Post

Infosec Reading List - July 2024

Posted
Preview Image
By Dominik Birk
4 min read

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here. Text in italic represent quotes from the original article.

Quotes from the Twitterverse

Desktop View

Desktop View

Desktop View

Desktop View

InfoSec

  • 3 Ways to Build a Culture That Lets High Performers Thrive - 1. Reduce meetings down to the minimum viable dose - 2. Measure your team’s motivation - 3. Routinely mentor high performers on concrete, high-leverage skills - [link]
  • [Air]Tag You’re It! - [link]
  • These Services Shall Not Pass: Abusing Service Tags to Bypass Azure Firewall Rules - This vulnerability enables an attacker to control server-side requests, thus impersonating trusted Azure services. This enables the attacker to bypass network controls based on Service Tags, which are often used to prevent public access to Azure customers’ internal assets, data, and services. - [link]
  • How a North Korean Fake IT Worker Tried to Infiltrate Us - [link]
  • How to Get Root Access to Your Sleep Number Bed June 22, 2024 - What I did find was a “convenient” backdoor that Sleep Number can use to SSH back into the hub (and my internal home network as a result). Likely it is to perform maintenance on the hub as needed, but the paranoid part of me was not happy when I found that. - IOT devices in 2024 - [link]
  • The Security Principle Every Attacker Needs to Follow - theoretical approach towards security controls - [link]
  • Confronting Impossible Futures - A second factor that gets overlooked in discussions is that AGI serves as a motivating goal for an entire industry. - For all of the billions of dollars that have been invested in creating AI systems, it is kind of surprising that none of the major AI labs seem to have put out any deep documentation aimed at non-specialists. - [link]
  • All the existential risk, none of the economic impact. That’s a shitty trade - Their conclusion? AI’s impact as a productivity-boosting technology basically can’t be seen at all in the macroeconomic data. It has had pretty much zero impact on productivity or almost anything else. It may as well not exist. - well … surprise? Btw the article quotes The Economist - My favorite argument remains unchanged on this, because it is so simple. It goes: intelligence makes entities dangerous, which is why humans are the dominant species on Earth. - [link]
  • From boom to burst, the AI bubble is only heading in one direction - All this seems to be based on an article of faith; namely, that all that is needed to create superintelligent machines is (a) infinitely more data and (b) infinitely more computing power. And the strange thing is that at the moment the world seems to be taking these fantasies at face value. - Since nobody is making real money yet from AI except those that build the hardware, there are precious few profits to take, save perhaps for those who own shares in Nvidia or Apple, Amazon, Meta, Microsoft and Alphabet (nee Google). This generative AI turns out to be great at spending money, but not at producing returns on investment. - [link]
  • 77% Of Employees Report AI Has Increased Workloads And Hampered Productivity, Study Finds - Despite 96% of C-suite executives expecting AI to boost productivity, the study reveals that, 77% of employees using AI say it has added to their workload and created challenges in achieving the expected productivity gains. - “Our research shows that introducing new technologies into outdated work models and systems is failing to unlock the full expected productivity value of AI,” - [link]
  • Microsoft Defender Delayed Updates - [link]
  • Goodbye? Attackers Can Bypass ‘Windows Hello’ Strong Authentication - [link]
  • Scientists should use AI as a tool, not an oracle - Even before ML, many scientific fields have been facing reproducibility and replicability crises. The root causes include the publish-or-perish culture in science, the strong bias for publishing positive results (and the near-impossibility of publishing negative results), the lack of incentives for debunking faulty studies, and the lack of consequences for publishing shoddy work. - [link]
  • Google Chrome warns uBlock Origin may soon be disabled - [link]
  • Crowdstroke - [link]
  • Like a phoenix, Semiphemeral will rise from the ashes - Instead of being a web app that relies on the X API, Semiphemeral will be a desktop app for Windows, macOS, and Linux (and perhaps eventually for iPhone and Android, too). The new Semiphemeral app is basically an extremely specialized browser. - in case APIs are no longer provided by social media platforms, the browser remains an allmighty tool to achieve what you want and platforms can hardly do something about it. What can be „clicked“ with a browser can be automated by tools like this. - [link]

Outdoor

  • 7 Epic International Long Trails You Probably Haven’t Heard of Yet - added to [todo] list - [link]
infosec readinglist
This post is licensed under CC BY 4.0 by the author.