Post

Infosec Reading List - June 2020

Posted
Preview Image
By Dominik Birk
3 min read

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here. Text in italic represent quotes from the original article.

Quotes from the Twitterverse

Desktop View

Desktop View

Desktop View

Desktop View

InfoSec

  • Zero-day in Sign in with Apple - “For this vulnerability, I was paid $100,000 by Apple under their Apple Security Bounty program.” – “I found I could request JWTs for any Email ID from Apple and when the signature of these tokens was verified using Apple’s public key, they showed as valid.” - [link]
  • Blur tools for Signal - “One immediate thing seems clear: 2020 is a pretty good year to cover your face.” - [link]
  • Looking back at how Signal works, as the world moves forward - “The only Signal user data we have, and the only data the US government obtained as a result, was the date of account creation and the date of last use not user messages, groups, contacts, profile information, or anything else.” – “We do not believe that security and privacy are about “responsibly” managing your data under our control, but rather about keeping your data out of anyone else’s hands including our own.” - [link]
  • How I made $31500 by submitting a bug to Facebook - [link]
  • Analysing the (Alleged) Minneapolis Police Department “Hack” - “Thirdly, this is getting traction because emotions are high; public outrage is driving a desire for this to be true, even if it’s not.” - [link]
  • Discord client turned into a password stealer by updated malware - [link]
  • Pinebook Pro review—a $200 FOSS-to-the-hilt magnesium-chassis laptop - [link]
  • The A1 Telekom Austria Hack - “A1 confirmed the existence of webshells and the validity of the passwords, although they were old and most of them not used anymore.” - [link]
  • Thai Database Leaks 8.3 Billion Internet Records - [link]
  • Guy Who Reverse-Engineered TikTok Reveals The Scary Things He Learned, Advises People To Stay Away From It - [link]
  • Promotions. The reward for good work is more work. - [link]
  • Fixers Know What ‘Repairable’ Means—Now There’s a Standard for It - “The problem is, industry won’t do this by itself. Managers get ahead by showing quarterly sales growth, not increased product lifespans.” - [link]
  • What’s The Deal With Snap Packages? - [link]
  • Hacking Starbucks and Accessing Nearly 100 Million Customer Records - “By adding a the “$count” parameter from Microsoft Graph URL, we could determine that the service had nearly 100 million records. An attacker could steal this data by adding parameters like “$skip” and “$count” to enumerate all user accounts.” - [link]
  • Report: Facebook Helped the FBI Exploit Vulnerability in a Secure Linux Distro for Child Predator Sting - “But they did so quietly and without notifying the developers of Tails afterwards of the major security flaw, potentially violating security industry norms while handing over a surveillance backdoor to federal agents.” – “Facebook also never notified the Tails team of the flawbreaking with a long industry tradition of disclosure in which the relevant developers are notified of vulnerabilities in advance of them becoming public so they have a chance at implementing a fix.” - [link]

Outdoor

  • Hikers Survive 19 Days Lost in New Zealand Bush - [link]
  • Surviving the Desert: Pt 1 - great article, the author uses the Monowalker in South America, very interesting for me to see it in use - [link]
infosec readinglist
This post is licensed under CC BY 4.0 by the author.