I Am Security

Tag: analysis

  • Local PayPal Phishing – and why we need a CERT

    This just came in the mail: (twice – at two different mailboxes – I must be a high value target for these guys) A classic phishing email, with the only exception that it seems highly targeted at the Israeli market! (yeah – I know, I sound a little excited, but this is the first one…

  • The curious case of Dropbox security

    After the disclosure of the host_id authentication issues that plagued the popular Dropbox service last week, a new issue came up with the fact that Dropbox can detect whether the files you are trying to upload to their cloud already exist there, and “save you the bandwidth” of uploading it if they already have a…

  • SCADA, control systems and security – not necessarily enemies

    Insights from the NISA International SCADA Security Forum conference (NISA stands for National Information Security Authority, which is a division of the Israeli Security Agency). We all know that SCADA has been considered a security nightmare for a long time. Admittedly, I only have a short experience with such systems and control systems in general…

  • Defense through Offense, and how APT fits there

    I’m guessing that having “APT” in anything that goes outside for public consumption these days is mandatory, but this post actually has a good reason to do so. If you look back just one post in the past, we were discussing the new initiative to define “Penetration Testing”. The post, and the proposed standard itself…

  • Information Security Intelligence Report for 2010 and Predictions for 2011

    Looking back at 2010 shows a widening gap between cybercrime and law enforcement capabilities, in conjunction to nations that have started the cyber-race to develop defensive and offensive capabilities. Most of the attacks analyzed in 2010 depict organizations that fall behind in their defensive strategies as attackers take advantage of a hybrid approach that merges…