Infosec Reading List - October 2022
On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here. Text in italic represent quotes from the original article.
Quotes from the Twitterverse
InfoSec
- Ten Mental Models for Learning - Unfortunately, learning is rarely taught as a class on its own - meaning most of these mental models are known only to specialists. - [link]
- The Glorious, Almost-Disconnected Boredom of My Walk in Japan - „Using a custom-built SMS tool, I sent out a daily text and one photo to an unknown number of recipients.“ - „The recipients could respond, but I’ve yet to see what they said. Those responses have been collected in a print-on-demand book that’s waiting for me when I get back home. My intent is then to respond to the responses in aggregate, long after the walk is finished.“ - „ The goal of this convoluted system is to use the network without being used by it.“ - interesting concept - [link]
- Protection and Countermeasures Against Ransomware Attacks - quite detailed list of ransomware countermeasures - [link]
- Fake CISO Profiles on LinkedIn Target Fortune 500s - [link]
- Brain Training Doesn’t Work - But to achieve this possibility, we must let go of the false promise that broad-ranging skills can come from practice on narrow tasks. Brain training is a dead-end, but learning is timeless. - [link]
- Hacker Charged With Extorting Online Psychotherapy Service - On Oct. 23, 2020, ransom_man uploaded to the dark web a large compressed file that included all of the stolen Vastaamo patient records. But investigators found the file also contained an entire copy of ransom_man’s home folder, a likely mistake that exposed a number of clues that they say point to Kivimaki. - Opsec counts for bad guys as well - “It was a huge opsec [operational security] fail, because they had a lot of stuff in there — including the user’s private SSH folder, and a lot of known hosts that we could take a very good look at,” - But for all the good it brought, the healthcare records management system that Vastaamo used relied on little more than a MySQL database that was left dangerously exposed to the web for 16 months, guarded by nothing more than an administrator account with a blank password. - again, database directly exposed to Internet - [link]
- Nothing PUNY About OpenSSL (CVE-2022-3602) - [link]
Outdoor
- Data Insights from 10,000 Garmin inReach SOS Incidents - It is interesting to note how conglomerations of incidents indicate mountainous regions, such as the Pacific Crest Trail in western United States, the Alps in Europe and nearly all of New Zealand. - [link]
- Train Passenger Sees Stranded, Injured Hiker and Triggers Rescue - [link]
- I Survived Being Lost For Nine Days - [link]
This post is licensed under CC BY 4.0 by the author.