The White Desert - Egypt

Infosec Reading List – January 2020

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security and Outdoor Sports.

All InfoSec Reading Lists can be found here.

Best of Twitterverse

tweet-1


tweet-2


tweet-3


tweet-4


tweet-5

InfoSec

  • Wifi deauthentication attacks and home security – kicking surveillance cameras out of the network using deauthentication frames – link
  • Yet Another Librem 5 and PinePhone comparison – while not all of the steps these products are taking make sense to me, I strongly believe that they will play an important role in the future to get mobiles to the market that people can use in a sustainable but secure way – this is not the case today with the core global players that we are all using – link
  • We’re telling Google: privacy shouldn’t be a luxury“But, at the moment, many Android Partners are manufacturing or selling devices that contain pre-installed apps that cannot be deleted (often known as “bloatware”), which can leave users vulnerable to their data being collected, shared and exposed without their knowledge or consent.” – see link above, that’s the reason why it is important to support free alternatives that do not have a financial model as first priority – link
  • Sometimes once is better than a lifetime“Today’s beta releases of Signal for Android and iOS include a new way to send individual photos and videos that are automatically removed from a conversation thread after they have been viewed.” – be aware that a similar feature has already been available in Signal since years: automatically removing messages after hours/days etc. – why is this so important? Because it’s a different mindset than most of the messengers offer today: don’t store everything but focus on the stuff that is really needed – link
  • Tricky Phish Angles for Persistence, Not Passwords – interesting approach: not phishing for passwords, but phishing for approval – link
  • Getting Serious About Open Source Security“No, really. Every time you pip install, go get, or mvn fetch something, you’re doing the equivalent of plugging a thumb drive you found on the sidewalk into your production server.”link
  • Hackers hit Norsk Hydro with ransomware. The company responded with transparencylink
  • Sodinokibi Ransomware Publishes Stolen Data for the First Time“Expect to see more ransomware operators begin to use stolen data as leverage for payments soon as it becomes the norm in attacks.”link
  • Hacking ‘Docker’, the Shodan way! “In all, the learning is to never expose your docker host API over the public. By default, it doesn’t have any authentication.”link
  • Top Five Ways I Got Domain Admin on Your Internal Network before Lunch (2018 Edition)link
  • Cyber Attack Trends: 2019 Mid-Year Report – sometimes it’s interesting to look back and compare today vs the past – [pdf] – link
  • Before You Use a Password Manager – an extensive view on using password managers – link
  • Technical Report of the Bezos Phone Hacklink
  • The Loss Of Micro-Privacy – a great article about the evolution of chat programs and their small little impact on privacy – “Read receipts aren’t about informing us whether our message was successfully delivered. They’re about offering us a glimpse into another person’s life. And while we’ve come to accept them as a constituent of modern messaging apps, time will tell whether they’ll remain so.” – “It’s knowing you can go online without having to fear what our online status may reveal about you. It’s about liking someone’s photo without the anxiety of being called out for it. And above anything, it’s about reading a message, without feeling guilty of not sending an immediate response.”link
  • Big Game Ransomware being delivered to organisations via Pulse Secure VPNlink
  • Brief Analysis of the FDLP.gov Defacelink
  • Deep Dive in to Citrix ADC Remote Code Execution, CVE-2019-19781link

Outdoors

  • The Single Mom Who Became An Arctic Robinson Crusoelink
  • How to Stop Freaking Out and Tackle Climate Change“My point is that the climate crisis is not going to be solved by personal sacrifice. It will be solved by electing the right people, passing the right laws, drafting the right regulations, signing the right treaties and respecting those treaties already signed, particularly with indigenous nations. It will be solved by holding the companies and people who have made billions off our shared atmosphere to account.”link

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s