Post

Infosec Reading List - January 2023

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here. Text in italic represent quotes from the original article.

Quotes from the Twitterverse

Desktop View


Desktop View


Desktop View


Desktop View


Desktop View


InfoSec

  • Password Managers. - Interesting read from June 2021, especially in the light of the latest Lastpass drama - [link]
  • Common pitfalls of breaking up HTTPS connections - [link]
  • LastPass Breach - What went wrong? - Until 2018, LastPass required 5,000 iterations for the PKDF2 implementation, and since then upgraded to 100,100 iterations. - the key question now is: have the pre-2018 vault passwords been re-calculated afterwards with the new parameters? - [link]
  • What We Do in the /etc/shadow – Cryptography with Passwords - Thus, even in a passwordless future, anyone who truly cares about civil liberties will not want to dispense with them entirely. - interesting aspect of something „you know“ - all in all a great article about the state of the password creation art - [link]
  • Thinking of Hiring or Running a Booter Service? Think Again. - [link]
  • How 1Password is designed to keep your data safe, even in the event of a breach - 1password has a solid communication department - [link]
  • Why are there so many tech layoffs, and why should we be worried? Stanford scholar explains - One thing that Lincoln Electric, which is a famous manufacturer of arc welding equipment, did well is instead of laying off 10% of their workforce, they had everybody take a 10% wage cut except for senior management, which took a larger cut. So instead of giving 100% of the pain to 10% of the people, they give 100% of the people 10% of the pain. - [link]
  • The 6 Fundamental Forces of Information Security Risk - i can relate to those, specifically #3: „ Risk is proportional to attack surface.“ perhaps it even deserves its own number - [link]
  • Password strength explained - [link]
  • The Defender’s Guide to OneNote MalDocs - OneNote files aren’t subject to the same Mark-of-the-Web restrictions (i.e. the default blocking of macros in downloaded files) as Excel and Word documents. - [link]

Outdoor

  • Staying warm: What does an unheated room do to your body? - I’m hit with a blast of warm 21C air. The plan is to start at 21C, drop the temperature down to 10C and chart how my body responds to the chill. - [link]
  • Cameroon’s Makombe - Trip Report and Reflections - [link]
  • Canada’s train that takes hitchhikers - added to [todo] list - [link]
This post is licensed under CC BY 4.0 by the author.