Sunset in the desert

Infosec Reading List – April 2020

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security and Outdoor Sports.

All InfoSec Reading Lists can be found here.

Best of Twitterverse

tweet1

InfoSec

  • Who Stole My Stuff? Finding Out Who Is Behind A Website bad opsec – link
  • Voter list in huge data breach was compiled by the Labour Party – again, I question whether we as society are ready to accept the residual infosec risks of e-voting – link
  • CVE-2020-8816 Pi-hole Remote Code Execution – “When processing user input in the form of MAC addresses, the application does not adequately validate nor validate this input before reusing it in a shell command.” – link
  • Analysis of an attempted attack against Intel 471link
  • Dangerous Domain Corp.com Goes Up for Sale“Schmidt said he and others concluded that whoever ends up controlling corp.com could have an instant botnet of well-connected enterprise machines.”link
  • Experts uncovered hidden behavior in thousands of Android Apps“While input validation has been well studied in vulnerability discovery, in this paper we have demonstrated that input validation can also have another important application, namely exposing input-triggered secrets such as backdoors (e.g., secret access keys, master passwords, and secret privileged commands) and blacklists of unwanted items (e.g., censorship keywords, cyber-bulling expressions, and weak passwords).” the researchers conclude.”link
  • Forensics Report of the Berlin Kammergericht – [pdf] – link
  • Who Else is Blind to Chain-of-Commands | Adversary Technique“However, while both events share the same ParentProcessID of 12120, there isn’t any explicit indication that these commands were executed together as part of a chain-of-commands. Which I believe is an important context that is missing as it would not only stick-out during Incident Response/Hunt/Monitoring; especially if the system under investigation and has no business purpose to running such chain-of-commands.”link
  • Thousands of Zoom video calls left exposed on open Web“But because Zoom names every video recording in an identical way, a simple online search can reveal a long stream of videos elsewhere that anyone can download and watch.”link
  • Move Fast and Roll Your Own Crypto A Quick Look at the Confidentiality of Zoom Meetings“Zoom documentation claims that the app uses “AES-256” encryption for meetings where possible. However, we find that in each Zoom meeting, a single AES-128 key is used in ECB mode by all participants to encrypt and decrypt audio and video. The use of ECB mode is not recommended because patterns present in the plaintext are preserved during encryption.” – classic! – link
  • Does Zoom use end-to-end encryption?“TL;DR: It’s complicated.”link
  • Security and Privacy Implications of Zoom – Schneier with an overview on the Zoom discussion – link
  • Critical Security Flaw Found in WhatsApp Desktop Platform Allowing Cybercriminals Read From The File System Access“This was my full journey, all the way from a simple Open-Redirect, through a Persistent-XSS and a CSP-bypassing to a full Cross Platform Read from the File System plus potentially a Remote-Code-Execution”link
  • Joint Statement on Contact Tracing: Date 19th April 2020 – this is the elite in this field, if we don’t listen to them, the probability will be quite high that we get something in the end that we don’t want and that does not fulfill the intention – [pdf] – link
  • You’ve Got (0-click) Mail!link
  • Team Fortress 2 source code has leaked, and you can apparently get malware by playinglink

Outdoor

  • I Spent a Year in the Wilderness With My Wife, Here’s What I Learned About Isolation and Change – link
  • I Was Trapped in Quicksand for 12 Hours in a Blizzardlink
  • Top 10 tips to surviving self-isolation from a NASA spacesuit testerlink

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s