Infosec Reading List - October 2020
On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here. Text in italic represent quotes from the original article.
Quotes from the Twitterverse
InfoSec
- How to Destroy ‘Surveillance Capitalism’ - “We are living through a golden age of both readily available facts and denial of those facts.” – “But digital rights activism is right where it’s always been: looking out for the humans in a world where tech is inexorably taking over.” - [link]
- Inside Amazon’s Ring Alarm System - “The following blog post details a complete teardown of the Ring security system base station and how I went about investigating the device. This blog is intended as a starting point for further research into Ring devices.” - [link]
- How Malicious Tor Relays are Exploiting Users in 2020 (Part I) - “As far as I know this is the first time we uncovered a malicious actor running more than 23% of the entire Tor network’s exit capacity. That means roughly about one out of 4 connections leaving the Tor network were going through exit relays controlled by a single attacker.” – you should specifically read the section about what the attacker is actually exploiting - [link]
- New Gentoo templates and maintenance infrastructure - [link]
- Breaking HTTPS in the IoT: Practical Attacks For Reverse Engineers - nice overview of MitM attacks - [link]
- EU courts ban indiscriminate metadata collection and retention - “We call on Switzerland to live up to its principles and do away with the data retention requirement.” - [link]
- Why Your iPhone Has So Many New Privacy Alerts in iOS 14 - [link]
- Researchers Turn Comcast TV Remote Into Spying Device - “Communications between the remote and the set-top box are encrypted, but the remote’s firmware failed to ensure that only encrypted responses were accepted for encrypted requests, allowing an attacker to send malicious responses in plain text.” - [link]
- Software AG hit with ransomware: Crooks leak staffers’ passports, want millions for stolen files - [link]
- Google Responds to Warrants for “About” Searches - “After all, the only way to know who said a particular name is to know what everyone said, and the only way to know who was at a particular location is to know where everyone was. The very nature of these searches requires mass surveillance.” - [link]
- Cloudflare wants to run your web browser in the cloud - well, I’m not sure whether this is a clever idea from various perspectives - [link]
- Discord Desktop app RCE - [link]
- Research: Can you build spyware for a Fitbit? - [link]
- Public dataset of Cloudtrail logs from flaws.cloud - “In order to advance research into AWS security, I’m releasing anonymized CloudTrail logs from flaws.cloud.” - [link]
- Open Source Intelligence Tools and Resources Handbook 2020 - [link]
- After breach, Twitter hires a new cybersecurity chief - [link]
- The Inside Story of How Signal Became the Private Messaging App for an Age of Fear and Distrust - “But it is increasingly clear that among protesters, dissidents and investigative journalists, Signal is the new gold standard because of how little data it keeps about its users” - [link]
Outdoor
This post is licensed under CC BY 4.0 by the author.