On the cross-country trail

Infosec Reading List – February 2021

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security and Outdoor Sports.

All InfoSec Reading Lists can be found here.

Best of Twitterverse




InfoSec

  • Getting Started With Overpass Turbo – Part 1“The OSM database can be queried via an API called Overpass. It’s very powerful but it isn’t very beginner friendly and constructing queries requires a little coding knowledge.”link
  • The Risks of SSL Inspection – article from 2015, but still applicable today – link
  • Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies – great idea which obviously made the author quite rich in terms of bugbounty money – the approach clearly shows the weak relationship we have with 3rd party software – pip install triggers a complete chain of trust relationship that you need to trust by default – we don’t need Solarwinds in order to be afraid of supply chain attacks – link
  • Getting Started With Overpass Turbo – Part 2link
  • Running a fake power plant on the internet for a month“I decided to simulate a programmable logic controller, or PLC for short. In particular, a PLC that acts like a value regulator in a nuclear installation.” – check out the results of this exercise – link
  • A Rare Look Inside a Cryptojacking Campaign and its Profit link
  • Stealing Your Private YouTube Videos, One Frame at a Time“Looking at the proxy logs, every time I “marked a moment”, a POST request was made to a /GetThumbnails endpoint, with a body which included a video ID”link
  • NAS Forensics: Synology, ASUSTOR, QNAP, TerraMaster and Thecus Encryption Compared“Just like everyone else, Synology relies on “security through obscurity”, hiding the location of the encryption keys if these are stored on the disk volume, and using a fixed wrapping passphrase “$1$5YN01o9y”.”link
  • National Security Risks of Late-Stage Capitalism“Like all for-profit corporations, SolarWinds aims to increase shareholder value by minimizing costs and maximizing profit.” – “There are two problems to solve. The first is information asymmetry: buyers can’t adequately judge the security of software products or company practices. The second is a perverse incentive structure: the market encourages companies to make decisions in their private interest, even if that imperils the broader interests of society.”link
  • Book Review: “This Is How They Tell Me the World Ends”link

Outdoor

  • Silence is an endangered species: How the pandemic has helped our quiet places“Get yourself a microphone. Get in to a natural environment and notice how you feel. This is what I call ‘adventure listening’, because you don’t know what you’re going to hear when you get there.”link
  • Great Survival Stories: The Lykov Family Survives 40 Years in Siberialink

One thought on “Infosec Reading List – February 2021”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s