Infosec Reading List – December 2020

"Füssener Hütte" in the rain

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security and Outdoor Sports.

All InfoSec Reading Lists can be found here.

Best of Twitterverse


  • Ok Google: please publish your DKIM secret keys“Solving this problem requires only a small additional element: Google needs to publish the secret key portion of its keypairs once they’ve been rotated out of service. They should post this secret key in an easily-accessible public location so that anyone can use it to forge alleged historical emails from any Google user. The public availability of Google’s signing key would make any new email leak cryptographically deniable. Since any stranger would have been able to forge a DKIM signatures, DKIM signatures become largely worthless as evidence of authenticity.” – I have my strong doubts that Google will do so and I can also imagine that there are some kind of legal challenges associated with it – link
  • German users targeted with Gootkit banker or REvil ransomwarelink
  • Ransomware-as-a-service: The pandemic within a pandemic“While incidents continue to come to light, there is a lot the cybersecurity industry doesn’t know: the volume of attacks, average cost of remediation and organizations who choose to stay silent once an attack has occurred.” link
  • Hunting for Malicious Packages on PyPI – great article, great writeup and clear way of addressing the issue, really enjoyed it – “I still don’t like that it’s possible to run arbitary commands on a user’s system just by them pip installing a package.”link
  • Qubes Survey: The Resultslink
  • Don’t Put It on the Internet: Tesla Backup Gateway Edition“In this edition, we address Tesla Backup Gateways and identify some key areas where Tesla could improve security and privacy to help customers protect themselves.”link
  • Important steps for customers to protect themselves from recent nation-state cyberattackslink
  • Why Soft Skills Are Key to Success in Tech And How to Develop Them – very much applicable to infosec! – “You need to be able to communicate what the problem is, what the solution you’re recommending is, and why it’s necessary  in terms your audience can understand.” – doing effective infosec work in multinational corporations isn’t relying on tech only – your tech skills will not leave a longterm impact in case you don’t communicate them properly – link
  • Solarwinds – the core topic in December 2020 – here are the articles I read – attribution is complicated, let’s just keep that in mind:
    Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoorlink
    Hackers last year conducted a ‘dry run’ of SolarWinds breachlink
    Scope of Russian Hack Becomes Clear: Multiple U.S. Agencies Were Hitlink
    SolarWinds’ shares drop 22 per cent. But what’s this? $286m in stock sales just before hack announced?link
    Customer Guidance on Recent Nation-State Cyber Attackslink
    The SolarWinds Orion SUNBURST supply-chain Attacklink
    SolarWinds hackers have a clever way to bypass multi-factor authenticationlink
    Self-Delusion on the Russia Hack – this article contains an interesting perspective that should not be forgotten in this whole blame game – “The U.S. government has no principled basis to complain about the Russia hack, much less retaliate for it with military means, since the U.S. government hacks foreign government networks on a huge scale every day.”link
    Russia’s SolarWinds Attack“And since this Russian operation isn’t at all targeted, the entire world is at risk — and not just from Russia. Many countries carry out these sorts of operations, none more extensively than the US.” – “The reason is that, by international norms, Russia did nothing wrong. This is the normal state of affairs. Countries spy on each other all the time. There are no rules or even norms, and it’s basically “buyer beware.”” – “If anything, the US’s prioritization of offense over defense makes us less safe.”link
    Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers “Evidence suggests that as early as October 2019, these attackers have been testing their ability to insert code by adding empty classes.” – “All these inspections are carried out to avoid exposing the malicious functionality to unwanted environments, such as test networks or machines belonging to SolarWinds.”link
  • Signal App Crypto Cracked, Claims Cellebrite – bad marketing if you ask me – link – and yes, here is the official answer from Signal – link
  • A Watch, a Virtual Machine, and Broken Abstractionslink
  • An exploration of the cybercrime ecosystem around Shodanlink
  • China Used Stolen Data to Expose CIA Operatives in Africa and Europe“Today, the data-driven nature of everyday life creates vast clusters of information that can be snatched in a single move and then potentially used by Beijing to fuel everything from targeting individual American intelligence officers to bolstering Chinese state-backed businesses.” – this is not limited to US vs China – it affects all nations and people – link
  • Device and Data Access when Personal Safety is At Risk – official Apple guidance – link
  • Mobile Networks Are A Trash Fire – Exhibit Nr. 16384“Above all, a more dedicated debate around the oversight and accountability of mobile network operators is long overdue. They are no longer “just” carriers of our phone conversations, but have become gatekeepers of our digital identities too.”link


  • Under the Open Skieslink

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s