Back at it.
I’ve had trouble figuring out how to write about the biggest cybersecurity story in the news in the past few weeks: the GRIZZLY STEPPE report, and its follow-ups and critiques. As Brian Krebs writes:
[T]hese stories are so politically fraught that to write about them means signing up for gobs of vitriolic hate mail from readers who assume I have some political axe to grind no matter what I publish on the matter.
For me, there’s even more weirdness here given my day job. So, I’m going to roll with the assumption that if you’re reading this you probably have read enough about GRIZZLY STEPPE elsewhere, and I’ll leave it alone and focus on some other stuff.
- As I mentioned a few weeks ago, videos from 33C3 are up. Here are a few I liked that I think are worth checking out:
- The women behind your WiFi: Hedy Lamarr: Freqency Hopping in Hollywood
- Gone in 60 Milliseconds: Intrusion and Exfiltration in Server-less Architectures
- Software Defined Emissions: A hacker’s review of Dieselgate and Dieselgate - A year later - I bought a Golf TDI roughly 2 months before Dieselgate broke, so this one’s personal.
- Where in the World is Carmen Sandiego? Becoming a secret travel agent
- “So you’re a new CISO and you just arrived at the organization. What should your personal interaction project plan look like?” this is a great punch-list for a new CISO from Samuel Liles.
- The Many Evolutions of Locky - a look at the evolution of a nasty bit of ransomware.
- Looks like you have a bad case of embedded libraries - are containers just reinventing the failures of embedded libraries? A perfect example of “those who don’t learn from the past are doomed to repeat it”.
- McAfee Virus Scan for Linux - Vulnerability Writeup by Andrew Fasano. A great example of how chained vulns work to produce a problem far worse than the sum of its parts.
- codahale/sneaker: A tool for securely storing secrets on S3 using Amazon KMS.
This is a weekly roundup of interesting infosec related links, inspired by Geek Feminism’s linkspam tradition.
If you’d like to suggest a link for a future roundup, post it to Pinboard tagged with securitylinkspam and I’ll find it there.