I felt we may have been driving ordinary people and employees away from security and I listed my Doh’s of Cyber Security Training in the previous blog. How could we be more like Dons and take pride in educating people, and believe in the students? Here are my seven Dons of Cyber Security Training to get started. These “Dons” are my ideal teachers and talents (from French) to look for in them.
Our students are, we believe, crème de la crème. The trouble is that they have been let down by the ‘system’ before they came to us.” …
It is easy to talk about human beings being the weakest link, “people don’t care about security”, ”people can’t handle it”, “people don’t get it” and so on. Is there any other industry or skill area in the worklife where you intentionally downplay the humans while still employing them to do the job? Humans have social superpowers which make them one of your best defences if just given a chance.
I exercise, and I like to track it. If I’m not careful, others might suffer a security breach because of it. How is that possible?
One of our jobs at badrap.io is to provide simple explanations to (sometimes) complex security issues. This time we are going to take a look at a bit complex but succesfull approach to attack others. It is called credential stuffing. It relies on poor password hygiene and data breaches.
Hasso Plattner Institute studied available data breach dumps in 2016 . …
Our use of security information is far from efficient. Security researchers generate masses of security information, but at the same time, easy-to-fix issues discoverable by third-party security reports go unnoticed, causing havoc and dismay. badrap.io wants to change that.
Bob Diachenko just revealed Veeam’s marketing database, containing hundreds of millions of records with personal information available on the net (Figure 1). The culprit was unsecured MongoDB exposed directly to the Internet.
The actual web application might have been well tested. But it does not matter if the database it uses can be queried directly from the net. …
When it comes to isolating networks, DNS servers require special attention. DNS servers may leak information from isolated network by proxying queries all the way to the Internet. At worst, a malicious actor can smuggle secrets out.
A few days ago, I detected a +2dB increase in conversation volume somewhere nearby. I set out to investigate. It came from the office next to Badrap. SensorFu crew was celebrating like only the Finns can. Mildly. “They finally finished their installation of 24 Ramlösa cans and 8 Club Mate bottles”, I thought. I was wrong, they were celebrating their latest Beacon release.
If you live in Finland, there is a good chance you will get a warning if your networked devices are in the hands of the criminals. If you work for a critical enterprise your infosec team may get warnings from the government or their threat intelligence vendor. So what about the rest?
In my previous blog, I talked about the high-level motivation for founding Badrap Oy. Let’s drill in deeper.
UPDATE: we now forward also information about data breaches with Data breach monitoring for emails
Security researchers scan the net to find vulnerable devices. Scans come in various shapes and…
Occasionally we celebrate the achievements of Scandinavian ABC startups by picking a new background picture to the scanabc.com webpage. This post tells the stories behind the first three pictures. Next story →
SensorFu is founded. Time to go at full throttle!
The day this picture was taken, @Turmi0 gently engaged a tree with his snowmobile. The result? 1400€ repair service bill. A couple of days later he completed the paperwork for SensorFu’s initial funding.
New year arrived and the Finns got a glimpse of the sunlight.
Occasionally we celebrate the achievements of Scandinavian ABC startups by picking a new background picture to the scanabc.com webpage. We pick the picture from the archives of our entrepreneurs. The inside scoop is here.
This time we celebrate Badrap, the last born of Scandinavian ABC companies. And honourable mentions go to Estonia for inspiration. We took a trip to Estonia to meet with Hillar and work with the first public talk of Badrap.
What a perfect place to kick off Badrap. Estonia was one of the first countries to figure it out: water, electricity, gasoline, milk, bread — they all…
Proper testing of network isolation is getting close to impossible. But in this episode we meet Ossi and Sebastian, who are doing something about it. This blog post is the fourth in the series about SensorFu’s product teaser campaign.
Proper testing… what does it mean? 1) It happens all the time instead of from time to time, and 2) the tests cover any network that is critical to the organisation.
Why is it getting close to impossible? Read on.
Truth to be told, they already did.
Remember the times when there was the Internet, a firewall and an internal network…
Security product evangelist for life.