Post

Infosec Reading List - December 2025

Posted
Preview Image
By Dominik Birk
4 min read

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here. Text in italic represent quotes from the original article.

InfoSec

  • The Reverse Centaur’s Guide to Criticizing AI - And because AI is just a word guessing program, because all it does is calculate the most probable word to go next, the errors it makes are especially subtle and hard to spot, because these bugs are literally statistically indistinguishable from working code (except that they’re bugs). - AI is the asbestos in the walls of our technological society, stuffed there with wild abandon by a finance sector and tech monopolists run amok. We will be excavating it for a generation or more. - Throwing more words and GPUs into the word-guessing program won’t make it sentient. That’s like saying, “Well, we keep breeding these horses to run faster and faster, so it’s only a matter of time until one of our mares gives birth to a locomotive.” - Doctorow on fire - [link]
  • A Safer Container Ecosystem with Docker: Free Docker Hardened Images - [link]
  • Amazon Caught North Korean IT Worker By Tracing Keystroke Data - [link]
  • How I Almost Got Hacked By A ‘Job Interview’ - Before hitting npm start, I threw this prompt at my Cursor AI agent - [link]
  • Your Phone Is Not Your Property (Until You Install GrapheneOS) - [link]
  • Eurostar AI vulnerability: when a chatbot goes off the rails - Chatbot security is one thing, but if you run a vulnerability disclosure program, you need to ensure it is operated properly - [link]
  • The European Cloud Situation at the end of 2025 - The US clouds did not take this news lying down and came up with “sovereign” versions of themselves, but by operation of US laws, these are not sanction proof, and can never be. It is very disappointing to see otherwise serious people believe these fairy tales. - If all of Europe’s industry relies on US clouds, and eventually something goes wrong, we’ll all go down together, and no one specifically gets blamed! While cynical, this also rings true. -It is an exceptionally strange situation that we find ourselves in. Both buyers and sellers don’t actually want to move, yet there is much talk of the need to do something. - [link]
  • Prompt GTFO #1 - Inspiring and worth a watch - [link]
  • IPv6 just turned 30 and still hasn’t taken over the world, but don’t call it a failure - [link]
  • Why You Should Never Use Pixelation To Hide Sensitive Text - [link]
  • The Kimwolf Botnet is Stalking Your Local Network - its interesting to see how the bad guys are trying to go after the NATed devices at scale - [link]
  • On Getting Hacked - repeat after me: browser extensions can be very dangerous - [link]
  • Cyber Brief 26-01 - December 2025 - [link]
  • Signal creator Moxie Marlinspike wants to do for AI what he did for messaging - Data and conversations originating from users and the resulting responses from the LLMs are encrypted in a trusted execution environment (TEE) that prevents even server administrators from peeking at or tampering with them. Conversations are stored by Confer in the same encrypted form, which uses a key that remains securely on users’ devices. - [link]
  • I replaced Windows with Linux and everything’s going great - [link]
  • How Markdown took over the World - * … also because it reminds us of how the Internet really works: smart people think of good things that are crazy enough that they just might work, and then they give them away, over and over, until they slowly take over the world and make things better for everyone.* - [link]
  • ChatGPT Health Is A Marketplace. Guess Who Is The Product? - This is a reminder that even if you are paying for the product, you can still end up as the product in a multi-tiered market. - One detail that speaks volumes: OpenAI has excluded the European Union, Switzerland, and the United Kingdom from ChatGPT Health. … If ChatGPT Health were truly built with privacy as a priority, it would launch in these markets. The fact that OpenAI is avoiding jurisdictions with strict privacy enforcement suggests the product cannot meet meaningful privacy standards. They’re launching where the regulatory environment is more permissive. - [link]
  • Cyber Is What We Make of It - [link]
  • Microsoft Gave FBI Keys To Unlock Encrypted Data, Exposing Major Privacy Flaw - Microsoft confirmed to Forbes that it does provide BitLocker recovery keys if it receives a valid legal order. - [link]
infosec readinglist
This post is licensed under CC BY 4.0 by the author.