Read on Twitter
2020 Rewind: a personal thread of Cybersecurity & IT topics that maybe slipped through your news radar this closing year (1/n)
On why tech interviews sometimes miss by so much https://twitter.com/minimaxir/status/1228494334732816384
When restoring some keys have you calling your local safe-opening expert https://twitter.com/joao_damas/status/1228382028808114177
That time when using the same code example from stackoverflow resulted in creating the very same UUID which was then used as mutex for 2 different software... so they refused to run concurrently https://twitter.com/Foone/status/1229641258370355200
@latacora's perfectly eloquent essay on encrypted email
https://latacora.singles/2020/02/19/stop-using-encrypted.html
https://latacora.singles/2020/02/19/stop-using-encrypted.html
More prominent voices rise against user-blaming for merely clicking on links from phishing campaigns https://twitter.com/n2vi/status/1232493763001384960
The year of the rise of videoconferencing. Interesting thread about the implications of Governments and high-profile orgs using vconf platforms without verified trustworthiness https://twitter.com/RidT/status/1245343142464937984
The lesson that context free checklists are dangerous too when crypto is involved. Zoom's ECB usage was actually safe! https://twitter.com/colmmacc/status/1246845622403006464
Some piece I wrote on the facts surrounding Whatsapp security and privacy features https://twitter.com/olemoudi/status/1247486008096063488
The Cryptography specifications of the joint Apple-Google Contact Tracing over Bluetooth https://covid19-static.cdn-apple.com/applications/covid19/current/static/contact-tracing/pdf/ContactTracing-CryptographySpecification.pdf
Zoom got a lot of heat due to concerns about their security. Their sudden popularization and a couple of sound security flops didn't help much but anyway here's a thread I wrote on how we should approach security evaluation of general public software. https://twitter.com/olemoudi/status/1249772374867816453
Another year, another JWT bug. This time due to a case-sensitive comparison https://twitter.com/tqbf/status/1250823774179557381
You would think people stopped hardcoding secrets in code in 2020 but here we are https://twitter.com/olemoudi/status/1251806019048607745
Our timely reminder that sometimes complicating things for defenders is bad for your security https://twitter.com/damienmiller/status/1252422238466277376
If you want to be a good Security Engineer, you need to learn to be a Software Engineer first https://twitter.com/empijei/status/1252527525412118529
@dguido thread on the Hegic-gate of these year. Reminder of how ignoring actual recommendations from your audit report can come back to bite you https://twitter.com/dguido/status/1254260710470815744
Interesting money-laundering scheme involving using stolen CC to buy web traffic that pays referrals back in BTC https://twitter.com/Deku_shrub/status/1256683003050438656
Oil prices hit negative values this year and some software was not designed for such an event https://www.bloomberg.com/news/articles/2020-05-08/oil-crash-busted-a-broker-s-computers-and-inflicted-huge-losses
Excellent paper. Discover why Xiaomi calculator app has access to your IMEI https://twitter.com/0xjet/status/1262410864252129282
A timely reminder on how the Black Swan problem affects infosec. Things can never be truly proved as
secure/unexploitable https://twitter.com/tqbf/status/1263145884461735937
secure/unexploitable https://twitter.com/tqbf/status/1263145884461735937
In 2020 Facebook seems to be starting to experiment with Messenger analysis to detect abuse (scams, grooming...) even when messages are encrypted. They leverage
metadata instead of actual content, which they can't read https://www.wired.com/story/facebook-messenger-safety-alerts-encryption/
metadata instead of actual content, which they can't read https://www.wired.com/story/facebook-messenger-safety-alerts-encryption/
An interesting take on whether testing your employees with phishing campaigns is a good thing https://twitter.com/sean_a_cassidy/status/1265396812812136448
Cargo Cult syndrome applied to Infosec https://twitter.com/olemoudi/status/1266049473895161857
Google released another part of their SRE Lore: Building Secure & Reliable Systems. Excellent read! https://sre.google/books/building-secure-reliable-systems/
AWS started checking customers for the Capital One breach flaw from last year https://twitter.com/olemoudi/status/1271919051183476738
Never outsource understanding and security https://twitter.com/kennwhite/status/1283801017621118977
Another key learning on passwords https://twitter.com/olemoudi/status/1290661092767801344
@MITREcorp publishes SHIELD, a framework of techniques and tacticts to help defenders prepare https://twitter.com/MITREcorp/status/1301580759082434566
That time someone lied users about being in a digital queue to prevent page-refresh and denial of service https://twitter.com/helvetica/status/1308424640180768769
Good interview to @clintgibler on why complexity is the main enemy of security. Interesting points inside https://www.forbes.com/sites/louisaxu/2020/09/29/complexity-in-capital-demystifying-the-hype-in-cybersecurity/?sh=258f75f86675
That's it for 2020, hope it helped you discover something interesting for you that just slipped through!
