Infosec Reading List – January 2017

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security and Outdoor Sports – but you will also find other recommendations from time to time.

All InfoSec Reading Lists can be found here.

InfoSec

  • Will Stamos leave Facebook within the next months? Stamos acting as a human warrant-canary for the Trump era? – link
  • On the Yahoo! Hack, the challenges of CISOs nowadays and the corresponding attrition. The political circumstances of accountability in case of a breach play an important role and shouldn’t be neglected. Did he/she get the board / c-level support in order to implement the planned controls? Did stakeholders within the company go into the same direction?  – link
  • On the sheer impossibility of deleting data from Cloud Storages (Dropbox in this case) – there is always something that could go wrong – link
  • “Anonymity needs homogeny – security doesn’t” – the grugq on Tor, the corresponding risks of the Tor Browser Bundle and FireFox Patch Management – link
  • Continuously improving macOS Security and Privacy Guide – link
  • “Today is Inauguration Day in the United States, the day we enact one of our most sacred democratic traditions, the peaceful transition of power. Regardless of one’s political disposition, today we acknowledge our shared values of Freedom, Justice, and Liberty as secured by our Constitution. This is the reason why I’ve chosen today to relaunch Lavabit”. link – additional background on Lavabit – link
  • List of awesome IoT Hacks –link
  • How to get the email address for each Facebook user – fixed vulnerability on Facebook.com – mobile interface has different behavior than normal website – link
  • Troy Hunt on the process of verifying the legitimacy of leaked data and pinpointing the source before using it on HIBPlink
  • Ever thought about locating WIFI devices based on WIFI probe requests with the support of Raspberry Pis? – link (via link)
  • The Introductory IoT Hardware Hacking Tool Box – link
  • More technical details on the latest Android malware called Fancy Bear used to for tracking Ukrainian field artillery units – link
  • There is a WhatsApp backdoor!? There is NO WhatsApp backdoor!? But key rotation + proper user engagement is hard.
  • How did Barack Obama communicate throughout the last years as US president? – link
  • The usage of a web shell during an attack is a weak evidence for attribution purposes – it’s a common tool to execute the next steps after a server has been compromised. The whole discussion shows how complicated it is to do a proper attribution – especially if evidence cannot be published for whatever reasons – link 1link 2
  • Cellebrite lost 900 GB of data – link – the question remains why “a legacy backup” has been stored on this external facing webserver – link – in case Cellebrite doesn’t ring a bell, The Intercept has an interesting story about their capabilities – link – Cellebrite obviously also helped out the FBI during the “San Bernadino” case – link
  • “We reverse engineered 16k apps, here’s what we found.” Hardcoded credentials in Android Apps? – link
  • Same PC – cross browser fingerprinting – link
  • Master Thesis on “Security Analysis of the Telegram IM” – if you don’t have the time to deep dive, recommend to read the conclusion – link
  • Technical deep dive into the Linux/IRC Telnet (new Aidra) malware focusing on infecting IoT devices in order to build up
    DDOS capabilities. Attack vector: Telnet + weak passwords – link
  • Interesting read around the topic of application whitelisting (AW) and arguments for/against it – AW is a powerful weapon against the fundamental weaknesses of the endpoint environment – link
  • Where am I? Quick but interesting example of geolocation and the power of Open Source – link
  • Story around the creator of the Mirai Botnet – link

Misc

  • The HBR on why ethical people make unethical decisions – link
  • “This is the most dangerous time for our planet” – Professor Stephen Hawking on the current situation of politics – link
  • The Intercept on SEAL 6 operations – long article – link – the response from SEAL 6 members can be found here – link
  • The Atacama is commonly known as the driest non-polar place in the world. Ars has a short article on how humans survived in this area thousands of years ago – specifically for me quite interesting to read since I spent some time in this area in 2016 – link
  • Fear is a strong emotion that plays an important role in all kinds of outdoor sports – SideTracked has an interesting interview Aldo Kane and how fear can be addressed and managed properly – link
  • SideTracked on the MdS (Marathon des Sables) – link
  • Packrafting Afghanistan – link
  • Amnesty International on counter-terrorism measures and their impact on the rights of individuals:
    “This report aims to give a bird’s eye view of the national security landscape in Europe. It shows just how widespread and deep the “securitization” of Europe has become since 2014. The report reflects a world in which fear, alienation and prejudice are steadily chipping away at the cornerstones of the EU: fairness, equality and non-discrimination.” link
  • Be aware: due to increased demand, there is a huge amount of reprints ordered of George Orwells 1984link – but don’t forget that the book is available for free online as well – link
  • Excellent overview map for US based long distance trails. Yes, there are PCT, CDT and AT – but obviously there is much more out there – link
  • Got some more spare time? The Great Trail in Canada offers around 20,000 km of connected trails – great website – link

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s