Infosec Reading List - April 2020
On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here. Text in italic represent quotes from the original article.
Quotes from the Twitterverse
InfoSec
- Who Stole My Stuff? Finding Out Who Is Behind A Website - bad opsec - link
- Voter list in huge data breach was compiled by the Labour Party - again, I question whether we as society are ready to accept the residual infosec risks of e-voting - [link]
- Dangerous Domain Corp.com Goes Up for Sale - “Schmidt said he and others concluded that whoever ends up controlling corp.com could have an instant botnet of well-connected enterprise machines.” - [link]
- Experts uncovered hidden behavior in thousands of Android Apps - “While input validation has been well studied in vulnerability discovery, in this paper we have demonstrated that input validation can also have another important application, namely exposing input-triggered secrets such as backdoors (e.g., secret access keys, master passwords, and secret privileged commands) and blacklists of unwanted items (e.g., censorship keywords, cyber-bulling expressions, and weak passwords).” the researchers conclude.” - [link]
- Thousands of Zoom video calls left exposed on open Web - “But because Zoom names every video recording in an identical way, a simple online search can reveal a long stream of videos elsewhere that anyone can download and watch.” - [link]
- Move Fast and Roll Your Own Crypto - A Quick Look at the Confidentiality of Zoom Meetings - “Zoom documentation claims that the app uses “AES-256” encryption for meetings where possible. However, we find that in each Zoom meeting, a single AES-128 key is used in ECB mode by all participants to encrypt and decrypt audio and video. The use of ECB mode is not recommended because patterns present in the plaintext are preserved during encryption.” - classic! - [link]
- Does Zoom use end-to-end encryption? - “TL;DR: It’s complicated.” - [link]
- Security and Privacy Implications of Zoom - Schneier with an overview on the Zoom discussion - [link]
- Joint Statement on Contact Tracing: Date 19th April 2020 - this is the elite in this field, if we don’t listen to them, the probability will be quite high that we get something in the end that we don’t want and that does not fulfill the intention - [link]
- Team Fortress 2 source code has leaked, and you can apparently get malware by playing - [link]
Outdoor
- Isolation Tips From a Year Spent in the Wilderness - [link]
- I Was Trapped in Quicksand for 12 Hours in a Blizzard - [link]
- Top 10 tips to surviving self-isolation from a NASA spacesuit tester - [link]
This post is licensed under CC BY 4.0 by the author.