Infosec Reading List - August 2017

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here. Text in italic represent quotes from the original article.

Quotes from the Twitterverse

Desktop View

Desktop View

Desktop View


  • Facebook calls for a more people-centric security industry - “The lack of focus on those more mundane problems came about because often security experts had little interest in or empathy for people, he said” - [link]
  • Remote Code Execution In Source Games - Ever get remote code execution by fragging a player? - [link]
  • LinkedIn reveals your personal email to your connections - the interesting part of this article is the discussion around the contextual integrity (CI) theory by Helen Nissenbaum - [link]
  • Black Hat 20 & DEFCON 25 - summary and recommended talks - [link]
  • Top 10 Most Obvious Hacks of All Time (v0.9) - [link]
  • Breaking the Security Model of Subgraph OS - interesting discussion around the sandboxing capabilities of Qubes OS and Subgraph OS - [link]
  • Be Prepared: Journalists and Security Researchers - - [link]
  • Compartmentation is hard, but the Big Data playbook makes it harder still - [link]
  • How the Twitter App Bypasses Paywalls - relying on referer and user-agent for authentication purposes is bad but obviously a desperate try to hold non-tech-savvy users off the paid web offers - [link]
  • Yahoo Small Business (Luminate) and the Not-So-Secret Keys - [link]
  • $10k host header - High School student gets 10,000 USD bug bounty for changing host header information - [link]
  • What is the Horus scenario - The Horus scenario, is a scenario describing a large scale cyber attack targeting the vital electrical infrastructure. - [link]
  • Mitigations: Completeness/Effectiveness vs Performance - [link]
  • Learnings from analysing my compromised server (Linode) - writeup about what can go wrong in case you pick a weak root password for your sshd - [link]
  • From Chrysaor to Lipizzan: Blocking a new targeted spyware family - [link]


  • Whitewater Packrafting 101: 10 Things You Need to Know to Paddle Safe + Strong - [link]
  • Arctic Alaska Packrafting Gear Suggestions: an Annotated Photo-list - very helpful post by Roman Dial on packrafting gear based on 50 years of experience - [link]
  • The Garmin inReach: Merging Navigation & Communication - these are the new devices that merge the traditional Garmin GPS devices and Delorme’s InReach - I’m specifically astonished about the battery: “100 hours in 10-min tracking mode / 30 days in 30-min interval power saving mode” - [link]
  • The man who went on a hike – and never stopped walking - [link]
  • Vindelfjällens Traverse, a packrafting lesson. - interesting report about how quickly things can go wrong when going packrafting - [link]
  • 400 Miles Jordan Hike - this sounds amazing and I would love to go back to Jordan anytime - [link]
This post is licensed under CC BY 4.0 by the author.