Infosec Reading List – February 2017

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security and Outdoor Sports – but you will also find other recommendations from time to time.

All InfoSec Reading Lists can be found here.

Collection of some interesting Tweets



InfoSec

  • Dutch secret service tries to recruit TOR admin – interesting story but not limited to NL only – this happens everywhere – link
  • Discarded laptop yields revelations on network behind Brussels, Paris attacks – link
  • Security aspects in agile development environments – link
  • “Scientific Hooliganism” from around 1900 – the story about one of the first wireless hacks – link
  • End-2-end encryption prevents data mining, hence targeted adds – story behind Google’s story of implementing end-2-end encryption for Gmail – link
  • Why it sucks to be a Security Researcher – link
  • Bypassing Telekom FON hotspot authentication – link
  • Sunny with a chance of stolen credentials: Malicious weather app found on Google Play – capability to lock phone and hold it as ransom besides harvesting banking credentials and intercept messages – link
  • How I got your phone number through Facebook – link
  • On Web Cache Deception Attacks – link
  • Who Ran Leakedsource.com? – link
  • Data from connected CloudPets teddy bears leaked and ransomed, exposing kids’ voice messages – link
  • Academia strikes back – Partial list of contact points for aspiring graduate students (and post-docs) in Computer Science/Engineering from US-banned countries – link
  • Hotel guests locked out of their rooms due to ransomware – “However the hotel management decided to limit exposure to future attacks by rolling back to regular locks and keys, also answering requests of some customers looking for a more traditional and home-like atmosphere.” – while the trend tends to connect everything to the Internet (see IoT mess), there will be a smaller group disconnecting specific environments in order to avoid risks – being “offline” will potentially become a hipster trend – link
  • OpSec guidelines for “Twitter Activist Security” – link
  • “I have nothing to hide. Why should I care about my privacy?” – read the article in case you hear this sentence often – specifically the practical reasons mentioned in the article are worth to consider – link
  • Reading Uber’s Internal Emails [Uber Bug Bounty report worth $10,000] – link
  • Printer (In)security – nice work by former colleagues from the RUB – link
  • PGP – why giving up on PGP – why not giving up on PGP – link and link
  • Cloudbleed – pragmatic thoughts – link – and the official statement from CloudFlare with quite some information in it – link
  • First SHA-1 collision has been announced – official statement – link – and another interesting article from 2014 on why Google intends to kill SHA-1 – link

Outdoors

  • Thru Hiking the PCT in 2017 could become a mission with a lot of snow – link
  • List of 30 terrifying trails around the world –> fill up your bucket lists – link
  • The Scottish bothy bible guidebook – link
  • Long Before McCandless (the guy behind Into the Wild), John Hornby Tested Himself in Northern Canada—and Failed – link

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s