Post

Infosec Reading List - August 2023

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here. Text in italic represent quotes from the original article.

Quotes from the Twitterverse

Desktop View


Desktop View


Desktop View


Desktop View


InfoSec

  • From Zero to One Hundred - Demystifying zero trust and its implications on enterprise people, process, and technology - [link]
  • Find My: DIY Airtag Tracker - I was curious whether Find My’s offline finding network could be (ab)used to upload arbitrary data to the internet, from devices that are not connected to Wi-Fi or mobile internet (Figure F) … It could also be interesting for exfiltrating data from Faraday-shielded sites that are occasionally visited by iPhone users. - [link]
  • Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself - Microsofts view on the latest ransomware situation - [link]
  • On the security of the Linux disk encryption LUKS - discussion around KDFs like PBKDF2 and Argon2ID - Upgrading the key derivation function is not a one-time task. You should check every few years whether the function you are using is still considered secure, and adjust the level of difficulty. This applies not only to LUKS, but to all password-based encryption tools such as VeraCrypt or KeePassXC. - [link]
  • Kroll Suffers Data Breach: Employee Falls Victim to SIM Swapping Attack - [link]
  • Getting the most out of 1-on-1s - [link]
  • Active North Korean campaign targeting security researchers - [link]
  • Results of Major Technical Investigations for Storm-0558 Key Acquisition - The crash dumps, which redact sensitive information, should not include the signing key. - [link]

Outdoor

  • Bicycle - physics of riding a bicycle - [link]
This post is licensed under CC BY 4.0 by the author.