Infosec Reading List - April 2023
On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here. Text in italic represent quotes from the original article.
Quotes from the Twitterverse
InfoSec
- The Cybersecurity Toy Store - too bad that this is not reality - [link]
- Noam Chomsky: The False Promise of ChatGPT - The crux of machine learning is description and prediction; it does not posit any causal mechanisms or physical laws. Of course, any human-style explanation is not necessarily correct; we are fallible. But this is part of what it means to think: To be right, it must be possible to be wrong. Intelligence consists not only of creative conjectures but also of creative criticism. Human-style thought is based on possible explanations and error correction, a process that gradually limits what possibilities can be rationally considered. - very important nowadays - [link]
- How to avoid the aCropalypse - [link]
- Attack Surface Management - First, a reminder of how we state Force 3: Unless positively constrained, attack surfaces grow. Risk is proportional to attack surface. Unknown services are never checked. There is a Murphy’s Law corollary of this which could be stated as: services want to be on, unless you really want them to be on and then they often fail. - [link]
- 2022 Microsoft Teams RCE - [link]
- Why Managers Should Think More Like Hackers - Adopting a hacker attitude can help managers work around obstacles, find opportunities across siloes, cultivate a culture of pragmatism, mobilize staff around processes instead of end goals, and navigate situations in which there isn’t an obvious answer or clear choice. - [link]
- 3CX Breach Was a Double Supply Chain Compromise - “This is the first time Mandiant has seen a software supply chain attack lead to another software supply chain attack,” - [link]
- WTF is a KDF? - a lot of discussions around the recent rumours that French policy cracked the LUKS harddisk of an activist - [link]
- Apple’s high security mode blocked NSO spyware, researchers say - “The fact that Lockdown Mode seems to have thwarted, and even notified targets of a real-world zero-click attack shows that it is a powerful mitigation, and is a cause for great optimism,” - quite interesting - [link]
- Botconf 2023 Wrap-Up Day #3 - [link]
Outdoor
- Can new best-practice visitor guidelines better protect Finland’s Sámi culture and heritage? - [link]
- The best cycling routes in Europe for a scenic adventure - some of those are still on my [todo] list - [link]
- Beatriz Flamini: Athlete emerges after 500 days living in cave - Ms Flamini, 50, entered the cave aged 48. She spent her time in the 70m (230ft) deep cave exercising, drawing and knitting woolly hats. She got through 60 books and 1,000 litres of water, according to her support team. - [link]
This post is licensed under CC BY 4.0 by the author.