On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here.
Quotes from the Twitterverse
InfoSec
- Disqus Demonstrates How to Do Breach Disclosure Right - [link]
- Forrester.com Experienced A Cybersecurity Incident - [link]
- Replacing Social Security Numbers Is Harder Than You Think - Steve Bellovin on the complicated matter of national IDs – “SSNs are not the problem; authentication commensurate with the risk to all parties, including especially individuals, is.” - [link]
- Introducing the Next Generation Qubes Core Stack - [link]
- Mac Dumpster Diving – Identifying Deleted File References in the Trash (.DS_Store) Files - [link] - [link]
- The Absurdly Underestimated Dangers of CSV Injection - this is an impressive example how plaintext data, that is supposed to do no harm in general, could trigger malicious behavior simply by interpreting it the wrong way - and yes, there are error messages that people “could” read - but will they? - [link]
- Responding to typical breaches on AWS - [link]
- Patching is hard; so what? - indeed it is, but there are other alternatives in order to address problems that require immediate attention – so doing nothing is no option here - [link]
- Falling through the KRACKs - everybody talks about the WPA mess this month - [link]
- Metadata: a hacker’s best friend - wget + exiftool + Splunk for visualization - nice writeup to get a powerful overview of metadata - [link]
- One Line of Code that Compromises Your Server - [link]
- Equifax website borked again, this time to redirect to fake Flash update - [link]
- Smart home: remote command execution (RCE) - RCE via unchecked php variables in Fibaro Smart Home solution - [link]
- Google is permanently nerfing all Home Minis because mine spied on everything I said 24/7 [Update x2] - [link]
- Reverse Engineering My Home Security System: Decompiling Firmware Updates - not attacking the network interfaces this time, but reversing the firmware updates including OSINT via github - interesting read - [link]
- Nigerian Man Hacked Thousands of Global Oil & Gas and Energy Firms - “Even though this individual is using low-quality phishing emails, and generic malware which is easy to find online, his campaign has still been able to infect several organizations.” - [link]
- Detecting Lateral Movement through Tracking Event Logs - [pdf] - [link]