Infosec Reading List - September 2021

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here. Text in italic represent quotes from the original article.

Quotes from the Twitterverse

---

---

---

---

InfoSec

• FORCEDENTRY - NSO Group iMessage Zero-Click Exploit Captured in the Wild - [link]
• A Complete Guide to Tagging for Personal Knowledge Management - helpful article in case you are interested in personal knowledge management - [link]
• Juniper Breach Mystery Starts to Clear With New Details on Hackers and U.S. Role - another example why it’s impossible to create one backdoor that only the “good” can use - [link]
• “Secret” Agent Exposes Azure Customers To Unauthorized Code Execution - “When users enable any of these popular services, OMI is silently installed on their Virtual Machine, running at the highest privileges possible. This happens without customers’ explicit consent or knowledge.” – what comes to my mind reading this is the old topic of transparency in the cloud: how much transparency do you as customers have and how much do you actually need? we talked about this misalignment already one decade ago – “With a single packet, an attacker can become root on a remote machine by simply removing the authentication header.” - [link]
• Allow arbitrary URLs, expect arbitrary code execution - [link]

Outdoor

• 9 Switzerland hikes that offer views you have to see to believe - some of those I already did, like the Rigi, Aletsch and parts of the Haute Route - [link]