Infosec Reading List - January 2025

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here. Text in italic represent quotes from the original article.

InfoSec

• Apple to pay $95 million to settle Siri privacy lawsuit - The $95 million is about nine hours of profit for Apple, whose net income was $93.74 billion in its latest fiscal year.. - [link]
• Time to check if you ran any of these 33 malicious Chrome extensions - The Cyberhaven extension is designed to prevent users from inadvertently entering sensitive data into emails or websites they visit. Analyses of version 24.10.4 showed that it was configured to work with different payloads that were downloaded from cyberhavenext[.]pro, a malicious site the threat actor registered to give the appearance it was affiliated with the company. - A link in the email led to a Google consent screen requesting access permission for an OAuth application named Privacy Policy Extension. A Cyberhaven developer granted the permission and, in the process, unknowingly gave the attacker the ability to upload new versions of Cyberhaven’s Chrome extension to the Chrome Web Store. - [link]
• OpenAI is losing money on its pricey ChatGPT Pro plan, CEO Sam Altman says - OpenAI isn’t profitable, despite having raised around $20 billion since its founding. The company reportedly expected losses of about $5 billion on revenue of $3.7 billion last year. - [link]
• Personal liability sours 70% of CISOs on their role - [link]
• Privacy of Photos.app’s Enhanced Visual Search - a nice overview and discussion of the latest information we know about this case - [link]
• Keys to Career Success - there is some great advise here - [link]
• A Day in the Life of a Prolific Voice Phishing Crew - Unfortunately for Cuban, somewhere in his inbox were the secret “seed phrases” protecting two of his cryptocurrency accounts, and armed with those credentials the crooks were able to drain his funds. All told, the thieves managed to steal roughly $43,000 worth of cryptocurrencies from Cuban’s wallets — a relatively small heist for this crew. - [link]
• 2-factor fingerprint unlock feature is now fully implemented - GrapheneOS guides the way here - I can understand that Android/iOS will hardly implement this capability due to the lack of customer demands, but it should be emphasized that this is how „good“ could look like when it comes to addressing threats against mobile devices - [link]
• How We Cracked a 512-Bit DKIM Key for Less Than $8 in the Cloud - Driven by curiosity, we decided to explore whether we could crack one of these keys. Our goal was to extract the private key from a public RSA key, enabling us to sign emails as if we were the original sender. - The process took approximately 86 hours on our 8-vCPU server, successfully factorizing n into p and q - [link]
• Five things most people don’t seem to understand about DeepSeek - [link]
• Homomorphic Encryption in iOS 18 - [link]

Outdoor

N/A