Infosec Reading List - October 2018
On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here. Text in italic represent quotes from the original article.
Quotes from the Twitterverse
InfoSec
- An interesting Google vulnerability that got me 3133.7 reward. - putting GET-request data into POST-request fields is probably not the best idea - [link]
- GoogleMeetRoulette: Joining random meetings - [link]
- “I too like to live dangerously”, Accidentally Finding RCE in Signal Desktop via HTML Injection in Quoted Replies - [link]
- Catching phishing before they catch you - early phishing warning system based on certstream API, nice! - [link]
- Unauth meetings access - “When decoded this base64 string includes the phone number and the pin for the meeting” - [link]
- Password and Credential Management in 2018 - this article has indeed some interesting aspects that should be considered - “Before we send the username and password over the wire we perform a single SHA3-512 round on the plain-text password plus a unique name for our service” - “There is no way we could ever accidentally store the user’s plain-text password in our logging system, unlike GitHub and Twitter, which both admitted in May 2018, that they have found plain-text passwords in their logging systems.” - interesting thoughts, to ensure the plaintext password will never leave the client side - [link]
- IoT Pentesting 101 && IoT security 101 - [link]
- So, you want to be a darknet drug lord… - [link]
- Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges - “Next, call an endpoint (e.g., cgi_get_ssh_pw_status) that requires admin privileges and authenticate as admin by adding the cookie username=admin.” - [link]
- Local file inclusion at IKEA.com - “The used PDF library contains (hidden) functionality that allows one to embed files into the PDF by adding a specific tag in the template.” - [link]
- How I “found” the database of the Donald Daters App - [link]
- How I hacked modern Vending Machines - [link]
Outdoor
- Chile Opens 1,700-Mile Hiking Trail Connecting 17 National Parks - it needs to verified how much is really through-hiking here and how much needs to be done by car - [link]
- Ruta de Los Seis Miles, Sur - added to [todo] list - perhaps could even combined with the Chile Trails mentioned above? - some of these areas have already been covered by my previous trips - [link]
- Iceland Divide (North-South) - yet another entry on the [todo] list although I spent already 1 month in Iceland a few years ago - it’s definitively a place to go back - [link]
This post is licensed under CC BY 4.0 by the author.