On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here.
Quotes from the Twitterverse
InfoSec
- Applied Crypto Hardening - excellent site with advise about crypto in the real world - be aware of the release date, things could have changed since then - [link]
- Apple in China: who holds the keys? - in most of the cases, the main issue about encryption nowadays is not the algorithm itself, but the key management - [link]
- Attack of the Week: Group Messaging in WhatsApp and Signal - analysis of attack discovered by my former prof + students - [link]
- Information Security Assessment Types - excellent overview of the different assessment types and their differences - [link]
- Qubes Air: Generalizing the Qubes Architecture - discussion of aspects to get Qubes “cloud ready” - interesting times ahead in regards to Qubes - [link]
- Air-Gap Research Page - “This page is dedicated to air-gap jumping research” - [link]
- An Elegant Way to Ruin Your Company’s Day - Introduction to Public AWS EBS Snapshots - configuration mistakes on AWS can end badly, this does not only count for S3 but also for EBS - [link]
- New EU Privacy Law May Weaken Security - discussion around GDPR and the impact on WHOIS records - [link]
- Meltdown and Spectre: Security is a Systems Property - [link]
- Edward Snowden’s New App Uses Your Smartphone to Physically Guard Your Laptop - discussion around the “Haven” app - what is not discussed in the article is the fact that the usage of the app could be problematic in some countries due to privacy laws - [link]
- Dark Caracal: State-Sponsored Spyware for Rent - hardware killswitches for sensors is a nice thing to have, unfortunately there is no market for it (yet) - [link]
- Understanding the Limitations of HTTPS - “HTTPS is a necessary condition for secure browsing, but it is not a sufficient condition” - [link]