On a monthly basis I will publish my reading recommendations which mainly focus on Information Security and Outdoor Sports – but you will also find other recommendations from time to time.

All InfoSec Reading Lists can be found here.

Best of Twitterverse

InfoSec

• An interesting Google vulnerability that got me 3133.7 reward. – putting GET-request data into POST-request fields is probably not the best idea – link
• GoogleMeetRoulette: Joining random meetings – link
• Accidentally Finding RCE in Signal Desktop via HTML Injection in Quoted Replies – “Much like innerHTML, use of dangerouslySetInnerHTML is, well, dangerous and can cause lead to XSS like what occurred in the Signal Desktop app.” – link
• Catching phishing before they catch you – early phishing warning system based on certstream API – nice – link
• Unauth meetings access – “When decoded this base64 string includes the phone number and the pin for the meeting” – link
• Password and Credential Management in 2018 – this article has indeed some interesting aspects that should be considered – “Before we send the username and password over the wire we perform a single SHA3-512 round on the plain-text password plus a unique name for our service” –  “There is no way we could ever accidentally store the user’s plain-text password in our logging system, unlike GitHub and Twitter, which both admitted in May 2018, that they have found plain-text passwords in their logging systems.” – interesting thoughts – to ensure the plaintext password will never leave the client side – link
• IoT Pentesting 101 && IoT security 101 – link
• So, you want to be a darknet drug lord… – link
• Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges – “Next, call an endpoint (e.g., cgi_get_ssh_pw_status) that requires admin privileges and authenticate as admin by adding the cookie username=admin.” – link
• Local file inclusion at IKEA.com – “The used PDF library contains (hidden) functionality that allows one to embed files into the PDF by adding a specific tag in the template.” – link
• RCE by uploading a web.config – link
• How I “found” the database of the Donald Daters App – link
• How I hacked modern Vending Machines – link

Outdoors

• Chile Opens 1,700-Mile Hiking Trail Connecting 17 National Parks – it needs to verified how much is really through-hiking here and how much needs to be done by car – link – link
• Ruta de Los Seis Miles, Norte – added to bucket list – perhaps could even combined with the Chile Trails mentioned above? – some of these areas have already been covered by my previous trips – link norte – link sur
• Iceland Divide (North-South) – yet another entry on the bucket list although I spent already 1 month in Iceland a few years ago – it’s definitively a place to go back – link