Post

Infosec Reading List - December 2024

Posted
Preview Image
By Dominik Birk
2 min read

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here. Text in italic represent quotes from the original article.

InfoSec

  • The fascinating security model of dark web marketplaces - [link]
  • Oasis Security Research Team Discovers Microsoft Azure MFA Bypass - Oasis Security’s research team uncovered a critical vulnerability in Microsoft’s Multi-Factor Authentication (MFA) implementation, allowing attackers to bypass it and gain unauthorized access to the user’s account, including Outlook emails, OneDrive files, Teams chats, Azure Cloud, and more. The Oasis Security Research team’s testing with Microsoft sign-in showed a tolerance of around 3 minutes for a single code, extending 2.5 minutes past its expiry, allowing 6x more attempts to be sent. - [link]
  • The long and winding road to safe browser-based cryptography - In this post, we review the problem of browser-based cryptography and discuss existing attempts to address it. - The problem of relying on browser-based JavaScript for cryptography can be described succinctly: “If you don’t trust the server not to keep user secrets, you can’t trust them to deliver security code.” This has been a known problem for at least a decade but hasnt completely been resolved yet in a practical way. - [link]
  • You lost your iPhone, but it’s locked. That’s fine, right? - [link]
  • The Worst Hacks of 2024 - [link]
  • Apple Photos phones home on iOS 18 and macOS 15 - From my own perspective, computing privacy is simple: if something happens entirely on my computer, then it’s private, whereas if my computer sends data to the manufacturer of the computer, then it’s not private, or at least not entirely private. Thus, the only way to guarantee computing privacy is to not send data off the device. - [link]
  • Is your iPhone sharing photos data with Apple by default? - According to a company research blog, it involves your phone creating vector embeddings — of the part of a picture containing a landmark, and sending that and several “fake queries” to Apple for analysis. Your phone then chooses the final match from a batch of possibilities that Apple sends back. - [link]
  • Security means securing people where they are - [link]

Outdoor

N/A

infosec readinglist
This post is licensed under CC BY 4.0 by the author.