Post

Infosec Reading List - November 2022

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here. Text in italic represent quotes from the original article.

Quotes from the Twitterverse

Desktop View


Desktop View


Desktop View


Desktop View


Desktop View


InfoSec

  • HTTPS Interception Weakens TLS Security - quite old but important - [link]
  • The Fallout From the First Trial of a Corporate Executive for ‘Covering Up’ a Data Breach - - [link]
  • New user guide: How to organize your qubes - a great user guide for people that are lost in terms of how to start with Qubes - [link]
  • Crucial Questions from CIOs and CTOs - [link]
  • Apple Says Your iPhone’s Usage Data is Anonymous, but New Tests Say That’s Not True - “I think people should be upset about this,” Mysk said. “This isn’t Google. people opt for iPhone because they think these kinds of things aren’t going to happen. Apple doesn’t have the right to keep an eye on you.” - [link]
  • Mastodon: What you need to know for your security and privacy - Direct Messages (DMs) on Mastodon are stored in clear text on the Mastodon server. They’re not encrypted. That means that they could be read by whoever is administering your Mastodon server. - similar to Twitter today, but good to reinforce the message - [link]
  • Accidental $70k Google Pixel Lock Screen Bypass - [link]
  • Why Twitter Didn’t Go Down: From a Real Twitter SRE - [link]
  • Wildcard Certs, Not Quite The Star - In an ordinary certificate, if the private key were compromised, then only the connections to the individual servers listed in the certificate would be compromised (which is why I prefer to stick to a single certificate per server). If the the private key for above wildcard certificate were ever compromised, it would compromise the secure connections to all the servers which fall under the domains listed in the certificate. - An attacker could potentially stand up a server with the hostname of evil.youtube.com, and the victim (Google in this case) might not be aware of this rogue server. - [link]
  • The Uncanny Valley of Security - Updated - When you bring transparency to find and fix issues you look worse than those who don’t even try. Even though your risk, in the end, is less than theirs. When you don’t prepare your leadership or customers for this you not only get a decrease in perceived trust you get a collapse of trust. You’re in the uncanny valley. - [link]
  • Why encrypted Backup is so important - And because the typical user does these things, our society does these things. - When it comes to encrypted backup there is essentially one major problem: how to store keys. - I agree, this is the right step into the right direction - [link]

Outdoor

N/A

This post is licensed under CC BY 4.0 by the author.