On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here.
Quotes from the Twitterverse
InfoSec
- An interesting Google vulnerability that got me 3133.7 reward. - putting GET-request data into POST-request fields is probably not the best idea - [link]
- GoogleMeetRoulette: Joining random meetings - [link]
- “I too like to live dangerously”, Accidentally Finding RCE in Signal Desktop via HTML Injection in Quoted Replies - [link]
- Catching phishing before they catch you - early phishing warning system based on certstream API, nice! - [link]
- Unauth meetings access - “When decoded this base64 string includes the phone number and the pin for the meeting” - [link]
- Password and Credential Management in 2018 - this article has indeed some interesting aspects that should be considered - “Before we send the username and password over the wire we perform a single SHA3-512 round on the plain-text password plus a unique name for our service” - “There is no way we could ever accidentally store the user’s plain-text password in our logging system, unlike GitHub and Twitter, which both admitted in May 2018, that they have found plain-text passwords in their logging systems.” - interesting thoughts, to ensure the plaintext password will never leave the client side - [link]
- IoT Pentesting 101 && IoT security 101 - [link]
- So, you want to be a darknet drug lord… - [link]
- Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges - “Next, call an endpoint (e.g., cgi_get_ssh_pw_status) that requires admin privileges and authenticate as admin by adding the cookie username=admin.” - [link]
- Local file inclusion at IKEA.com - “The used PDF library contains (hidden) functionality that allows one to embed files into the PDF by adding a specific tag in the template.” - [link]
- How I “found” the database of the Donald Daters App - [link]
- How I hacked modern Vending Machines - [link]
Outdoor
- Chile Opens 1,700-Mile Hiking Trail Connecting 17 National Parks - it needs to verified how much is really through-hiking here and how much needs to be done by car - [link]
- Ruta de Los Seis Miles, Sur - added to [todo] list - perhaps could even combined with the Chile Trails mentioned above? - some of these areas have already been covered by my previous trips - [link]
- Iceland Divide (North-South) - yet another entry on the [todo] list although I spent already 1 month in Iceland a few years ago - it’s definitively a place to go back - [link]