Infosec Reading List - June 2019
On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here. Text in italic represent quotes from the original article.
Quotes from the Twitterverse
InfoSec
- My paranoia phone wishlist - interesting discussions around different features on mobile devices that are more or less useful for paranoid people - [link]
- Throwing 500 Vm’s at Your Fuzzing Target Being an Individual Security Researcher - make it run on one machine - then scale up - [link]
- Private Search Engines The Ultimate Guide - extensive discussion of search engines that respect your privacy - [link]
- The Hacking Supergroup That Counts Beto O’Rourke as One of Its Own - “She thinks we’re this righteous politicized hacking machine out for world peace or somethin’. … Anyway we’re gonna get a lot of miles outa this baby.” - [link]
- Google confirms that advanced backdoor came preinstalled on Android devices - “The apps were downloaded from the C&C server, and the communication with the C&C was encrypted using the same custom encryption routine using double XOR and zip,” Siewierski wrote. - double XOR encryption? I hope they will change the keys between the 1st and 2nd encryption? - [link]
- Report: No ‘Eternal Blue’ Exploit Found in Baltimore City Ransomware - “Almost two months passed between the release of fixes for the EternalBlue vulnerability and when ransomware attacks began,” Microsoft warned. “Despite having nearly 60 days to patch their systems, many customers had not. A significant number of these customers were infected by the ransomware.” - [link]
- Information Security Mental Models - [link]
- Know Your Limitations - “If you can’t patch a two-year-old vulnerability prior to exploitation, or detect an intrusion and respond to the adversary before he completes his mission, then you are demonstrating that you need to change your entire approach to information technology.” - [link]
- Zero-day attackers deliver a double dose of ransomware—no clicking required - The attackers send vulnerable servers a POST command that contains a PowerShell command that downloads and then executes a malicious file called “radm.exe.” Besides PowerShell, attackers also exploit CVE-2019-2725 to use the Certutil command-line utility. Other files that get downloaded and executed include office.exe and untitled.exe. - this is huge, however the bitcoin address did not receive any payments until today (10th of June 2019) - [link]
- U.S. Customs and Border Protection says photos of travelers were taken in a data breach - Civil rights and privacy advocates also called the theft of the information a sign that the government’s growing database of identifying imagery had become an alluring target for hackers and cybercriminals. - [link]
- Bose headphones spy on listeners - lawsuit - But the Illinois resident said he was surprised to learn that Bose sent “all available media information” from his smartphone to third parties such as Segment.io, whose website promises to collect customer data and “send it anywhere.” - [link]
- Should Failing Phish Tests Be a Fireable Offense? - [link]
- Vim/Neovim Arbitrary Code Execution via Modelines - nice one - [link]
- Your threat model is wrong - [link]
- The Dark Forest Theory of the Internet - [link]
- The new CISO - Leading the strategic security organization - [PDF] - [link]
Outdoor
- Scene report from the Chernobyl Zone - interesting insights from a travel to the death zone - “We found the stadium, which underscores the vibe of the entire place: where the crumbling empty stands should look out onto the pitch, there is only forest. Standing in the bleachers, listening to the Pripyat municipal overture of resounding bird song, the only thing we could do was stare out at the trees and wonder “how long until New York looks like this?”” - “The reason it’s so beautiful and so peaceful is precisely because we can’t consume it. Like, perhaps, all real paradises everywhere.” - [link]
- Kit List For Thru-Hiking The Iceland Traverse - [link]
- The woman who went around the world in 80 trains - “Train windows offer you a slideshow of images as you slip from one city to the next, all the while forming a close-knit relationship with those around you,” - [link]
This post is licensed under
CC BY 4.0
by the author.