Infosec Reading List - October 2017
On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here. Text in italic represent quotes from the original article.
Quotes from the Twitterverse
InfoSec
- Disqus Demonstrates How to Do Breach Disclosure Right - [link]
- Forrester.com Experienced A Cybersecurity Incident - [link]
- Replacing Social Security Numbers Is Harder Than You Think - Steve Bellovin on the complicated matter of national IDs – “SSNs are not the problem; authentication commensurate with the risk to all parties, including especially individuals, is.” - [link]
- Introducing the Next Generation Qubes Core Stack - [link]
- Mac Dumpster Diving – Identifying Deleted File References in the Trash (.DS_Store) Files - [link] - [link]
- The Absurdly Underestimated Dangers of CSV Injection - this is an impressive example how plaintext data, that is supposed to do no harm in general, could trigger malicious behavior simply by interpreting it the wrong way - and yes, there are error messages that people “could” read - but will they? - [link]
- Responding to typical breaches on AWS - [link]
- Patching is hard; so what? - indeed it is, but there are other alternatives in order to address problems that require immediate attention – so doing nothing is no option here - [link]
- Falling through the KRACKs - everybody talks about the WPA mess this month - [link]
- Metadata: a hacker’s best friend - wget + exiftool + Splunk for visualization - nice writeup to get a powerful overview of metadata - [link]
- One Line of Code that Compromises Your Server - [link]
- Equifax website borked again, this time to redirect to fake Flash update - [link]
- Smart home: remote command execution (RCE) - RCE via unchecked php variables in Fibaro Smart Home solution - [link]
- Google is permanently nerfing all Home Minis because mine spied on everything I said 24/7 [Update x2] - [link]
- Reverse Engineering My Home Security System: Decompiling Firmware Updates - not attacking the network interfaces this time, but reversing the firmware updates including OSINT via github - interesting read - [link]
- Nigerian Man Hacked Thousands of Global Oil & Gas and Energy Firms - “Even though this individual is using low-quality phishing emails, and generic malware which is easy to find online, his campaign has still been able to infect several organizations.” - [link]
- Detecting Lateral Movement through Tracking Event Logs - [pdf] - [link]
This post is licensed under
CC BY 4.0
by the author.