On a monthly basis I will publish my reading recommendations which mainly focus on Information Security and Outdoor Sports – but you will also find other recommendations from time to time.
All InfoSec Reading Lists can be found here.
Best of Twitterverse
InfoSec
- BlackHat 2017: The Shadow Brokers — Cyber Fear Game Changers – interesting timelines + links to PDFs – link
- “The lack of focus on those more mundane problems came about because often security experts had little interest in or empathy for people, he said.” – Facebook calls for a more people-centric security industry – link
- Algorithms cannot discern good intentions, so they must be secure against everyone. – Going dark: encryption and law enforcement – there is a lot of truth in this article – link
- Ever get remote code execution by fragging a player? – Remote Code Execution In Source Games – link
- LinkedIn reveals your personal email to your connections – the interesting part of this article is the discussion around the contextual integrity (CI) theory by Helen Nissenbaum – link
- Black Hat 20 & DEFCON 25 – summary and recommended talks – link
- Top
10Most Obvious Hacks of All Time (v0.9) – growing list – link - Breaking the Security Model of Subgraph OS – interesting discussion around the sandboxing capabilities of Qubes OS and Subgraph OS – definitively worth a read – link
- “I break things, I don’t fix them” – we all should learn more about defense – link
- Be Prepared: Journalists and Security Researchers – link and related to that – Media Training is an OPSEC skill – link
- Ross Anderson on Compartmentation is hard, but the Big Data playbook makes it harder still – link
- Windows DRM Social Engineering Attacks & TorBrowser – important to consider when using anonymization techniques – link
Layer 7
- How the Twitter App Bypasses Paywalls – relying on referer and user-agent for authentication purposes is bad but obviously a desperate try to hold non-tech-savvy users off the free web offers – link
- How i Hacked into a PayPal’s Server – Unrestricted File Upload to Remote Code Execution – OSINT for vulnerable subdomains, file upload without input validation, bruteforcing folder ID, execute uploaded script, game over – link
- Blind SSRF on Yahoo owned server – link
- $10k host header – High School student gets 10,000 USD bug bounty for changing host header information – nice catch – link
IoT (with S for “Security”)
- Exploiting a weak spot in the power grid – link
Malware/Phishing
- Mitigations: Completeness/Effectiveness vs Performance – link
- Learnings from analysing my compromised server – writeup about what can go wrong in case you pick a weak root password for your sshd – link
Mobile Related
- From Chrysaor to Lipizzan: Blocking a new targeted spyware family – link
Outdoors
- Whitewater Packrafting 101: 10 Things you need to know to paddle safe + strong – link
- Arctic Alaska Packrafting Gear Suggestions: an Annotated Photo-list – very helpful post by Roman Dial on packrafting gear based on 50 years of experience – link
- The Garmin inReach: Merging Navigation & Communication – these are the new devices that merge the traditional Garmin GPS devices and Delorme’s InReach – I’m specifically astonished about the battery: “100 hours in 10-min tracking mode / 30 days in 30-min interval power saving mode” – link
- The man who went on a hike and never stopped walking – link
- Vindelfjällens Traverse, a packrafting lesson – interesting report about how quickly things can go wrong when going packrafting – link
- 400 Miles Jordan Hike – this sounds amazing and I would love to go back to Jordan anytime – I always had amazing times there – link – they even have a nice booklet for thru-hikers – link – now looking forward to being able to download the full GPX
MISC
- Research Shows That Organizations Benefit When Employees Take Sabbaticals – link