Infosec Reading List – May 2017

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security and Outdoor Sports – but you will also find other recommendations from time to time.

All InfoSec Reading Lists can be found here.

Best of Twitterverse


  • “Make Confide great again? No, we cannot”link
  • It’s all about asset management – link
  • 28 character password on Win machines – read here why – link
  • Great article on “Lessons Learned in Detection Engineering” – link
  • “Journal of Proof of Concept or Get the F%$& Out” – PoC||GTFO – link
  • “Setting the Record Straight: containers vs. Zones vs. Jails vs. VMs”link
  • “How Long Does It Take to Crack Your Password?” – baseline explanation around the topic of password complexity – link
  • “Penetration Testing Tools Cheat Sheet”link

Layer 7

  • “Securing Browsers Through Isolation Versus Mitigation” – on the difference of Edge vs Chrome in regards to approaching a secure browser – link
  • “Collecting huge amounts of data with WhatsApp” – I leave it with the reader to decide whether this is good or bad in regards to security/privacy – link
  • “How my car insurance exposed my position” – link
  • The Error Page worth 5K bug bounty – link
  • Notification Emails: IP + Content-Spoofing – Repeat: Never trust client data – repeat again: Never trust client data – link
  • Repeat once again: never trust client data – “Finding an arbitrary file upload vulnerability in a filesharing script” – link

IoT (with S for “Security”)

  • “Web Bluetooth API Privacy” – this sounds spooky but obviously is the way forward to connect browser environments to the surrounding IoT environment – what could possibly go wrong? “Can we realistically assume that users in general will know the distinction between pairing a local smartphone/kettle/beacon with a local laptop, and pairing a smartphone/kettle/beacon/toothbrush with a remote site?”link – btw, this seems to be implemented by now – link
  • “Cybercrime on the high seas: the new threat facing billionaire superyacht owners”link
  • “Radio Controlled Pacemakers Are Easily Hacked”link


  • “So let’s try to look at it calmly as I’d expect of a student writing an assignment.” – Ross Anderson on the hype around the Wannacry malware – link
  • Patching is hard – some thoughts from Steven Bellovin – link

Mobile Related

  • On the responsibility of patching android devices – link
  • “Android Encryption Demystified”link


  • “When a River Trip Ends in Tragedy” – nature can be unforgiving – link
  • “A lot of times it is just about being at the right location at the right time.” – The Guy Who Captures Seemingly Impossible Photos – link
  • Packrafting in Europe – overview map – link


  • “just 33% of executives in our 2007 survey said their CEO was a champion for digital; that number has doubled to more than 68% today” – link

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s