Infosec Reading List - January 2017

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here. Text in italic represent quotes from the original article.

Quotes from the Twitterverse

N/A

InfoSec

• Facebook CSO Alex Stamos is a human warrant-canary for the Trump era - Stamos acting as a human warrant-canary for the Trump era? - [link]
• Amid Yahoo hacks, a churn of security officers - On the Yahoo! Hack, the challenges of CISOs nowadays and the corresponding attrition. The political circumstances of accountability in case of a breach play an important role and shouldn’t be neglected. Did he/she get the board / c-level support in order to implement the planned controls? Did stakeholders within the company go into the same direction? - [link]
• Dropbox surprise – deleted files magically reappear after several years - On the sheer impossibility of deleting data from Cloud Storages (Dropbox in this case) – there is always something that could go wrong - [link]
• Tor and its Discontents - Anonymity needs homogeny – security doesn’t - the grugq on Tor, the corresponding risks of the Tor Browser Bundle and FireFox Patch Management - [link]
• Guide to securing and improving privacy on macOS - [link]
• Awesome IoT Hacks - [link]
• A data breach investigation blow-by-blow - Troy Hunt on the process of verifying the legitimacy of leaked data and pinpointing the source before using it on HIBP - [link]
• find-lf - Track the location of every Wi-Fi device (iphone) in your house using Raspberry Pis and FIND - [link]
• Technical details on the Fancy Bear Android malware (poprd30.apk) - More technical details on the latest Android malware called Fancy Bear used to for tracking Ukrainian field artillery units - [link]
• The presidential communications equipment under Barack Obama - How did Barack Obama communicate throughout the last years as US president? - [link]
• Attributing the DNC Hacks to Russia - The usage of a web shell during an attack is a weak evidence for attribution purposes - it’s a common tool to execute the next steps after a server has been compromised. The whole discussion shows how complicated it is to do a proper attribution - especially if evidence cannot be published for whatever reasons - [link] - [link]
• New Fingerprinting Techniques Identify Users Across Different Browsers on the Same PC - [link]
• MMD-0059-2016 - Linux/IRCTelnet (new Aidra) - A DDoS botnet aims IoT w/ IPv6 ready - Technical deep dive into the Linux/IRC Telnet (new Aidra) malware focusing on infecting IoT devices in order to build up DDOS capabilities. Attack vector: Telnet + weak passwords - [link]
• #DigitalSherlocks, Geolocation, and the power of Open Source - Where am I? Quick but interesting example of geolocation and the power of Open Source - [link]
• Who is Anna-Senpai, the Mirai Worm Author? - [link]

Outdoor

• How humans survived in the barren Atacama Desert 13,000 years ago - the Atacama is commonly known as the driest non-polar place in the world. Ars has a short article on how humans survived in this area thousands of years ago - specifically for me quite interesting to read since I spent some time in this area in 2016 - [link]
• An Acquaintance With Fear - Fear is a strong emotion that plays an important role in all kinds of outdoor sports - SideTracked has an interesting interview Aldo Kane and how fear can be addressed and managed properly - [link]
• Marathon Des Sables - [link]
• Inflated Ambitions - Packrafting Afghanistan - [link]
• Publisher printing more copies of George Orwell’s ‘1984’ after spike in demand - don’t forget that the book is available for free online as well - [link] - [link]
• Trans Canada Trail - [link]