Home Infosec Reading List - January 2017

Infosec Reading List - January 2017

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here.

Quotes from the Twitterverse



  • Facebook CSO Alex Stamos is a human warrant-canary for the Trump era - Stamos acting as a human warrant-canary for the Trump era? - [link]
  • Amid Yahoo hacks, a churn of security officers - On the Yahoo! Hack, the challenges of CISOs nowadays and the corresponding attrition. The political circumstances of accountability in case of a breach play an important role and shouldn’t be neglected. Did he/she get the board / c-level support in order to implement the planned controls? Did stakeholders within the company go into the same direction? - [link]
  • Dropbox surprise – deleted files magically reappear after several years - On the sheer impossibility of deleting data from Cloud Storages (Dropbox in this case) – there is always something that could go wrong - [link]
  • Tor and its Discontents - Anonymity needs homogeny – security doesn’t - the grugq on Tor, the corresponding risks of the Tor Browser Bundle and FireFox Patch Management - [link]
  • Guide to securing and improving privacy on macOS - [link]
  • Awesome IoT Hacks - [link]
  • A data breach investigation blow-by-blow - Troy Hunt on the process of verifying the legitimacy of leaked data and pinpointing the source before using it on HIBP - [link]
  • find-lf - Track the location of every Wi-Fi device (iphone) in your house using Raspberry Pis and FIND - [link]
  • Technical details on the Fancy Bear Android malware (poprd30.apk) - More technical details on the latest Android malware called Fancy Bear used to for tracking Ukrainian field artillery units - [link]
  • The presidential communications equipment under Barack Obama - How did Barack Obama communicate throughout the last years as US president? - [link]
  • Attributing the DNC Hacks to Russia - The usage of a web shell during an attack is a weak evidence for attribution purposes - it’s a common tool to execute the next steps after a server has been compromised. The whole discussion shows how complicated it is to do a proper attribution - especially if evidence cannot be published for whatever reasons - [link] - [link]
  • New Fingerprinting Techniques Identify Users Across Different Browsers on the Same PC - [link]
  • MMD-0059-2016 - Linux/IRCTelnet (new Aidra) - A DDoS botnet aims IoT w/ IPv6 ready - Technical deep dive into the Linux/IRC Telnet (new Aidra) malware focusing on infecting IoT devices in order to build up DDOS capabilities. Attack vector: Telnet + weak passwords - [link]
  • #DigitalSherlocks, Geolocation, and the power of Open Source - Where am I? Quick but interesting example of geolocation and the power of Open Source - [link]
  • Who is Anna-Senpai, the Mirai Worm Author? - [link]


  • How humans survived in the barren Atacama Desert 13,000 years ago - the Atacama is commonly known as the driest non-polar place in the world. Ars has a short article on how humans survived in this area thousands of years ago - specifically for me quite interesting to read since I spent some time in this area in 2016 - [link]
  • An Acquaintance With Fear - Fear is a strong emotion that plays an important role in all kinds of outdoor sports - SideTracked has an interesting interview Aldo Kane and how fear can be addressed and managed properly - [link]
  • Marathon Des Sables - [link]
  • Inflated Ambitions - Packrafting Afghanistan - [link]
  • Publisher printing more copies of George Orwell’s ‘1984’ after spike in demand - don’t forget that the book is available for free online as well - [link] - [link]
  • Trans Canada Trail - [link]
This post is licensed under CC BY 4.0 by the author.