Infosec Reading List – March 2021
On a monthly basis I will publish my reading recommendations which mainly focus on Information Security and Outdoor Sports.
All InfoSec Reading Lists can be found here.
Best of Twitterverse
- At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software – “If these numbers are in the tens of thousands, how does incident response get done? There are just not enough incident response teams out there to do that quickly.” – link
- Google’s FLoC Is a Terrible Idea – “Users and advocates must reject FLoC and other misguided attempts to reinvent behavioral targeting. We implore Google to abandon FLoC and redirect its effort towards building a truly user-friendly Web.” – “This means every site you visit will have a good idea about what kind of person you are on first contact, without having to do the work of tracking you across the web.” – “The power to target is the power to discriminate.” – link
- How Netflix’s Customer Obsession Created a Customer Obsession – this topic is more important for infosec than most of the people would think – it’s about service mindset and delivering infosec services to stakeholders – link
- How I Might Have Hacked Any Microsoft Account – “Putting all together, an attacker has to send all the possibilities of 6 and 7 digit security codes that would be around 11 million request attempts and it has to be sent concurrently to change the password of any Microsoft account (including those with 2FA enabled).” – 50K bugbounty caused by buggy password reset function on Microsoft side, MFA does not protect you – link
- How the United States Lost to Hackers – refreshing honest article – “You might think you’re a patriot now, he wanted to warn them, but one day soon you too could wake up and find you’re just another mercenary in a cyber arms race gone horribly wrong.” – “We thought we could outsmart our enemies. More hacking, more offense, not better defense, was our answer to an increasingly virtual world order, even as we made ourselves more vulnerable, hooking up water treatment facilities, railways, thermostats and insulin pumps to the web, at a rate of 127 new devices per second.” – link
- Return on Investment for Security – important discussion that is not that easy as it seems, the more we go into the details. For that, you need to follow the money into the rabbit hole. I guess we should even focus more on the ROI aspects as an infosec industry. Risk reduction is a ROI, but how does it happen? Via which service / technology? And what $ figure is related to it? – “We should strive to make the risk mitigating steps we take to be cost effective and efficient and to raise the baseline by reducing the unit cost of control.” – link
- Why the FBI can’t get your browsing history from Apple iCloud (and other scary stories) – ask yourself, before you even think about all the risks you potentially sign off: “Do I really need this?”. I would say that in a majority of cases the answer is “no”. – link
- Has outdoor culture become too detached from nature? – “In recent years, I’ve seen more evidence that the world of ‘the outdoors’ seems to be gradually drifting away from that fundamental appreciation for nature.” – important article with an important topic which we tend to forget – link
- New Baltic Mega-Trail Opens – added to my bucket list – link