Infosec Reading List – November 2021
On a monthly basis I will publish my reading recommendations which mainly focus on Information Security and Outdoor Sports.
All InfoSec Reading Lists can be found here.
Best of Twitterverse
- Why You Should Delete Google Chrome On Your Phone – link
- Trojan Source – “Rather than inserting logical bugs, adversaries can attack the encoding of source code files to inject vulnerabilities.” – link
- New Qubes application menu – link
- Vizio makes more money spying on people who buy TVs than it does on TVs themselves – “The catch is that they’re only profitable if the true costs of behavioral ads – privacy invasions, breaches and worse – are priced into the model. In other words, data is only “the new oil” if someone else pays for the oil spills. Otherwise, it’s the new oily rag.” – link
- HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks – link
- American spy hacked Booking.com, company stayed silent – link
- Firefox vs Chromium – discussion around sandboxing and exploit mitigations – link
- Behind NATO’s ‘cognitive warfare’: Western militaries are waging a ‘battle for your brain’ – “The brain will the battlefield of the 21st century,” the report stressed. “Humans are the contested domain,” and “future conflicts will likely occur amongst the people digitally first and physically thereafter in proximity to hubs of political and economic power.” – “In a chilling disclosure, the report stated explicitly that “the objective of Cognitive Warfare is to harm societies and not only the military.”” – link
- How I learned to stop worrying (mostly) and love my threat model – “In the most basic sense, threat models are a way of looking at risks in order to identify the most likely threats to your security.” – link
- Ubiquiti Developer Charged With Extortion, Causing 2020 “Breach” – “… because his Internet connection briefly failed on several occasions while he was downloading the Ubiquiti data. Those outages were enough to prevent Sharp’s Surfshark VPN connection from functioning properly — thus exposing his Internet address as the source of the downloads.” – OPSEC is hard – link
- Splendid isolation: in search of Scotland’s hermits – link
- You Got Lost and Had to Be Rescued. Should You Pay? – “The coronavirus pandemic has led to a surge of inexperienced hikers venturing into the outdoors. And that in turn has increased the pressure on search and rescue teams, as well as the costs.” – “Contributing to the problem is social media. Hikers can post photos of the vistas from high peaks without acknowledging the realities of reaching the summit.” – link