I Am Security

Tag: Attack Vector

  • The curious case of Dropbox security

    After the disclosure of the host_id authentication issues that plagued the popular Dropbox service last week, a new issue came up with the fact that Dropbox can detect whether the files you are trying to upload to their cloud already exist there, and “save you the bandwidth” of uploading it if they already have a…

  • Defense through Offense, and how APT fits there

    I’m guessing that having “APT” in anything that goes outside for public consumption these days is mandatory, but this post actually has a good reason to do so. If you look back just one post in the past, we were discussing the new initiative to define “Penetration Testing”. The post, and the proposed standard itself…

  • the art of not thinking about elephants

    Approaching risk management should be done in the most holistic manner, this means that EVERY aspect of information flow should be taken into account. This article describes how a red-team test managed to exfiltrate data out of a closed/non-connected network using innovative thinking.

  • The Botnet Wars – industry Q&A

    I was approached recently by Bart P from Panda security in order to participate in an industry expert Q&A about the botnet wars (apparently he did his homework as he got quite the lineup to participate in this, guessed he can count me as a close miss :-)…). He managed to compile a great Q&A where…

  • Learning from stux, and connecting more dots in infosec

    Learning from stuxnet on how we are exposed to similar attacks. Connecting the dots between technology, society, and the human factor when talking about cyberwarfare.