Remnants from old times

Infosec Reading List – July 2019

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security and Outdoor Sports.

All InfoSec Reading Lists can be found here.

Best of Twitterverse

tweet1


tweet2


tweet3


tweet4


tweet5

InfoSec

  • JTAG on-chip debugging: Extracting passwords from memory link
  • The dots do matter: how to scam a Gmail user- link“The dots-don’t-matter feature should be disabled by default for any new Google accounts, and eventually retired.”link
  • Totally Pwning the Tapplock Smart Locklink + link
  • This psychologist explains why people confess to crimes they didn’t commit“My point with them was that they are going to be fooledthat confessions that look real can actually be false, even if they’re corroborated by informants and forensic science,” he says. “I wanted to let them know that alarm bells should go off when they see a confession case.”link
  • SKS Keyserver Network Under AttackThis attack cannot be mitigated by the SKS keyserver network in any reasonable time period. It is unlikely to be mitigated by the OpenPGP Working Group in any reasonable time period. Future releases of OpenPGP software will likely have some sort of mitigation, but there is no time frame. The best mitigation that can be applied at present is simple: stop retrieving data from the SKS keyserver network. – this sounds like pretty much game over – link
  • How To Blow Your Online Cover With URL Previews –  link
  • Apple App Site Association – the Apple-based robots.txt – link
  • Severe Ransomware Attacks Against Swiss SMEs – great report with various important aspects – e.g. the strong tendency to get rid of network segmentation is dangerous since it is an important additional control layer you can leverage in case your network is already infected. People tend to forget that in the ongoing “cloud hype”. Proper network segmentation is a powerful mechanism to slow down adversaries that are already running around in your environment – link
  • The Most Expensive Lesson Of My Life: Details of SIM port hack – loosing 100’000 USD through SIM port hacking – link
  • Helping organizations do more without collecting more data“Today, we’re rolling out the open-source availability of Private Join and Compute, a new type of secure multi-party computation (MPC) that augments the core PSI protocol to help organizations work together with confidential data sets while raising the bar for privacy.”link
  • How might we reimagine a more compelling and relatable visual language for cybersecurity? – there are folks out there that want to get rid of people in dark hoodies representing the infosec topic – link

Outdoors

  • The River of The Trembling Spirit An Unsupported Crossing of Iceland By Ski, Packraft and on Foot – nice multisport trip to Iceland – link
  • This porter has hiked the Inca Trail hundreds of times, but never seen Machu Picchulink
  • Shared Territory Iceland (film) – inspiring – reminds me of my time in Icelandlink
  • Iceland Traverse Diary from the Traillink

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s