How Not talk links

How Not… talk: slides and links Herein are some books, articles, and people that we read, skimmed, or thought fondly of while preparing the “How Not to Have a Bad Time with Risky Data” talk seen at B-Sides Atlanta 2024

Slides PDF for browsing is here, source in the Rules repo. This talk was not recorded, so no video is available at this time.


  • CSV/XLS foolishness
    • https://infosecwriteups.com/formula-injection-exploiting-csv-functionality-cd3d8efd02ec
    • https://www.veracode.com/blog/secure-development/data-extraction-command-execution-csv-injection
  • This way to GIFARs, polyglots, chimera, and weird machines …
    • https://github.com/corkami/docs, https://github.com/corkami/docs/blob/master/AbusingFileFormats/README.md , https://www.dfirnotes.net/filetypes-brownbag/ (2017)
  • QubesOS is merely “A reasonably secure operating system”
    • cf: http://www.trustedbsd.org/news.html => Common Criteria (replaced The Rainbow Books)
    • Rabbit Hole: https://en.wikipedia.org/wiki/Solaris_Trusted_Extensions
    • or this argument: https://isopenbsdsecu.re/about/
    • or this one: https://grsecurity.net/research
    • or this one: MJG, who “wrote the first prototype of Shim”: https://mjg59.dreamwidth.org/
    • But mostly: https://stopdisablingselinux.com/
  • VM Escape example: (more than 42 listed):
    • https://en.wikipedia.org/wiki/Virtual_machine_escape
  • file(1) and libmagic vuln example (via FreeBSD Security)
    • https://www.freebsd.org/security/advisories/FreeBSD-SA-14%3A16.file.asc

  • Smart Girls’ Guide to Privacy Violet Blue (2015) https://nostarch.com/smartgirlsguide

  • The Grugq’s many fine articles and conference talks adjacent to and about operational security (opsec) failures: http://grugq.github.io/
  • Matt Honkan of Wired (2012) (NPR coverage, no paywall):
    • https://www.npr.org/2012/08/09/158477219/hacker-s-wreak-havoc-on-wired-writer-s-digital-life
  • Reality Winner (2018)
    • https://www.justice.gov/opa/pr/federal-government-contractor-sentenced-removing-and-transmitting-classified-materials-news
  • Jack Teixeira (2024)
    • https://www.airforcetimes.com/home/2024/03/04/pentagon-leak-suspect-jack-teixeira-pleads-guilty-in-federal-court/
  • Practical Malware Analysis by Michael Sikorski and Andrew Honig (2012) https://nostarch.com/malware
    • 1.2 “Malware Analysis in Virtual Machines”
  • Building Virtual Machine Labs: A Hands-On Guide (Second Edition) (2021) By: Tony Robinson (@da_667) https://leanpub.com/avatar2
    • “Obtaining the Guidance You Seek”
  • Amanda “Malware Unicorn” Rousseau’s workshops
    • https://malwareunicorn.org/workshops/re101.html#2 RE 101: Environment Setup
  • Malware Analyst’s Cookbook and DVD Michael Hale Ligh, Steven Adair, Blake Hartstein, Matthew Richard (2010) Wiley http://www.malwarecookbook.com/
    • Chapter 1: “Anonymizing Your Activities”
  • Whonix and/or Qubes OS docs for reference / research links
    • https://www.whonix.org/ , https://www.qubes-os.org/faq/
  • Joanna R’s talks and papers:
    • https://blog.invisiblethings.org/2013/02/21/converting-untrusted-pdfs-into-trusted.html (2013)
    • https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf (2014)
    • https://www.blackhat.com/eu-17/briefings.html#security-through-distrusting (2017)
  • James Mickens’ writings https://mickens.seas.harvard.edu/wisdom-james-mickens
    • “This World of Ours” (2014)
  • Locard’s principle of Exchange, Kirk’s interpretation
    • https://en.wikipedia.org/wiki/Locard%27s_exchange_principle
    • http://aboutforensics.co.uk/edmond-locard/
  • Eli Lily & Twitter
    • https://www.investors.com/news/technology/lly-stock-dives-taking-novo-sanofi-with-it-after-fake-twitter-account-promises-free-insulin/
  • LockBit:
    • https://www.yahoo.com/news/lockbit-claims-federal-breach-threatens-232219114.html
    • https://www.wired.com/story/lockbit-fulton-county-georgia-trump-ransomware-leak/
  • CISA, “unintentional threats”
    • https://www.cisa.gov/topics/physical-security/insider-threat-mitigation/defining-insider-threats
  • Cisco on URLScan.io
    • https://www.cisco.com/c/en/us/products/security/technical-alliance-partners/urlscan.html
  • American Bar Association “Embarrassing Redaction Failures” (2019)
    • https://www.americanbar.org/groups/judicial/publications/judges_journal/2019/spring/embarrassing-redaction-failures/
  • Techdirt “New York Times Suffers Redaction Failure, Exposes Name Of NSA Agent And Targeted Network In Uploaded PDF” (2014)
    • https://www.techdirt.com/2014/01/28/new-york-times-suffers-redaction-failure-exposes-name-nsa-agent-targeted-network-uploaded-pdf/
  • Law.com / ALM Media “Epic Fail: This Common Redaction Error Exposes Confidential Info” (2018)
    • https://finance.yahoo.com/news/epic-fail-common-redaction-error-174645060.html
  • CBC News “Federal government mistakenly sent ‘sensitive’ information to lawyer — and now wants it back in the box” (2021)
    • https://www.cbc.ca/news/politics/cbsa-ircc-national-security-redactions-1.5942306
  • FBI + CISA “Alert Number: I-091224-PSA September 12, 2024 Just So You Know: False Claims of Hacked Voter Information Likely Intended to Sow Distrust of U.S. Elections”
    • https://www.ic3.gov/Media/Y2024/PSA240912
Written on September 23, 2024