Infosec Reading List - August 2019
On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here. Text in italic represent quotes from the original article.
Quotes from the Twitterverse
InfoSec
- Ubuntu Touch safety architecture - interesting project, however, I’m confused that full disk encryption is not available by default - don’t claim that your OS focuses on security & privacy when you do not provide FDE for a mobile phone OS: “The honest answer is that there is no full disk encryption support yet and providing it would not be as simple as one might think.” - [link]
- Unveiling 11 New Adversary Playbooks - [link]
- On Facebook’s pictures watermarking - [link]
- What We Can Learn from the Capital One Hack - SSRF - [link]
- The New Wilderness - Until recently, ambient privacy was a simple fact of life. Recording something for posterity required making special arrangements, and most of our shared experience of the past was filtered through the attenuating haze of human memory. Even police states like East Germany, where one in seven citizens was an informer, were not able to keep tabs on their entire population. Today computers have given us that power. - one of the better articles I read about privacy within the last weeks - [link]
- Revealed: Microsoft Contractors Are Listening to Some Skype Calls - why should Microsoft be different here? - [link]
- Causality Research in AI – How Does My Car Make Decisions? - [link]
- GDPR After One Year: Costs and Unintended Consequences - [link]
- Supply Chain Attack on Wipro Highlights Service Provider Vulnerabilities - [link]
- He tried to prank the DMV. Then his vanity license plate backfired big time. - the story is full of WTFs - [link]
- Pink Slips To Million Dollar Salaries: Are CISOs Underappreciated Or Overpaid? - [link]
- Cybersecurity pros name their price as data hacking attacks swell - [link]
- A Technical Analysis of the Capital One Cloud Misconfiguration Breach -interesting speculations (yes, these are only speculations, not facts) about the CapitalOne compromise based on the FBI indictment - [link]
- The Myth of Consumer-Grade Security - “The thing is, that distinction between military and consumer products largely doesn’t exist. All of those “consumer products” Barr wants access to are used by government officials — heads of state, legislators, judges, military commanders and everyone else — worldwide.” and old topic which still gets discussed and most probably will never stop being discussed - [link]
- Alleged “snake oil” crypto company sues over boos at Black Hat [Updated] - [link]
- From unstructured data to actionable intelligence: Using machine learning for threat intelligence - “Trained on documentation of known threats, this system takes unstructured text as input and extracts threat actors, attack techniques, malware families, and relationships to create attacker graphs and timelines.” - [link]
- ECB Says One of Its Websites Was Hacked, Data Possibly Captured - [link]
- Hundreds of exposed Amazon cloud backups found leaking sensitive data - [link]
- Calibration Fingerprint Attacks for Smartphones - [link]
Outdoor
This post is licensed under CC BY 4.0 by the author.