Infosec Reading List – February 2019
On a monthly basis I will publish my reading recommendations which mainly focus on Information Security and Outdoor Sports.
All InfoSec Reading Lists can be found here.
Best of Twitterverse
- The smaller, the better: Corporate CISOs turn to invite-only meetings to compare notes – “Corporate security executives are beginning to favor exclusive, invite-only meetings where they trade ideas with other security bosses on how to protect business secrets, mainly as a way to fight the fatigue that comes from an onslaught of sales pitches” – this is a no-brainer – link
- Remote Code Execution in apt/apt-get – this is not good – “The parent process will trust the hashes returned in the injected 201 URI Done response, and compare them with the values from the signed package manifest. Since the attacker controls the reported hashes, they can use this vulnerability to convincingly forge any package.” – this was a reason to put the discussion around “updates via TLS only” on fire again – and people are passionate about this topic as you can see here – check out what Qubes OS is doing about this – link
- How the U.S. Govt. Shutdown Harms Security – “If you are a hostile intelligence service human intelligence (HUMINT) targeting officer you are hoping this situation lasts a long time and has a multitude of unintended consequences affecting the cleared government employee population,” – governments nowadays have not an easy job in terms of retaining talent – this shutdown just further complicates a situation that already existed beforehand – link
- R.I.S.K.S. – Relatively Insecure System for Keys and Secrets for Qubes OS – an interesting writeup about a method to manage credentials and secrets also known in a relatively secure way within Qubes OS – link
- RaspberryPi NSM – A RaspberryPi 3 NSM (Network Security Monitor) based on Bro, Netsniff-NG, Loki and Critical Stack – nice – link
- When Security Researchers Pose as Cybercrooks, Who Can Tell the Difference? – link
- Cybersecurity Mental Health Warning — 1 In 6 CISOs Now Medicate Or Use Alcohol – not a surprise if you ask me – “So, where does this stress that is hitting the CISO so hard come from? Largely the lack of engagement with the C-Suite and the board would appear to be the answer. The Nominet research found that only 52% of CISOs felt executive teams valued the security team, at least from the revenue and brand protection perspectives.” – link – darkreading.com also has the story here – “More than half (57%) of the CISOs said a lack of resources is holding them back from implementing a more effective security posture, and 63% are having trouble recruiting the right people.” – well, you get what you pay for. The results can be found here [pdf] – important to note is that companies within the survey are coming basically from the US and UK industries.
- I scanned the whole country of Austria and this is what I’ve found – link
- I link therefore I am – privacy-preserving linking within Signal – link – automatic content linking can end up badly – see here – so what Signal does is the right step. You can even turn off the feature in general.
- Phone Hacks Or Intercepts: Bezos’, Pecker, Sanchez, MBS, A Pragmatic Approach – random thoughts on the Bezos phone compromise – link
- Day 9: OSINT Twitter Phone Enumeration – link
- OPSEC and 2020 – link
- Day 47: Using Bash to Automate Cracking Password Protected 7z files – link
- Forensic Examination Of Manipulated Email In Gmail – link
- How sloppy OPSEC gave researchers an inside look at the exploit industry – “Those government developers were testing out the WhatsApp malware on their own devices, and it was storing their discussions on the program’s servers.” – this is what ordinary industry people like me call “never store production data on test environments” – link
- Southern Vosges on snowshoes – link
- refuges.info – Refuges.info est un site web personnel et non commercial qui regroupe et présente des informations sur de nombreux refuges de montagne – link
- This is why you’re afraid: Notes on facing our fears during adventures – “Healthy fear is good. It reminds us that nature is exponentially more powerful than we will ever be, and it encourages us to be cautious. Imagine the trouble we’d get ourselves into if we really had no fear.” – link