Infosec Reading List – March 2019

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security and Outdoor Sports.

All InfoSec Reading Lists can be found here.

Best of Twitterverse

tweet4


tweet5


tweet3


tweet2


tweet1

InfoSec

  • 2019 OSINT Guidelink
  • Offensive testing to make Dropbox (and the world) a safer place“This post will focus on our Offensive Security team. These are the people that leverage real-world adversarial techniques to test and improve the effectiveness of our security program at Dropbox.”link
  • We’re Heading for Something Ugly in 2020link
  • How Surveillance Inhibits Freedom of Expression“We don’t yet know which subversive ideas and illegal acts of today will become political causes and positive social change tomorrow, but they’re around. And they require privacy to germinate.”link
  • Google Home (in)Security – IoT, where the s stands for security – link
  • Tips For Getting the Right IT Joblink
  • Neuroscientists Say They’ve Found an Entirely New Form of Neural Communicationlink
  • Yes, “algorithms” can be biased. Here’s why “This is what’s important: machine-learning systems—”algorithms”—produce outputs that reflect the training data over time. If the inputs are biased (in the mathematical sense of the word), the outputs will be, too.”link
  • Serious FaceTime bug allows you to listen remotely before anyone answers — Apple to fix ‘later this week’link
  • $1.000 SSRF in Slacklink
  • Safety warning: if you use Skype, your contacts may now be exposed – “As of a couple of days ago, the new Skype tells other people how many contacts you have in common. It also offers your contacts as potential new contacts to everyone else in your contact book. This is a surprisingly serious privacy breach.”link
  • The Rise of the Corporate Technology Ecosystem (CTE)link
  • Anatomy of a sextortion scamlink
  • The curious case of the Raspberry Pi in the network closetlink
  • Insecure default DisposableVM networking configuration – “In Qubes OS, one can attempt to limit the network access of a qube by either completely disconnecting it from any NetVM or by setting its firewall rules to disallow access. A malicious qube can circumvent these limits by launching a DisposableVM, which, in the default
    configuration, would have unrestricted network access.” – link
  • It’s Impossible to Prove Your Laptop Hasn’t Been Hacked. I Spent Two Years Finding Out. – “For the last two years, I have carried a “honeypot” laptop with me every time I’ve traveled; this computer was intended to attract (and then detect) tampering. If any hackers, state-sponsored or otherwise, wanted to hack me by physically messing with my computer, I wanted to not only catch them in the act, but also gather technical evidence that I could use to learn how their attack worked and, hopefully, who the attacker was.”link
  • A basic question about TCPlink
  • An Unstoppable Predictions Marketplace  Introducing Erasurelink
  • Revolut insiders reveal the human cost of a fintech unicorn’s wild rise – I have strong doubts that this is a successful strategy to retain talent from a longterm perspective – link
  • Security Things to Consider When Your Apartment Goes ‘Smart’link
  • Traversing the Path to RCElink
  • Analysis: How data breaches affect stock market share prices (2018 update)We analyzed the closing share prices of 24 companies, all of them listed on the New York Stock Exchange, starting the day prior to the public disclosure of their respective data breaches. Included are many of the largest data breaches in history; all of them resulted in at least 1 million records leaked, and some surpassed 100 million. Some companies were breached more than once, for a total of 28 breaches analyzed.link
  • How I abused 2FA to maintain persistence after a password change (Google, Microsoft, Instagram, Cloudflare, etc)link
  • My Reflections on the 2019 RSA Conference“This trend of focusing on tech rather than customer problems extends, I think, to vendor-invented personas, as well.” … “Speaking into a warm and fuzzy echo chamber isn’t thought leadership; bravely challenging the status quo, armed with evidence, is.”link

Outdoors

  • Unsupported Solo Death Valley Crossing Trip Reportlink
  • 50 Epic Adventure Quotes To Kick You Off Your Couchlink
  • How To Choose Yourself: A Guide For The Chronically Interruptedlink
  • Something’s Happening In The World Of Adventure. And I’m Not Sure I Like It – “Listen. I am a dreamer. I spend inordinate amounts of time imagining journeys I might take. They are idealistic dreams, always more colourful and dramatic than any adventure ever really is. It’s an unashamedly pleasurable thing. Best of all, dreaming costs nothing.” … “When the dust settles, of course, the spirit of adventure will remain standing, because it is defined by what it inside of us, rather than going on around us.”link

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s