the...
Read Entry >Insights from the NISA International SCADA Security Forum conference (NISA stands for National Information Security Authority, which is a division of the Israeli Security Agency). We all know that SCADA...
Read Entry >I’m guessing that having “APT” in anything that goes outside for public consumption these days is mandatory, but this post actually has a good reason to do so. If you...
Read Entry >I have been fortunate enough to be working with a group of peers from the security industry over the past few months (since November 2010) on finally creating a solid...
Read Entry >It’s been a long time since my last post, but trust me for all the good reasons (i.e. work). This one is long due, and has been recently fueled after...
Read Entry >Looking back at 2010 shows a widening gap between cybercrime and law enforcement capabilities, in conjunction to nations that have started the cyber-race to develop defensive and offensive capabilities. Most...
Read Entry >We have been quite busy here at Security Art in the last few weeks (as the blog posting frequency suggests), but I figured I would provide a quick preview of...
Read Entry >Disclaimer: this is a rant. OK, so I travel a lot. Over a dozen trips this year to be more precise (17 and counting). As such, I tend to be...
Read Entry >Every time I get back from the annual DefCon/BlackHat/BSides conferences in Vegas, i usually run into some of the local security folks that managed to make the trip as well,...
Read Entry >Some additional BlueHat wrap-up -  a collaborative post with a dear colleague of mine Fyodor Yarochkin has just been posted on the BlueHat blog. The interesting thing about this is that...
Read Entry >So, after quite some time of working behind the scenes, and making an effort to focus on essence rather than buzz, the CSFI have published their official report on Stuxnet....
Read Entry >I was approached recently by Bart PÂ from Panda security in order to participate in an industry expert Q&A about the botnet wars (apparently he did his homework as he got...
Read Entry >So everyone has been fully focused on Stuxnet - trying to figure out (again) what 0-days were involved, how were networks crossed, which command-and-control channels are utilized and how the...
Read Entry >Following my last post on the realistic cost of a pen-test (which as I mentioned was derived from long conversations on the topic with a couple of friends from the...
Read Entry >So I was having some really interesting conversations over the last couple of days with some of the best people I know in the security industry (yeah, I’m looking at...
Read Entry >It’s very intriguing to see how our perceptions sometimes work against us - I have noted my “business†connections on LinkedIn regarding the recent merge of the Security & Innovation...
Read Entry >As noted before, for some reason beyond my understanding I am going to be speaking at both SOURCE Barcelona and Brucon in September, as well as in Excaliburcon in China...
Read Entry >If you have been listening to any security podcasts in the past year or so, I’m sure you must have stumbled across the ISDPodcast (InfoSec Daily). If you haven’t, now’s...
Read Entry >Instead of updating the post in question (again), I figured I’ll post all the new info here and call this a wrap. So, we all know about the security scammer...
Read Entry >You have been living under a rock if you haven’t heard of the Turkish hack a couple of days ago. Basically - a Turkish hacker forum that bolsters a strong...
Read Entry >I have been playing around with some wireless security for one of my customers lately. Having a pretty solid understanding of how things work, but also having been challenged to...
Read Entry >Just wanted to let you all know (as a member of the CSA-IL board) that we will be having a conference on September 2nd who’s title is “Cloud Security Technology...
Read Entry >Funny thing how I got to go to Miami last week… So, one time, at security camp, I figured that there isn’t a whole lot of infrastructure in my back...
Read Entry >Here’s a common question I get asked a lot: “What technology should I use to secure my server/network/[some technology]?†The question is usually presented by someone who’s in charge of...
Read Entry >I’ve had some hard time coming up with this post. I had the great opportunity to travel quite a bit lately - specifically to Berlin where basically EVERYBODY in security...
Read Entry >I have been fortunate enough to be picked up by several CFP of great conferences, which basically gave me the opportunity to participate at conferences I wanted to go to...
Read Entry >This is going to be painful, so hold on. Instead of mumbling short tweets about things I think that suck, I decided to keep everything in and just formulate a...
Read Entry >Hola from Barcelona! It’s been a very productive couple of days here. Quite a lineup for this version of the BlackHat briefings out here. I had the great fortune of...
Read Entry >As promised - here is the “official” cross-post from my guest appearance on fudsec.com. Enjoy! I’ve been intravenously fed with FUD for as long as I’ve been in the business....
Read Entry >Just a quick FYI - a new post by yours truly has been published over at fudsec.com. One of my favorite blogs with some really cool contents (still wondering how...
Read Entry >In my recent coverage of CyberCrime and CyberWar, I have neglected my old “friends” at the criminal world and gave them a little less attention (at least on their consumer...
Read Entry >OK, so a quick shameless plug for me and a couple of good friends at EL: I had the pleasure of throwing it all out with the ExoticLiability crew over the...
Read Entry >So some of you know that I switched (back) to a mac. Great. One tiny thing mudded the whole experience - a couple of days after getting the Macbook Pro,...
Read Entry >Aha! Can’t believe I managed to avoid the unbelievable hype flood that swept across the interwebs in the last month. And to think that the last post (long overdue, I...
Read Entry >I’ll spare you the “2009 security in review” which you can read just about anywhere else you go now. I’ll also avoid the “what to expect in security in 2010”...
Read Entry >From the “We should have trademarked this” department: McAfee came out with their “Mapping the Mal Web“[PDF] report and are proving that innovation is best left for the smaller players...
Read Entry >I just ran across this great blog post from Lori MacVittie at Web2.0 Journal. Can’t say exactly why it sparked my interest, but after reading it I realized this may...
Read Entry >So, It’s been quite some time since ExcaliburCon has been concluded, and I have been delaying this post due to some other work related activities that jumped on me right...
Read Entry >For your viewing pleasure - if you happened to miss out on DefCon 17 earlier this year, the full video and slides of my talk “Down the Rabbit Hole - uncovering a...
Read Entry >You must have seen this coming - I was holding off from discussing cloud security for quite some time for a few good reasons, but now it’s time to take...
Read Entry >Sometimes the only thing you can say about something boils down to the sound of your palm hitting your forehead. We have been seeing many ways in which criminals try...
Read Entry >So the talk at Hacker Halted was really good - I was impressed with the quality of the audience and the presentations. As promised, I’m posting my slide deck here...
Read Entry >Just stumbled across this: http://www.symantec.com/connect/blogs/google-groups-trojan - basically, botnets are utilizing Google groups (could have been any other mailing list system for the sake of argument) to communicate between the bots...
Read Entry >My latest post on the Israeli Insurance Association (http://www.igudbit.org.il/Index.asp?ArticleID=1235&CategoryID=98 [HEBREW]) discusses the challanges of managing risk in a complex organizational environment where you have to take into account end-users meddling...
Read Entry >Whenever you look at cybercrime/eCrime, the question always pops up - what is the link between this highly sofisticated economy and aggregation of technologies, with government affairs or cyberwarfare. The...
Read Entry >A great find by Jose Nazario shows how botnets have moved on from relying on old-school communication schemes (usually IRC or direct HTTP connections) to utilizing the tools that Web2.0...
Read Entry >I was thinking about translating my recent article I wrote for the Israeli Insurance Association (see my last post), but decided to completely rewrite it so it would apply to...
Read Entry >Just a quick cross post to an article I wrote for the Israeli Insurance Association (this one in Hebrew - an English post will be uploaded to this blog soon)....
Read Entry >Unless you’ve been living under a rock in the past couple of years, you have been exposed to Twitter in some shape or form. Having adopted the means of socializing...
Read Entry >What a great time to start thinking of travel – the weather is fairing up, June is here, and fortunately for me, I have a chance to take the driver...
Read Entry >I’ve just finished reading a great little note from Brian Krebs on the Washington Post that enabled me to “out†(don’t worry, I won’t) an incident that some of us...
Read Entry >You may have already gotten yourself familiar with how eCrime works from our past research and field presence, but here is one more great example of this fascinating business: This...
Read Entry >I was just reviewing the latest FBI report from the Internet Crime Complaint Center (IC3) here (PDF), and although I’m sure that a lot of security vendors out there are...
Read Entry >What a great way to sum up my last couple of posts – the Conficker media frenzy, and social aspects of web attacks. You can’t come up with these things...
Read Entry >Just like BBC’s botnet debacle which fueled a vivid discussion amongst security circles, debating if the exposure is good (i.e., raising awareness to the threat) or bad (i.e., not really...
Read Entry >It’s that time of the year again… March madness is engulfing us with news and pre-season activities, and everyone is out and about to see what we would be seeing...
Read Entry >It’s been a while since security vendors clashed on technology and made “bold†statements referring to the competition. Maybe is the recession, and in an attempt to grab some attention...
Read Entry >After looking into the security issues and requirements that Microsoft has been working on in terms of the future browser, and based on our earlier predictions on the matter, comes...
Read Entry >After talking about how your next operating system is not going to be related to Windows or Mac or Linux (hint – you are reading this post using it… more...
Read Entry >So, yesterday I wrote about the new (and much expected) vulnerabilities in Google’s Gears technology. The issue is clear – Gears is picking up speed and traction as Google’s applications...
Read Entry >Moving on from the social networking issues we outlined in the past couple of weeks, after following the predictions, and their materialization (here, here, here in the announcement of Gmail...
Read Entry >As the social networking threats angle is picking up a lot of traction lately <pat_on_own_back>, the folks at Netragard have posted a great write-up on using social networks as an...
Read Entry >OK, so we know that social networking sites have their issues and threats associated with them, we’ll be the first to admit it. But on the same note, we also...
Read Entry >If you haven’t heard yet, the newest version of Microsoft’s Internet Explorer 8 (RC1) have been endowed with support for “Anti-Clickjacking†(for more background on clickjacking, check out: http://ha.ckers.org/blog/20080915/clickjacking/). This...
Read Entry >I’ve been asked to contribute once again to the Microsoft BlueHat blog, and have written a quick “state of the web security†post. Check it out, and as always, feel...
Read Entry >A recent report from McAffee reaffirms our 2009 predictions, and talks about how eCrime is starting to benefit from ex-employees, noting that this trend is not limited to the IT...
Read Entry >How about answering email messages when you are not online? Easy, right? But, if you are using a webmail account that used to be a problem; so was reading unopened...
Read Entry >As we have been predicting (and following during 2008), the criminal’s mind is very much attuned to public mind. The current issues that everyone (well, at least a lot of...
Read Entry >It was bound to happen. It didn’t work in Third World countries, attempts to do it in Western civilization failed one by one, and now it is proven again that...
Read Entry >It is funny how security works, isn’t it? When you think you got rid of the old-school (aka “stupidâ€) threats, reality hits you right back. Confiker/Downadup is a simple worm; ...
Read Entry >A lot of write-ups have been covering this, so here are a few from InformationWeek, Dancho, SCMagazine and McAfee. Besides saying the ever satisfying “told you soâ€, nothing much to...
Read Entry >I have just read a couple of excellent posts (on SquaredPeg, and InsideFacebook) that talk about something I have been preaching for a while – your online identity and how...
Read Entry >In the line of our ongoing “educationâ€, we all know by now that eCrime is no longer lurking right there waiting for victims to come knocking, but is rather working...
Read Entry >As promised, the AIRC Threat Report for November is out. And as also promised, the link to McColo is revealed here – during the time when we were looking at...
Read Entry >Recently, there has been a lot of focus from the security research community on a hosting provider named McColo corporation (out of San Jose, CA). Reports on spam, phishing and...
Read Entry >And the leader according to the highly non-scientific research done using Google for a specific attack vector is: Barack Obama. Obama related sites have managed to get infected in such...
Read Entry >I’ve been contemplating a title for this post for a long time, eventually I decided to merge two of my favorites (and leave the third alone: looking for the cuckoo’s...
Read Entry >Despite being reported as “out of business†in late July/August, (see this blog, and this article as well), Neosploit, one of the most widely used tools by cybercriminals, clearly hasn't...
Read Entry >I Ran into this on Slashdot: http://tech.slashdot.org/tech/08/09/21/1827209.shtml. It seems like the Google filter for malicious sites was blocking a whole domain name - including all sub-domains, which happened to be...
Read Entry >Following the recent news on how an anonymous group has managed to take over Sarah Palin’s Yahoo! email account; we have noticed some interesting happenings. As wikileaks which was the...
Read Entry >In a somewhat below-the-radar report, the anti-phishing working group (APWG) Q1 report is for the first time in its report showing a decrease in the number of phishing reports towards...
Read Entry >As websites are getting to be treated more like applications, users, both end-users and especially business ones, are moving from traditional old-school desktop applications (remember when “client-server†architecture was the...
Read Entry >During our research for the latest Malicious Page of the Month that has just been released, we came across a domain that was being used as a command and control...
Read Entry >Following up on my last post, after filing a complaint with the abuse department of privacyprotect.org (and blogging about the problem), I have just received an update noting that: –quote–...
Read Entry >As part of the “closure” on the February Malicious Page of the Month, which involved meoryprof.info (taken down), and spywaresafe.net we have contacted the appropriate parties in order to notify...
Read Entry >We have been working recently on a XSS attack that impacted a huge number of potential victims, as the attack itself has been “optimized†by SEO (Seacrh Engine Optimization) practices...
Read Entry >While conducting research for the latest Malicious Page of the Month we have just released, we tried to track down the origins of the crimeware. Obviously, this is a daunting...
Read Entry >We have been watching in amazement the impact our latest Malicious Page of the Month had on the industry and media. From coverage at Fox Business News, and the Washington Post,...
Read Entry >Not a virus. Not even a malware. Neither is the runner up… It’s the method of how malware is populated. According to a report, the most common malware attack in...
Read Entry >I just love it how old news are recycled with a bit of a flare when they become relevant again. The latest Orkut worm reports talk about the technique that...
Read Entry >Ok, I have just read the latest in “IFRAME Security†articles and had to write something about it. While going through my usual RSS feeds, I stumbled onto this article,...
Read Entry >So our Malicious Page of the Month for September is out now. Going over the details of the document, I wanted to re-visit an old habit I had back in...
Read Entry >Coincidence or just sheer luck, but I just happened to stumble upon this article announcing that Google has come up with a widget that serves advertisements, and quoting the source:...
Read Entry >When we here at the MCRC are publishing our quarterly trends reports (http://www.finjan.com/Content.aspx?id=827), we are always facing the possibility that what we have been working on and predicting that would...
Read Entry >This is a bit off-the-beaten-path of this blog’s usual in-depth hardcore security posts. I was going through some of the support related emails that have some relevance to the areas...
Read Entry >Or how a contact may get too close for comfort… It’s finally here. August 14th, and we are finally in liberty to talk about the vulnerability in the Vista Sidebar...
Read Entry >So it’s been a really hectic couple of days here in Vegas. We are here (myself and 2 members of MCRC - Aviv & Amir), running between presentations, and handling...
Read Entry >Last Wednesday (June 13th), SecureBrowsing has alerted us on a “cute†MySpace profile being used as a malicious code attack vector. This is not the first catch by SecureBrowsing, but...
Read Entry >There has been a lot of noise on the web over the past few days in regard to the MPack toolkit being used in the Italy region. Everyone has been...
Read Entry >What would you say if you saw one of these code snippets in a website you browse to: dim tass Set tass = CreateObject("CnsHelper.CH") If IsObject(tass) then HasCns = true...
Read Entry >First things first - big Kudos to Google for their research paper. We at MCRC have found it to be very reassuring for us - now we know we are...
Read Entry >The funniest thing happened yesterday - at a watercooler conversation our CTO informs us of a site that uses techniques from almost all of our trend reports (which means we...
Read Entry >We have just finished working on a new monthly released paper that will focus on a new “page” (dubbed “Malicious Page of the Month”). This month we have analyzed an...
Read Entry >