I felt we may have been driving ordinary people and employees away from security and I listed my Doh’s of Cyber Security Training in the previous blog. How could we be more like Dons and take pride in educating people, and believe in the students? Here are my seven Dons of Cyber Security Training to get started. These “Dons” are my ideal teachers and talents (from French) to look for in them.

Our students are, we believe, crème de la crème. The trouble is that they have been let down by the ‘system’ before they came to us.” …


I have been taking, running, and eventually creating cyber security courses for a while. I have had both my Homer Simpson moments and increasingly frequent bright moments. I will try to share them here in two parts, first the D’ohs and then the Dons, and what Dons got to do with this.

What if people wanted to learn good cyber hygiene habits?

“People are the weakest link” myth

It is easy to talk about human beings being the weakest link, “people don’t care about security”, ”people can’t handle it”, “people don’t get it” and so on. Is there any other industry or skill area in the worklife where you intentionally downplay the humans while still employing them to do the job? Humans have social superpowers which make them one of your best defences if just given a chance.


I exercise, and I like to track it. If I’m not careful, others might suffer a security breach because of it. How is that possible?

One of our jobs at badrap.io is to provide simple explanations to (sometimes) complex security issues. This time we are going to take a look at a bit complex but succesfull approach to attack others. It is called credential stuffing. It relies on poor password hygiene and data breaches.

27% of people use the same or similar passwords

Hasso Plattner Institute studied available data breach dumps in 2016 [1]. …


Our use of security information is far from efficient. Security researchers generate masses of security information, but at the same time, easy-to-fix issues discoverable by third-party security reports go unnoticed, causing havoc and dismay. badrap.io wants to change that.

Case in Point

Bob Diachenko just revealed Veeam’s marketing database, containing hundreds of millions of records with personal information available on the net (Figure 1). The culprit was unsecured MongoDB exposed directly to the Internet.

Figure 1: Data breach due to unsecured MongoDB

The actual web application might have been well tested. But it does not matter if the database it uses can be queried directly from the net. …


When it comes to isolating networks, DNS servers require special attention. DNS servers may leak information from isolated network by proxying queries all the way to the Internet. At worst, a malicious actor can smuggle secrets out.

A few days ago, I detected a +2dB increase in conversation volume somewhere nearby. I set out to investigate. It came from the office next to Badrap. SensorFu crew was celebrating like only the Finns can. Mildly. “They finally finished their installation of 24 Ramlösa cans and 8 Club Mate bottles”, I thought. I was wrong, they were celebrating their latest Beacon release.

SensorFu’s CEO Mikko ordered the crew to celebrate their new release for a minimum of two seconds before returning to work.


If you live in Finland, there is a good chance you will get a warning if your networked devices are in the hands of the criminals. If you work for a critical enterprise your infosec team may get warnings from the government or their threat intelligence vendor. So what about the rest?

In my previous blog, I talked about the high-level motivation for founding Badrap Oy. Let’s drill in deeper.

UPDATE: we now forward also information about data breaches with Data breach monitoring for emails

The Problem: Way Too Many Vulnerable Devices in the Internet

Security researchers scan the net to find vulnerable devices. Scans come in various shapes and…


Occasionally we celebrate the achievements of Scandinavian ABC startups by picking a new background picture to the scanabc.com webpage. This post tells the stories behind the first three pictures. Next story →

2017–03 — Full Speed Ahead

SensorFu is founded. Time to go at full throttle!

The day this picture was taken, @Turmi0 gently engaged a tree with his snowmobile. The result? 1400€ repair service bill. A couple of days later he completed the paperwork for SensorFu’s initial funding.

2017–01 — Back to the Roots, Out to the World

New year arrived and the Finns got a glimpse of the sunlight.


Å, Ä, and Ö met E(stonia)

Occasionally we celebrate the achievements of Scandinavian ABC startups by picking a new background picture to the scanabc.com webpage. We pick the picture from the archives of our entrepreneurs. The inside scoop is here.

The more analog side of Estonia, ‘the most advanced digital society in the world’.

This time we celebrate Badrap, the last born of Scandinavian ABC companies. And honourable mentions go to Estonia for inspiration. We took a trip to Estonia to meet with Hillar and work with the first public talk of Badrap.

What a perfect place to kick off Badrap. Estonia was one of the first countries to figure it out: water, electricity, gasoline, milk, bread — they all…


Proper testing of network isolation is getting close to impossible. But in this episode we meet Ossi and Sebastian, who are doing something about it. This blog post is the fourth in the series about SensorFu’s product teaser campaign.

“My god, it’s full of networks” — It didn’t stop Ossi and Sebastian from making it scale.’

Why Scalable Deployments Are Important

Proper testing… what does it mean? 1) It happens all the time instead of from time to time, and 2) the tests cover any network that is critical to the organisation.

Why is it getting close to impossible? Read on.

The Networks they are A-Changing

Truth to be told, they already did.

Remember the times when there was the Internet, a firewall and an internal network…


You can test drive a car. But you can’t test drive your life. That got us thinking…

We invest in inspiring innovations driven by true entrepreneurs. But how to find them? Security Startup Test Drive is one way. >Read more.

janikenttala

Security product evangelist for life.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store