Another year is coming to an end and we start a new format here on inversegravity. Kick back with us and dig into a selection of the best articles, code, and projects we found this past month. We wish you all the best for 2022!
A CISO’s Practical Advice on log4j
Lamont Orange gives some great advice on darkreading.com. He writes: “it’s easy to get weighed down in hype, marketing, and speculation and forget that there are important things we need to do, right now, to improve our posture, strengthen our team, and put us in a better position for the next Log4j.” Well-spoken, sir! >read<
MS Teams: 1 feature, 4 vulnerabilities
Fabian Bräunlein and his team from Positive Security stumbled upon 4 vulnerabilities in Microsoft Team’s link preview feature. The vulnerabilities allow accessing internal Microsoft services, spoofing the link preview, and, for Android users, leaking their IP address and running a DoS attack. >read<
Cloud Security Breaches and Vulnerabilities: 2021 in Review
Christophe Tafani-Dereeper has written a great summary of common cloud security incidents. We especially appreciate his insight into the prevention and detection of these common misconfigurations. >read<
CCC rc3 Nowhere 2021
The Chaos Communication Congress is the largest gathering of the hacker community in Europe. For the second time, the annual event was replaced by a virtual one due to COVID-19 restrictions. You can find the videos of the 2021 talks here. All the German language presentations are translated and some are held in English. We hope for the CCC folks (and us) that everything will be back to normal in 2022. >streaming link<
Fun with speckle patterns (and lasers)
Anfractuosity has an exciting project with lasers, a calculator, and a vice. He writes “The approach takes advantage of the fact that tiny surface deformations cause phase changes in reflected coherent light which alter the speckle pattern visible under laser illumination.” >read<
That Toy You Got for Christmas Could Be Spying on You
Elizabeth Montalbano has written an interesting article about security flaws in the recently released Fisher-Price Chatter Bluetooth telephone. Keeping those kids protected! >read<
Make Your PC Notify Your Phone Whenever There is Movement Around it
Another great holiday project comes from c0d3x27. In the article, he/she describes how to use the camera of a computer with OpenCV to capture images and detect motion. >read<