Infosec Reading List – February 2018

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security and Outdoor Sports – but you will also find other recommendations from time to time.

All InfoSec Reading Lists can be found here.

Best of Twitterverse


  • Applied Crypto Hardening – [pdf] – excellent pdf with advise about crypto in the real world – be aware of the release date, things could have changed since then – link
  • Apple in China: who holds the keys? – in most of the cases, the main issue about encryption nowadays is not the algorithm itself, but the key management – link
  • Progressing from tech to leadershiplink
  • Attack of the Week: Group Messaging in WhatsApp and Signal – analysis of attack discovered by my former prof + students – link
  • Information Security Assessment Types – excellent overview of the different types and their differences – link
  • Qubes Air: Generalizing the Qubes Architecture – discussion of aspects to get Qubes “cloud ready” – interesting times ahead in regards to Qubes – link
  • Air-Gap Research Page“This page is dedicated to air-gap jumping research”link
  • An Elegant Way to Ruin Your Company’s Day – Introduction to Public AWS EBS Snapshots – configuration mistakes on AWS can end badly, this does not only count for S3 but also for EBS – link
  • New EU Privacy Law May Weaken Security – discussion around GDPR and the impact on WHOIS records – link
  • Meltdown and Spectre: Security is a Systems Propertylink
  • Edward Snowden’s New App Uses Your Smartphone to Physically Guard Your Laptop – discussion around the “Haven” app – what is not discussed in the article is the fact that the usage of the app could be problematic in some countries due to privacy laws – link
  • Dark Caracal: State-Sponsored Spyware for Rent– hardware killswitches for sensors is a nice thing to have, unfortunately there is no market for it (yet) – link
  • Getting product security engineering right – “a comprehensive product security program should probably start with the assumption that no matter how many resources we have at our disposal, we will never be able to stay in the loop on everything that’s happening across the company”link
  • Hibernation and Page File Analysis – Not All is Lost When you Lose Your Memorylink

Layer 7

  • Understanding the Limitations of HTTPS “HTTPS is a necessary condition for secure browsing, but it is not a sufficient condition”link
  • “I figured out a way to hack any of Facebook’s 2 billion accounts, and they paid me a $15,000 bounty for it” – not blocking brute-force attempts on 6-digit login codes can end up badly – link


  • Living near forests has an unexpected benefit link
  • Life on Mars – 23 days in the Puna de Atacama – been there, done most of it – I can totally feel with these folks who were exposed to the extremes – link

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s