Categories
All posts Cyber security Law enforcement Opinion

Podcast appearance: Null Hype episode 3

“Joining us (each from our own, highly equipped professional home studios) are Riku Juurikko and Antti Kurittu. We talk about influencing, the triggers and ponder upon how a simple meme can move a whole nation.”

Listen to it here

and follow Null Hype on Twitter here.

Categories
All posts Cyber security Opinion

Disobey 2020: Paradigm Shift

Here is my talk from Disobey 2020 titled “paradigm shift”. The talk is about shifting perspectives in the infosec community to better understand user’s problems and other things.

Categories
All posts Cyber security Opinion

Turvakäräjät-podcast (FI)

We’ve started a new Finnish-language podcast on current infosec issues. On the podcast the hosts Juho Jauhiainen, Laura Kankaala and me discuss the most interesting infosec events of the previous week. Episode 1 is out today, and episode 0 was released last week.

A new episode is released every monday morning, you can follow and listen to us here: https://turvakarajat.fi

Categories
All posts Building things

Building things: A deck

Every dad needs to build a deck. I have children, so I started to build a deck. The other, secondary reason was that a useless flower bed was eating a lot of space from out back yard, and a deck would extend nicely over it. I researched some materials, and decided to splurge on some dark grey LunaWood LunaComp composite. I made a list of pros and cons:

Pro composite:

  • Maintenance free – just wash yearly
  • Nicer looking finish
  • No splinters
  • No deforming
  • Lasts longer than wood
  • Premium look and feel

Con composite:

  • More expensive
  • Replacing a board means disassembling the whole deck
  • Never built with this stuff before

The list speaks for itself, so I took a few quotes and went with the cheapest one. They delivered a pallet of wood and composite on my parking spot, which I hauled next to our back yard. The frame was built from 2×6’s to prevent wobbling. The distance between the joists was 40cm as per manufacturer’s guidance for the LunaComp composite, where regular decking could be built with 60cm gaps between joists.

The frame was built during a sunny Saturday:

Starting out in the morning.

First joists in place. Looking good. I was a bit worried about ground clearance, but a laser lever provided enough confidence to go forward with the build. The flowerbed has been gutted and the stone wall next to it torn down, the stones used to hold filter fabric in place.

Progress.
Nothing better than getting a little drunk, listening to podcasts and building a deck.
Support beams in place, still lacking extra vertical supports.

It got too dark to drill, so I decided that this is enough for one day. The end beam is supported by M8 bolts attached directly to the steel fenceposts which I tapped & threaded so that I can screw them directly into it. Some stone slabs (with roofing tarpaper to stop capillary moisture) and plastic adjustable deck supports were used for main support.

I added extra wooden supports from the scraps I had left over all over the deck to give it that little extra support it might need. It has zero wobble. I hate a deck that feels like you’re trying to chill out on a trampoline.

I built the supporting structure alone, so some of the measuring and drilling got a bit complicated. All the joists aren’t exactly straight, and there’s a dip that’s just barely there at the right side next to the small tree that’s enough to gather some rainwater. I’m going to have to fix that whenever I need to take the composite boards off for some reason.

Next day it was time to slap on the composite boards. They were very easy to work with, as they are hollow and easy to cut with a hand saw. No splintering, and cutting through it is fast. The first and last row are attached by screwing from top down, but the next row is attached with plastic clips that leave all the attachment fixtures under the boards. This is a floating installation, which allows the boards to expand and subtract with ambient temperature.

Extra vertical supports and enough diagonal supports to hold a fat man grilling beef.

Adding the composite boards was fast and straightforward – measure, cut, slap in place, plonk with a rubber mallet and screw in the next line of attaching clips.

Getting board.

The planks lighten a bit with UV exposure, and they came off the lumber yard with varying degrees of shade. This has evened out nicely, but it looks a bit rough when working with them:

For this part I had help, which helped.

Deck getting finished:

Getting there.

After installing all the planks, it was time to drag all our mismatched patio furniture on the deck until we can get something nicer.

Done!

Turned out great! I absolutely adore the material. I made a little step for the Sauna door, too. It’s missing the black plastic end-caps in this photo, but it’s a good cross-section of the material used:

If I have the choice, I’m never building a wooden deck again, the composite is clearly superior and the price difference is well compensated with the longevity; the manufacturer promises it would last twice as long as a wooden deck.

I guess we’ll see.

Categories
All posts

Resursseja kyberharjoitteluun

Kyberharjoitus on erinomainen tapa testata organisaation varautumista ja prosesseja kyberkriisin varalta. Alla on listattuna resursseja kyberharjoittelua varten.

Kyberharjoitusohje
Kyberharjoitusohje

Kyberturvallisuuskeskuksen kyberharjoitusohje pitää sisällään kaiken, mitä harjoituksen järjestäjä tarvitsee käynnistääkseen organisaationsa harjoitusohjelman. Huoltovarmuuskriittiset organisaatiot saavat tarvittaessa apua Kyberturvallisuuskeskuksen harjoitustoiminnan tukitiimiltä.

Twitter-tili @badthingsdaily sisältää runsaasti ideoita kyberharjoituksen skenaariota, eli kuvitteellisten tapahtumien tarinaa, varten.

MSB:n kyberharjoitusohje on kattava, englanninkielinen paketti kyberharjoituksen järjestämisestä.

Categories
All posts Forensics Kirjuri

Restoring admin access in Kirjuri

I recently got asked how to restore admin access on Kirjuri after the original administrator has left and the password for the admin account isn’t known.

As Kirjuri does not have any internet-connected features, it can’t implement a standard “we’ll email you a password reset link feature. Most Kirjuri users run their own server on Linux. This makes restoring admin access easy by using the command line. Here are the instructions on how to achieve this assuming you have access to the server running Kirjuri:

Step 1: Connect and log in to the Kirjuri server using ssh from a capable terminal emulator. Windows users can use PuTTy for this. A Kirjuri server runs a few internal servers; the web server that serves you web pages, and a database server that handles storing and reading data. We are going to connect directly to the database server and change user accesss levels to regain administrator access to Kirjuri.

Step 2: Find out your Mysql server database name, username and password. These are configured when Kirjuri is installed, and stored in a php file mysql_credentials.php in the conf/ folder. If you don’t know which folder your web server is serving content from, you can find the file with this command: find . / 2>&1 | grep mysql_credentials.php | xargs cat. Make note of your username, password and database name. These are not the same details that you use to log into Kirjuri. These are the Mysql server credentials.

Step 3: Log in to Mysql using the credentials that Kirjuri uses with this command: mysql -u yourusername -p. Replace yourusername with the username you recovered in the previous step. Mysql will prompt you for the password. Supply the password that you found on the previous step.

Step 4: After you’ve succesfully logged into Mysql, you will be presented with the command line for ordering Mysql around. Switch to your kirjuri database by typing use yourdatabasename; The yourdatabasename part is found in step 2. Remember the trailing semicolon when issuing commands to the database.

Step 5: Check your user details by typing SELECT * FROM users;

Step 6: Make a note of the id column of the user your want to elevate to administrator status. Every user has an unique id number. I’m using 3 as an example on the next step.

Step 7: Type UPDATE users SET access="0" WHERE id="3”;. Access level 0 means administrator access. If Mysql doesn’t give any errors, then you’re all set. Check that the user access level is correct by running SELECT * FROM users; again.

Step 8: Congratulations! User 3 is now a Kirjuri administrator. Quit Mysql and exit the command line.

Step 9: Log in with the newly promoted account and go to user management. Change the original administrator password. You can then log in as the administrator and change the user access level back to normal using the web interface.

Step 10: Celebrate with beer and chips. This is you now:

Hackerman!
Source: https://knowyourmeme.com/memes/hackerman
Categories
Cyber security NCSC-FI News followup

About the NCSC-FI daily news summary

The National Cyber Security Center of Finland provides a number of awesome services. One of those services is a news follow-up, which consists of the duty officers wading throught the masses of infosec news appearing every day and hand-picks the most important and significant ones.

These are combined to an email digest, that is sent to subscribers every night. You can subscribe to the email list here.

I’ve set my site up so that it receives this newsletter and posts it as an article every night, so that the news items are easily available right here.

Enjoy!

Categories
Cyber security

Digihuijatut @ YLE Areena

YLE Areena has published a Finnish TV show that details cases of digital fraud. The TV show is called “Digihuijatut”, and it covers fraud cases from romance scams to identity theft. Each episode is based around interviews conducted with victims of digital fraud.

I was interviewed as a cyber security expert on several of the episodes.

You can watch all of the episodes here.

Categories
Cyber security Opinion Social media

Podcast appearance | We need to talk about infosec

A podcast episode where I spoke with Laura about online honesty and scamming people has been released. You can listen to it on SoundCloud here:

https://soundcloud.com/weneedtotalkaboutinfosec/online-honesty
Categories
Cyber security Law enforcement Opinion Social media

Disobey 2019: Social Cyberattacks (video)

I presented about the psychology of social cyberattacks at Disobey on january 2019.

Here is the video of that presentation: https://youtu.be/3mgntbZzFaw

(Embedding the video causes the page to cut it in half and I can’t be arsed to mess with CSS to make it work so you can just follow the link.)