On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here.
Quotes from the Twitterverse
InfoSec
- Ten Mental Models for Learning - Unfortunately, learning is rarely taught as a class on its own - meaning most of these mental models are known only to specialists. - [link]
- The Glorious, Almost-Disconnected Boredom of My Walk in Japan - „Using a custom-built SMS tool, I sent out a daily text and one photo to an unknown number of recipients.“ - „The recipients could respond, but I’ve yet to see what they said. Those responses have been collected in a print-on-demand book that’s waiting for me when I get back home. My intent is then to respond to the responses in aggregate, long after the walk is finished.“ - „ The goal of this convoluted system is to use the network without being used by it.“ - interesting concept - [link]
- Protection and Countermeasures Against Ransomware Attacks - quite detailed list of ransomware countermeasures - [link]
- Fake CISO Profiles on LinkedIn Target Fortune 500s - [link]
- Brain Training Doesn’t Work - But to achieve this possibility, we must let go of the false promise that broad-ranging skills can come from practice on narrow tasks. Brain training is a dead-end, but learning is timeless. - [link]
- Hacker Charged With Extorting Online Psychotherapy Service - On Oct. 23, 2020, ransom_man uploaded to the dark web a large compressed file that included all of the stolen Vastaamo patient records. But investigators found the file also contained an entire copy of ransom_man’s home folder, a likely mistake that exposed a number of clues that they say point to Kivimaki. - Opsec counts for bad guys as well - “It was a huge opsec [operational security] fail, because they had a lot of stuff in there — including the user’s private SSH folder, and a lot of known hosts that we could take a very good look at,” - But for all the good it brought, the healthcare records management system that Vastaamo used relied on little more than a MySQL database that was left dangerously exposed to the web for 16 months, guarded by nothing more than an administrator account with a blank password. - again, database directly exposed to Internet - [link]
- Nothing PUNY About OpenSSL (CVE-2022-3602) - [link]
Outdoor
- Data Insights from 10,000 Garmin inReach SOS Incidents - It is interesting to note how conglomerations of incidents indicate mountainous regions, such as the Pacific Crest Trail in western United States, the Alps in Europe and nearly all of New Zealand. - [link]
- Train Passenger Sees Stranded, Injured Hiker and Triggers Rescue - [link]
- I Survived Being Lost For Nine Days - [link]