Infosec Reading List – February 2021
On a monthly basis I will publish my reading recommendations which mainly focus on Information Security and Outdoor Sports.
All InfoSec Reading Lists can be found here.
Best of Twitterverse
- Getting Started With Overpass Turbo – Part 1 – “The OSM database can be queried via an API called Overpass. It’s very powerful but it isn’t very beginner friendly and constructing queries requires a little coding knowledge.” – link
- The Risks of SSL Inspection – article from 2015, but still applicable today – link
- Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies – great idea which obviously made the author quite rich in terms of bugbounty money – the approach clearly shows the weak relationship we have with 3rd party software – pip install triggers a complete chain of trust relationship that you need to trust by default – we don’t need Solarwinds in order to be afraid of supply chain attacks – link
- Getting Started With Overpass Turbo – Part 2 – link
- Running a fake power plant on the internet for a month – “I decided to simulate a programmable logic controller, or PLC for short. In particular, a PLC that acts like a value regulator in a nuclear installation.” – check out the results of this exercise – link
- A Rare Look Inside a Cryptojacking Campaign and its Profit – link
- Stealing Your Private YouTube Videos, One Frame at a Time – “Looking at the proxy logs, every time I “marked a moment”, a POST request was made to a /GetThumbnails endpoint, with a body which included a video ID” – link
- NAS Forensics: Synology, ASUSTOR, QNAP, TerraMaster and Thecus Encryption Compared – “Just like everyone else, Synology relies on “security through obscurity”, hiding the location of the encryption keys if these are stored on the disk volume, and using a fixed wrapping passphrase “$1$5YN01o9y”.” – link
- National Security Risks of Late-Stage Capitalism – “Like all for-profit corporations, SolarWinds aims to increase shareholder value by minimizing costs and maximizing profit.” – “There are two problems to solve. The first is information asymmetry: buyers can’t adequately judge the security of software products or company practices. The second is a perverse incentive structure: the market encourages companies to make decisions in their private interest, even if that imperils the broader interests of society.” – link
- Book Review: “This Is How They Tell Me the World Ends” – link
- Silence is an endangered species: How the pandemic has helped our quiet places – “Get yourself a microphone. Get in to a natural environment and notice how you feel. This is what I call ‘adventure listening’, because you don’t know what you’re going to hear when you get there.” – link
- Great Survival Stories: The Lykov Family Survives 40 Years in Siberia – link