View from Heftihütte

Infosec Reading List – August 2020

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security and Outdoor Sports.

All InfoSec Reading Lists can be found here.

Best of Twitterverse




InfoSec

  • New ‘Meow’ attack has wiped over 1,800 unsecured databases –“Whoever is behind the ‘meow’ attacks is likely to keep on targeting unsecured databases, aggressively destroying them. Administrators should make sure that they expose only what needs to be exposed and make sure the assets are properly secured.” – although deleting data can be considered as a crime, affected entities should ask themselves whether they are a) more happy about the confidential data being deleted or b) getting blackmailed by an adversary and being responsible for harming customers due to loosing their data – since both options are not ideal: just don’t expose databases on the internet! – link
  • ‘World’s Most Wanted Man’ Involved in Bizarre Attempt to Buy Hacking Toolslink
  • Ebay is port scanning visitors to their website – and they aren’t the only ones – great review of the ebay portscanning case – link
  • DJI Privacy Analysis Validation – nice review of the DJI Android app – I loved the part where the DJI update, circumventing the official Google Play Store, was used to install the Haven app 😉 – link
  • Pandemic Elevates Security Chiefs to Corporate Leadership Roleslink
  • Pixel 4a is the first device to go through ioXt at launch “Trust is very important when it comes to the relationship between a user and their smartphone.” – I read this article first – link – and then right after it, this one here – linkWhoops, our bad, we may have ‘accidentally’ let Google Home devices record your every word, sound oopstrust doesn’t care whether you screw up infosec or privacy by default
  • Silicon Valley’s Vast Data Collection Should Worry You More Than TikTok“Silicon Valley and the NSA would love us to think that it’s who does the spying, not the spying itself, that’s the real problem.”link
  • Stopping phishing campaigns with bash – nice idea, we had this also 13 years agolink
  • The New Old Frontier of Interceptionlink
  • Cybersecurity and the Board : A Fresh Perspective?link
  • Certificate Transparency: a bird’s-eye viewlink
  • Piloting SecureDrop Workstation for Qubes OS“The goal of the project is to make the SecureDrop experience more intuitive, and to decrease the time-on-task for journalists, without compromising security.”link
  • How to Defend Against Pegasus, NSO Group’s Sophisticated Spyware – there are some interesting aspects in this article – while not being completely new, they are still valid and important from my perspective – “Device hardening can be achieved through the twin security principles of attack surface reduction and device compartmentalization.”“Use non-default browsers. According to a section titled ‘Installation Failure’ in the leaked Pegasus documentation, installation may fail if the target is running an unsupported browser” – while VPN is mentioned as a potential solution against network-based MitM-attacks, the article is also honest about the VPN cons – “However, if you use a VPN, your VPN provider has the ability to spy on your internet traffic so it’s important to pick a trustworthy one.”link
  • The Big Tesla Hack: A hacker gained control over the entire fleet, but fortunately he’s a good guy“At the time, I gave Hughes the VIN number of my own Tesla Model S, and he was able to give me its exact location and any other information about my own vehicle.” “After a few days, they fixed the entire bug chain the hacker exploited to remotely gain control of Tesla’s entire fleet.”link

Outdoor

  • We Quit Our Jobs to Build a Cabin – Everything Went Wrong link
  • Roland Banas Completes First Summer Crossing of Death Valleylink

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s