Post

Infosec Reading List - March 2020

Posted
Preview Image
By Dominik Birk
3 min read

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here. Text in italic represent quotes from the original article.

Quotes from the Twitterverse

Desktop View

Desktop View

Desktop View

Desktop View

InfoSec

  • PinePhone: A real, open source, Linux-compatible smartphone - “The PinePhone Braveheart is not a consumer phone, and it’s not intended to be. It’s name was well chosen, as so many things simply don’t work on the phone. This was known and expected, and I think Pine64 did an excellent job communicating that much like Pimoroni did for the 32Blit Beta.” – I’m really looking forward to see how this topic turns out in the future: having a free, (almost) open-source phone running which satisfies most of the standard customer requirements would help to address some of the privacy & security issues we currently have with our phone ecosystems - link
  • Developing Cybersecurity Skills Through Deliberate Practice - “However, extended experience doesn’t automatically lead to increased performance.” – “How can you stay motivated to dedicate the necessary hours to focused practice? The answer might lie in the elusive notion of having passion for your field.” – great article with a lot of statements which I can fully support – also check this one out from the same author - link
  • Airbnb Is Recommending Surveillance Devices To Make Sure Guests Behave - link
  • Proxying and Intercepting CLI Tools - link
  • What You Should Know About Online Tools During the COVID-19 Crisis - some good advise to consider when using Slack, Zoom - link
  • Brave deemed most private browser in terms of ‘phoning home’ - the PDF of the research paper can be found here – since the conclusion of the paper is summarizing the outcome quite well, I copy&past here: “We study six browsers: Google Chrome, Mozilla Firefox,Apple Safari, Brave Browser, Microsoft Edge and YandexBrowser. For Brave with its default settings we did not find any use of identifiers allowing tracking of IP address overtime, and no sharing of the details of web pages visited with backend servers. Chrome, Firefox and Safari all share details of web pages visited with backend servers. For all three this happens via the search autocomplete feature, which sends webaddresses to backend servers in realtime as they are typed. In Chrome a persistent identifier is sent alongside these webaddresses, allowing them to be linked together. In addition, Firefox includes identifiers in its telemetry transmissions that can potentially be used to link these over time. Telemetry can be disabled, but again is silently enabled by default. Firefox also maintains an open websocket for push notifications that is linked to a unique identifier and so potentially can also be used for tracking and which cannot be easily disabled. Safari defaults to a choice of start page that potentially leaks information to multiple third parties and allows them to preload pages containing identifiers to the browser cache. Safari otherwise made no extraneous network connections and transmitted no persistent identifiers, but allied iCloud processes did make connections containing identifiers.” - link
  • Signs You’re Following A Fake Twitter Account - link
  • Stop Buying Bad Security Prescriptions - great article, unfortunately not easy to be implemented in modern non-tech industry landscapes – “So, don’t fall for the latest marketing spiel on Machine Intelligence Driven Heuristics for Advanced Persistent Threat Elimination Magic™. Instead, favor a deep integration of basics focused on: attack surface reduction, trust boundary isolation (e.g. network or process separation), consistent and safe input handling, and proven technologies for handling security-focused capabilities such as authentication or encryption.” - link

Outdoor

  • North Cape Polar Night – or how (not) to use an ice axe for paddling - link
  • A Distant Dream of Ladakh - added to [todo] list - link
  • How a Shipwrecked Crew Survived 10 Days Lost at Sea - link
  • Exclusive: Adam Shoalts on his epic Trans-Canadian Arctic Expedition - “For a month at the start of the expedition and a month near the end I didn’t see a single soul unless you count a human skull on the tundra.” - link
  • Packrafting Trips – Overview - nice overview of various Packrafting trips from around the world provided by packrafting.de - link
infosec readinglist
This post is licensed under CC BY 4.0 by the author.