Infosec Reading List – February 2017

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security and Outdoor Sports – but you will also find other recommendations from time to time.
All InfoSec Reading Lists can be found here.
Collection of some interesting Tweets
InfoSec
- Dutch secret service tries to recruit TOR admin – interesting story but not limited to NL only – this happens everywhere – link
- Discarded laptop yields revelations on network behind Brussels, Paris attacks – link
- Security aspects in agile development environments – link
- “Scientific Hooliganism” from around 1900 – the story about one of the first wireless hacks – link
- End-2-end encryption prevents data mining, hence targeted adds – story behind Google’s story of implementing end-2-end encryption for Gmail – link
- Why it sucks to be a Security Researcher – link
- Bypassing Telekom FON hotspot authentication – link
- Sunny with a chance of stolen credentials: Malicious weather app found on Google Play – capability to lock phone and hold it as ransom besides harvesting banking credentials and intercept messages – link
- How I got your phone number through Facebook – link
- On Web Cache Deception Attacks – link
- Who Ran Leakedsource.com? – link
- Data from connected CloudPets teddy bears leaked and ransomed, exposing kids’ voice messages – link
- Academia strikes back – Partial list of contact points for aspiring graduate students (and post-docs) in Computer Science/Engineering from US-banned countries – link
- Hotel guests locked out of their rooms due to ransomware – “However the hotel management decided to limit exposure to future attacks by rolling back to regular locks and keys, also answering requests of some customers looking for a more traditional and home-like atmosphere.” – while the trend tends to connect everything to the Internet (see IoT mess), there will be a smaller group disconnecting specific environments in order to avoid risks – being “offline” will potentially become a hipster trend – link
- OpSec guidelines for “Twitter Activist Security” – link
- “I have nothing to hide. Why should I care about my privacy?” – read the article in case you hear this sentence often – specifically the practical reasons mentioned in the article are worth to consider – link
- Reading Uber’s Internal Emails [Uber Bug Bounty report worth $10,000] – link
- Printer (In)security – nice work by former colleagues from the RUB – link
- PGP – why giving up on PGP – why not giving up on PGP – link and link
- Cloudbleed – pragmatic thoughts – link – and the official statement from CloudFlare with quite some information in it – link
- First SHA-1 collision has been announced – official statement – link – and another interesting article from 2014 on why Google intends to kill SHA-1 – link
Outdoors
- Thru Hiking the PCT in 2017 could become a mission with a lot of snow – link
- List of 30 terrifying trails around the world –> fill up your bucket lists – link
- The Scottish bothy bible guidebook – link
- Long Before McCandless (the guy behind Into the Wild), John Hornby Tested Himself in Northern Canada—and Failed – link