Somewhere in India

Infosec Reading List – June 2019

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security and Outdoor Sports.

All InfoSec Reading Lists can be found here.

Best of Twitterverse

Tweet5


Tweet1


Tweet2


Tweet3


Tweet4

InfoSec

  • My paranoia phone wishlist – interesting discussions around different features on mobile devices that are more or less useful for paranoid people – link
  • IoT Research @ Princeton – sounds interesting and quite simple: they do ARP spoofing on potential devices and then analyze the traffic – the idea is nice and probably helpful for a lot of people, but be aware that data get uploaded to Princeton servers – link
  • Throwing 500 vm’s at your fuzzing target being an individual security researcher – make it run on one machine – then scale up – link
  • Private Search Engines The Ultimate Guide – extensive discussion of search engines that respect your privacy – link
  • A Kompromat Mystery – Collapsing the Austrian government with a video link
  • The Hacking Supergroup That Counts Beto O’Rourke as One of Its Own“She thinks we’re this righteous politicized hacking machine out for world peace or somethin’. … Anyway we’re gonna get a lot of miles outa this baby.”link
  • Google confirms that advanced backdoor came preinstalled on Android devices“The apps were downloaded from the C&C server, and the communication with the C&C was encrypted using the same custom encryption routine using double XOR and zip,” Siewierski wrote. – double XOR encryption? I hope they will change the keys between the 1st and 2nd encryption? – link
  • Report: No ‘Eternal Blue’ Exploit Found in Baltimore City Ransomware “Almost two months passed between the release of fixes for the EternalBlue vulnerability and when ransomware attacks began,” Microsoft warned. “Despite having nearly 60 days to patch their systems, many customers had not. A significant number of these customers were infected by the ransomware.” link
  • Information Security Mental Modelslink
  • Know Your Limitations“If you can’t patch a two-year-old vulnerability prior to exploitation, or detect an intrusion and respond to the adversary before he completes his mission, then you are demonstrating that you need to change your entire approach to information technology.”link
  • Zero-day attackers deliver a double dose of ransomware – no clicking requiredThe attackers send vulnerable servers a POST command that contains a PowerShell command that downloads and then executes a malicious file called “radm.exe.” Besides PowerShell, attackers also exploit CVE-2019-2725 to use the Certutil command-line utility. Other files that get downloaded and executed include office.exe and untitled.exe. – this is huge, however the bitcoin address did not receive any payments until today (10th of June 2019) – link
  • U.S. Customs and Border Protection says photos of travelers were taken in a data breachCivil rights and privacy advocates also called the theft of the information a sign that the government’s growing database of identifying imagery had become an alluring target for hackers and cybercriminals.link
  • Bose headphones spy on listeners: lawsuitBut the Illinois resident said he was surprised to learn that Bose sent “all available media information” from his smartphone to third parties such as Segment.io, whose website promises to collect customer data and “send it anywhere.”link
  • Should Failing Phish Tests Be a Fireable Offense?link
  • Vim/Neovim Arbitrary Code Execution via Modelines – nice one – link
  • Your threat model is wronglink
  • The Dark Forest Theory of the InternetIf the dark forest isn’t dangerous already, these departures might ensure it will be.link
  • The new CISO – Leading the strategic security organization – [PDF] – link

Outdoors

  • Scene report from the Chernobyl Zone – interesting insights from a travel to the death zone – “We found the stadium, which underscores the vibe of the entire place: where the crumbling empty stands should look out onto the pitch, there is only forest. Standing in the bleachers, listening to the Pripyat municipal overture of resounding bird song, the only thing we could do was stare out at the trees and wonder “how long until New York looks like this?”” – “The reason it’s so beautiful and so peaceful is precisely because we can’t consume it. Like, perhaps, all real paradises everywhere.”link
  • “I chose life,” Amanda Eller recovers in hospital after two week survival in forestlink
  • Kit List for Thru-Hiking the Iceland Traverselink
  • A Conversation with Luke Smithwick: The Most Prolific Himalayan Climber You’ve Never Heard Oflink
  • The woman who went around the world in 80 trains“Train windows offer you a slideshow of images as you slip from one city to the next, all the while forming a close-knit relationship with those around you,”link

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s