I Am Security

The curious case of Dropbox security

Apr 13, 2011

—

by

After the disclosure of the host_id authentication issues that plagued the popular Dropbox service last week, a new issue came up with the fact that Dropbox can detect whether the files you are trying to upload to their cloud already exist there, and “save you the bandwidth” of uploading it if they already have a…

SCADA, control systems and security – not necessarily enemies

Apr 6, 2011

—

by

iamit

in Opinion, Security Research

Insights from the NISA International SCADA Security Forum conference (NISA stands for National Information Security Authority, which is a division of the Israeli Security Agency). We all know that SCADA has been considered a security nightmare for a long time. Admittedly, I only have a short experience with such systems and control systems in general…

Defense through Offense, and how APT fits there

Apr 3, 2011

—

by

iamit

in Opinion

I’m guessing that having “APT” in anything that goes outside for public consumption these days is mandatory, but this post actually has a good reason to do so. If you look back just one post in the past, we were discussing the new initiative to define “Penetration Testing”. The post, and the proposed standard itself…

Defining Penetration Testing

Mar 4, 2011

—

by

iamit

in Opinion, Security Research

I have been fortunate enough to be working with a group of peers from the security industry over the past few months (since November 2010) on finally creating a solid definition of what a penetration testing is. It has been a topic that has been abused, cannibalized, and lowered toÂ a level where we (as in…

About CyberWar, Deterrence, and Espionage

Feb 14, 2011

—

by

iamit

in Opinion, Security Research

Discussing cyberwar, cyber deterrence and cyber espionage