Infosec Reading List - March 2019
On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here. Text in italic represent quotes from the original article.
Quotes from the Twitterverse
InfoSec
- 2019 OSINT Guide - [link]
- Offensive testing to make Dropbox (and the world) a safer place - This post will focus on our Offensive Security team. These are the people that leverage real-world adversarial techniques to test and improve the effectiveness of our security program at Dropbox. - [link]
- How Surveillance Inhibits Freedom of Expression - We don’t yet know which subversive ideas and illegal acts of today will become political causes and positive social change tomorrow, but they’re around. And they require privacy to germinate. - [link]
- Google Home (in)Security - IoT, where the s stands for security - [link]
- Tips for Getting the Right IT Job - [link]
- Neuroscientists Say They’ve Found an Entirely New Form of Neural Communication - [link]
- Yes, “algorithms” can be biased. Here’s why - This is what’s important: machine-learning systems—”algorithms”—produce outputs that reflect the training data over time. If the inputs are biased (in the mathematical sense of the word), the outputs will be, too. - [link]
- Serious FaceTime bug allows you to listen remotely before anyone answers — Apple to fix ‘later this week’ - [link]
- $1.000 SSRF in Slack - [link]
- Safety warning: if you use Skype, your contacts may now be exposed - As of a couple of days ago, the new Skype tells other people how many contacts you have in common. It also offers your contacts as potential new contacts to everyone else in your contact book. This is a surprisingly serious privacy breach. - [link]
- The Rise of the Corporate Technology Ecosystem (CTE) - [link]
- Anatomy of a sextortion scam - [link]
- The curious case of the Raspberry Pi in the network closet - [link]
- QSB #47: Insecure default DisposableVM networking configuration - In Qubes OS, one can attempt to limit the network access of a qube by either completely disconnecting it from any NetVM or by setting its firewall rules to disallow access. A malicious qube can circumvent these limits by launching a DisposableVM, which, in the default configuration, would have unrestricted network access. - [link]
- It’s Impossible to Prove Your Laptop Hasn’t Been Hacked. I Spent Two Years Finding Out. - For the last two years, I have carried a “honeypot” laptop with me every time I’ve traveled; this computer was intended to attract (and then detect) tampering. If any hackers, state-sponsored or otherwise, wanted to hack me by physically messing with my computer, I wanted to not only catch them in the act, but also gather technical evidence that I could use to learn how their attack worked and, hopefully, who the attacker was. - [link]
- A basic question about TCP - [link]
- An Unstoppable Predictions Marketplace - Introducing Erasure - [link]
- Revolut insiders reveal the human cost of a fintech unicorn’s wild rise - I have strong doubts that this is a successful strategy to retain talent from a longterm perspective - [link]
- Security Things to Consider When Your Apartment Goes ‘Smart’ - [link]
- How data breaches affect stock market share prices - [link]
- How I abused 2FA to maintain persistence after a password change (Google, Microsoft, Instagram, Cloudflare, etc) - [link]
- My Reflections on the 2019 RSA Conference - This trend of focusing on tech rather than customer problems extends, I think, to vendor-invented personas, as well. - Speaking into a warm and fuzzy echo chamber isn’t thought leadership; bravely challenging the status quo, armed with evidence, is. - [link]
Outdoor
- Unsupported Solo Death Valley Crossing - Trip Report - [link]
- Something’s Happening In The World Of Adventure. And I’m Not Sure I Like It - Listen. I am a dreamer. I spend inordinate amounts of time imagining journeys I might take. They are idealistic dreams, always more colourful and dramatic than any adventure ever really is. It’s an unashamedly pleasurable thing. Best of all, dreaming costs nothing. - When the dust settles, of course, the spirit of adventure will remain standing, because it is defined by what it inside of us, rather than going on around us. - [link]
This post is licensed under CC BY 4.0 by the author.