Infosec Reading List – October 2020

Waterfalls in Krka National Park

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security and Outdoor Sports.

All InfoSec Reading Lists can be found here.

Best of Twitterverse


  • German-made FinSpy spyware found in Egypt, and Mac and Linux versions revealed “While investigating this newly found FinSpy, we somewhat accidentally discovered an unrelated webserver which left exposed samples of FinSpy for Windows, Android as well as Mac OS and Linux, which were never previously reported on.”link
  • How to Destroy ‘Surveillance Capitalism’“We are living through a golden age of both readily available facts and denial of those facts.” – “But digital rights activism is right where it’s always been: looking out for the humans in a world where tech is inexorably taking over.”link
  • Inside Amazon’s Ring Alarm System “The following blog post details a complete teardown of the Ring security system base station and how I went about investigating the device. This blog is intended as a starting point for further research into Ring devices.”link
  • How Malicious Tor Relays are Exploiting Users in 2020 (Part I) “As far as I know this is the first time we uncovered a malicious actor running more than 23% of the entire Tor network’s exit capacity. That means roughly about one out of 4 connections leaving the Tor network were going through exit relays controlled by a single attacker.” – you should specifically read the section about what the attacker is actually exploiting – link
  • New Gentoo templates and maintenance infrastructure link
  • Breaking HTTPS in the IoT: Practical Attacks For Reverse Engineers – nice overview of MitM attacks – link
  • Hacker Jeopardy – nicely done – link
  • EU courts ban indiscriminate metadata collection and retention“We call on Switzerland to live up to its principles and do away with the data retention requirement.”link
  • Why Your iPhone Has So Many New Privacy Alerts in iOS 14link
  • Researchers Turn Comcast TV Remote Into Spying Device“Communications between the remote and the set-top box are encrypted, but the remote’s firmware failed to ensure that only encrypted responses were accepted for encrypted requests, allowing an attacker to send malicious responses in plain text.”link
  • Software AG hit with ransomware: Crooks leak staffers’ passports, want millions for stolen fileslink
  • Google Responds to Warrants for “About” Searches“After all, the only way to know who said a particular name is to know what everyone said, and the only way to know who was at a particular location is to know where everyone was. The very nature of these searches requires mass surveillance.” link
  • Cloudflare wants to run your web browser in the cloud – well, I’m not sure whether this is a clever idea from various perspectives – link
  • Discord Desktop app RCElink
  • Research: Can you build spyware for a Fitbit? link
  • Public dataset of Cloudtrail logs from“In order to advance research into AWS security, I’m releasing anonymized CloudTrail logs from”link
  • Open Source Intelligence Tools and Resources Handbook 2020 – [pdf] – link
  • After breach, Twitter hires a new cybersecurity chieflink
  • The Inside Story of How Signal Became the Private Messaging App for an Age of Fear and Distrust “But it is increasingly clear that among protesters, dissidents and investigative journalists, Signal is the new gold standard because of how little data it keeps about its users”link


  • Packrafting Belize: Caves, Waterfalls and Remote Jungle Paddling in the Land of the Mayalink
  • Wheelie walking trailers – some hiking trailer, cheaper than the Benpacker, with some interesting references – link

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s