View from Fuerstein towards South-West

Infosec Reading List – May 2020

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security and Outdoor Sports.

All InfoSec Reading Lists can be found here.

Best of Twitterversetweet1


tweet5


tweet4


tweet3


tweet2

InfoSec

  • Simple Remote Code Execution Vulnerability Examples for Beginnerslink
  • GDPR.EU has er… a data leakage issue“It’s an old one: the /.git/ folder is world readable.”link
  • Signal Is Finally Bringing Its Secure Messaging to the Masses“I’d like for Signal to reach billions of users. I know what it takes to do that.” – this is the dilemma: with increasing popularity and market share, the demand to build in backdoors will increase. So being the underdog not only has disadvantages – it also allows to fly under the radar of specific groups that cry for backdoors since years. In case Signal is crossing that line, it needs to navigate new challenges. – link
  • Imperva WAF Bypasslink
  • Be careful what you OSINT withlink
  • Me on COVID-19 Contact Tracing Apps“The end result is an app that doesn’t work. People will post their bad experiences on social media, and people will read those posts and realize that the app is not to be trusted. That loss of trust is even worse than having no app at all.”link
  • Contact Tracing in the Real World – another interesting article to consider from Ross Anderson this time – “What we need is a radical redistribution of resources from the surveillance-industrial complex to public health.” – “We must call out bullshit when we see it, and must not give policymakers the false hope that techno-magic might let them avoid the hard decisions.”link
  • Warning Over Chinese Mobile Giant Xiaomi Recording Millions Of People’s ‘Private’ Web And Phone Use“… it recorded all the websites he visited, including search engine queries whether with Google or the privacy-focused DuckDuckGo, and every item viewed on a news feed feature of the Xiaomi software.”“The device was also recording what folders he opened and to which screens he swiped, including the status bar and the settings page.”link – Xiaomi’s press response which is interesting to read as well – link
  • Phishing Attackers Targeting Webmasterslink
  • DNS-over-HTTPS causes more problems than it solves, experts say – “The general idea is that DNS-over-HTTPS isn’t what many have thought. It doesn’t actually protect users from having their web traffic snooped, and it’s not really that useful for dissidents in dangerous countries.”link
  • First seen in the wild Malware uses Corporate MDM as attack vector“This is the first time we have a reported incident of lateral movement inside a corporate network that utilizes the MDM server as a means of spreading.”link
  • The Six Dumbest Ideas in Computer Security – this is a great article from 2005 which is still pretty actual today – for instance: penetrate and patch is still done today since we haven’t achieved yet the “security by design” stage for most of the stuff that mankind is building today. Additionally, various expectations the author stated have not been fulfilled – instead, things got into the opposite direction (#hacking is cool, #educating users). – link
  • Tracking REvil“This blog describes our efforts in tracking the REvil ransomware and its affiliates for the past six months. REvil has been around since 2019 and is one of the top variants of ransomware causing havoc at many organizations around the globe ever since.”link
  • CISSP Qualification Given Equal Status to Master’s Degree“The Certified Information Systems Security Professional (CISSP) certification has been officially recognized as equivalent to a master’s degree across Europe.” – as you can imagine, this message got strong rejection throughout the community – link – here link is a different perspective on the situation – “it’s an entry level certification that doesn’t require a college degree, and teaches students only familiarity with buzzwords used in the industry rather than the deeper level of understanding of how things work.”
  • It’s Time to Get Back Into RSS “It was a direct connection between creators and consumers. By adding someone’s feed to your RSS reader you were saying, “Yes, I’d like to subscribe to your interpretation of reality.”” – “First, they broke the direct connection between the reader and the creator …” – “With RSS you get the content itself, which your reader can choose to display in different ways. Advertisers hate that.” – great article which I can support 100% – I never moved away from RSS and I would be more than happy to see a new rise of this great piece of technology in the future – link
  • The Secret Life Of JPEGslink
  • Who Is Dmitry Badin, The GRU Hacker Indicted By Germany Over The Bundestag Hacks?link
  • Graph Non Time Series Data in Grafana! How? – great article on the power of Grafana for non-time series visualization – link

Outdoor

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s