Infosec Reading List – January 2021
On a monthly basis I will publish my reading recommendations which mainly focus on Information Security and Outdoor Sports.
All InfoSec Reading Lists can be found here.
Best of Twitterverse
- Nintendo Conducted Invasive Surveillance Operation Against Homebrew Hacker – link
- SAD DNS Explained – link
- Ubiquiti says customer data may have been accessed in data breach – I still struggle to understand why we need online, cloud-based accounts for local WIFI hardware – do we really need to put everything on the Internet simply because we can? – link
- My current setup with ArchLinuxARM/DanctNIX mobile – link
- Dozens of journalists’ iPhones hacked with NSO ‘zero-click’ spyware, says Citizen Lab – “… that exploited a now-fixed vulnerability in Apple’s iMessage. The attack invisibly compromised the devices without having to trick the victims into opening a malicious link.” – link
- Default Credentials Cheat Sheet – link
- Qubes Network viewer – nice try based on qvm-ls output via dom0 – see discussion here and source code here
- Security Leadership: Moving On – “In Security and leadership roles in general, there will always be more work to be done. It’s not a sprint, or a marathon, or a 100-mile endurance race.” – link
- New campaign targeting security researchers – link – link – link
- Most Tools Failed to Detect the SolarWinds Malware. Those That Did Failed Too – there is a lot of truth in this article and I’m sure that the security industry sales machinery won’t like it but we need to get over it to do better next time – “APTs, as they are known in the trade, are all over the marketing campaigns of every major cybersecurity vendor. And yet, apparently, the actors behind the SolarWinds hack easily evaded them all.” – “What finally led to the discovery of the intruder at FireEye was not any detection system but some good old fashioned detective work by a system administrator who investigated a failed attempt to add a device for multifactor authentication.” – link