View on Rapadalen

Infosec Reading List – January 2019

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security and Outdoor Sports.

All InfoSec Reading Lists can be found here.

Best of Twitterverse

tweet5


tweet4


tweet3


tweet2


tweet1

InfoSec

  • Head-to-head evaluation of six password managers – there are plenty of password managers out there and hence it’s getting more complicated to stay on top of them – link
  • Reading ASP secrets for $17,000link
  • Kubernetes being hijacked worldwide – external facing APIs / admin panels are generally a bad idea – reduce your attack surface – link
  • Persistent XSS (unvalidated Open Graph embed) at LinkedIn.comlink
  • Can’t unlock an Android phone? No problem, just take a Skype call: App allows passcode bypass – design issue by Microsoft – fixed in the latest version – link
  • Notes about hacking with drop toolslink
  • Setback in the outback – Signal Team on the latest political movements in Australia – link
  • Inside an Epic Hotel Room Hacking Spree – fascinating story about a hotel hacking guy exploiting a published vulnerabilities in hotel doors in order to steal stuff from guests – we will see and read these kind of stories more often in the upcoming decades simply due to the fact that we connect more and more of our daily life to the Internet or simply “digitize” the processes (as has happened with the hotel room locks in the story above). What has been digitized, can be pwned – link
  • A Chief Security Concern for Executive TeamsThe reality among high-tech firms that make up the top 50 companies in the NASDAQ market was even more striking: Fewer than half listed a CTO in their executive ranks, and I could find only three that featured a person with a security titlelink
  • Windows 10 on Qubes OS 4.0link
  • NSA poster from the 50s and 60s – they contain a very specific sense of humor if you ask me – link
  • Password Tips from a Pen Tester: Are 12-Character Passwords Really Stronger, or Just a Dime a Dozen?link
  • Third-party Questionnaires Are Security Theater – there are a lot of true words in this article, however it fundamentally lacks alternatives or solutions – what to do instead of using 3rd party questionnaires? What’s the alternative? – link
  • North Korean hackers infiltrate Chile’s ATM network after Skype job interview“the Redbanc employee was asked to download, install, and run a file named ApplicationPDF.exe, a program that would help with the recruitment process and generate a standard application form. … The Redbanc incident is yet another example of how one worker clicking on the wrong link or running the wrong file can result in a major security breach, and how one hacked PC or laptop can lead to an entire network getting compromised.” link
  • Day 12: 10 Reasons Why Security Sucks – a lot of good arguments and aspects to consider – link
  • Hacking Fortnite Accounts – great combination of various web-based attacks – link

Outdoors

  • Meet the Man Who Has Lived Alone on This Island for 28 Years – “Solitude can be stressful for members of technologically advanced societies who have been trained to believe that aloneness is to be avoided,” explains Pete Suedfeld in Loneliness: A Sourcebook of Current Theory, Research and Therapy link
  • The Gear That Propelled Colin O’Brady Across Antarcticalink
  • OPINION: The Trouble with Social Media in the Outdoors – “If you are an outdoor ‘brand ambassador’, an ‘influencer’ or a ‘professional adventurer’, your outdoor ethos cannot be based on what is appropriate for you alone, or for the lone adventurer persona you present to the world; it needs to be based on what is appropriate for you accompanied by your 300k, or whatever, followers. …All in all, I think rather than getting us closer together, helping us understand each other, social media tends to drive us apart.” – this is an important article describing the issues of our time in regards to follower, brand ambassadors and the final victim of this whole madness: mother nature – link

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s