Posts by Year

2017

NotPetya does not make sense, except it does

5 minute read   -   July 12, 2017

NotPetya, a rapidly spreading malware that wipes the infected computer systems, made it to the news big time in 27th June. Now as the dust has settled down, ...

OWASP Top 10 2017 draft released

3 minute read   -   April 26, 2017

OWASP published a draft of Top 10 Application Security Risks 2017. It has already caused a lot of controversy among web security folks. So here is my viewpoi...

2016

HTTP/2 Security Implications

7 minute read   -   July 28, 2016

HTTP/2 is a major revision of HTTP protocol. RFC of HTTP/2 was published in May 2015. Currently most client-server communications is done via HTTP/1.1. In pr...

Understanding TLS

7 minute read   -   May 05, 2016

This is an article I’ve meant to write for last two years. Getting TLS right seems to be a major challenge for many admins. And I do not mean only some rando...

2015

Rowhammer.js - memory corruption via JavaScript

2 minute read   -   July 31, 2015

Recently I stumbled into an interesting paper. This paper introduces a bug / vulnerability called “Rowhammer.js”. In short: Rowhammer.js enables hardware-lev...

Hackers gonna hack, or get hacked

2 minute read   -   July 11, 2015

Italian based company Hacking Team suffered a major security breach earlier this week. Hacking Team provides offensive cyber security capabilities mainly fo...

2014

Onko Internet rikki?

4 minute read   -   September 01, 2014

Exceptionally I write in Finnish, since this is my comment on article by Jussi Pullinen (@JussiPullinen) at nyt.fi.

Asus RT-N56U router security

4 minute read   -   January 28, 2014

I recently bought a new home router, Asus RT-N56U. It is a consumer level basic wireless router with some “advanced” features, such as file sharing and print...

2013

Overview of PHP.net hacking case

1 minute read   -   October 25, 2013

Most security/technology guys are probably aware by now that PHP’s website php.net was compromised and injected with JavaScript malware this week. The malwar...

Is crypto broken, or is NSA just cheating?

1 minute read   -   September 16, 2013

For some time, I have had to write down some of my thoughts about this NSA/PRISM/Network surveillance/spying case. For me, the most interesting question is w...

Laptops, privacy and airport security

2 minute read   -   June 22, 2013

Ever run into a situation that security guys at airport want to have access on your laptop? Well, I have not but I have heard that some people have. That is,...

Lenovo Thinkpad E530 and Ubuntu

1 minute read   -   June 06, 2013

I just installed and configured Ubuntu 13.04 on Lenovo ThinkPad Edge E530 laptop. It is certified Ubuntu laptop so I was hoping that everything “just works”....

Running OpenBSD on laptop

3 minute read   -   March 13, 2013

I decided to give OpenBSD a try again as “personal laptop OS”. I had previously run OpenBSD on server and tried it also on desktop two years ago, but discard...

2012

Why Jolla Mobile has potential

3 minute read   -   July 22, 2012

In the beginning of this July, a small Finland-based company Jolla came in public with news that they will continue the development of MeeGo and release a ne...

2011

The Diversity of Operating Systems

8 minute read   -   August 22, 2011

After testing about seven different Linux-distributions and a few different BSD-based systems, at one boring night I ended up thinking the reasons for this l...

2010

NetBSD on Acer Aspire One

2 minute read   -   October 21, 2010

Short installation and configuration log for NetBSD on Acer Aspire One. Not a how-to but just my notes of the process so that I don’t need to Google these ag...