I’ve not been using laptops too much in the last few years. When working from home I used my own desktop, so the work laptop was only used the few times I did go to the office.
But with the new job, I got some new work laptops and lost the ability to work from my home computer. In addition to those, I’m trying to use my MacBook Pro, just to play with Mac OS.
Well, multiple machines, and one mouse using a USB cord… Yes, I needed a new mouse. Did some googling, and ended up buying the newest Logitech MX Anywhere… number 3. I have had an older version before, and I did like that one so let’s see if this is as good as I hope.
Possible to connect to 3 different machines(Switching is done on a button underneath)
Works on all surfaces
Small and light
The one with 3 different machines was the most important one for me. And It really works well. The battery time promises 70 days but for me, it’s more like 35(but that is good enough).
I’m not using the included dongle, just connecting with Bluetooth. And I’ve connected and used it with Mac OS, Red Hat and Windows, all working perfectly.
The fit is a little hard to explain. It’s small but works with a normal size hand. Also, the horizontal lines on the side of the mouse give a really good grip. The Scrollwheel automatically changes from normal to superduper fast scroll, that is a feature I had to get used to.
A new version of Ubuntu is just released, and I need a ssh jumpbox. Well here are my steps for setting this up. I have an argus case for my Raspberry PI 4 4GB, so I have added some steps on how to set that up. I also did upgrade the firmware of my Raspberry PI even though I see some websites recommend only using Raspberry OS for this. The first steps are done in a Windows environment but there should be no problem doing something similar on Linux and Mac. If you have any tips or comments please comment below.
Download First of all, you need to download the image. The Raspberry Pi Imager just in the next step does not have 22.04 available yet. You can download the image here: https://ubuntu.com/download/raspberry-pi Since I do not plan to have a monitor connected, my choice was Ubuntu Server 22.04 LTS 64bit.
SD Download the Raspberry Pi Imager and install it. When starting it click Choose OS and scroll to the bottom and click Use Custom. From here select the image you just downloaded. Then Choose your SD card and click WRITE.
WIFI If you don’t need wifi set up you can skip this step, else edit the network-config file located on the root of your SD card. This is a dummy configuration to connect to a wireless network with the name home network and the password 123456789.
Connect When the SD card and Wifi are done, insert the SD card into your Raspberry Pi and boot. Wait a few minutes and connect to it with the username/password combo ubuntu/ubuntu. The password needs to be changed the first time you log in. If you need help finding the Raspberry PI on your network(DHCP IP) I will recommend reading about the ARP commando, or checking if your router has the possibility to show devices on your network.
Remember to check for updates by running these commands.
sudo apt update && sudo apt upgrade
New user Since the default username is ubuntu, and the ssh service will be available from the internet I don’t want to use this ubuntu user.
Create a new user with the adduser command.
sudo adduser username
Then get the list of groups the user ubuntu is a member of with this command.
sudo groups ubuntu
Then add your new user to these groups with this command(only one group at the time).
sudo sudo adduser username groupname
When this is done, log in with your new user and verify that you have the right permissions.
Block ssh for old user My next step in setting this up is denying the ubuntu user to connect through SSH. Well, what I really do is set in the sshd config what user is allowed to log in. Edit your /etc/ssh/ssh_config file and add this line.
This will only allow this user to log in, all others will fail.
How many emails do you get every day? Or how many email addresses do you have? I have multiple email addresses, and even though I try to limit the number of emails received by unsubscribing to newsletters the number is high.
But what is it that I want you to talk to people about? Basically, it is to be careful. Most attacks start with an email, and this can happen both in private and at work. Will these tips help? I guess not on all, but on the generic spam/phishing emails, it will help.
Please get them to check this if you receive an email(Yes on all of them)
Did you expect the email? If not why are you getting this email?
Do you know the person/company sending it? If not why are you getting this email?
Are there attachments? If so, what type? Always be careful with attachments, don’t download or open them if you don’t expect them or need them.
Are there any links? Do they go to legitimate domains? Don’t click on links, you can hover your mouse above them to see where they will take you. If there is a link you should not click it, but open a window in your browser and write manually where you want to go(if it is from your bank or somewhere else, visit the site the way you use to).
Does the from email address look valid? It is easy to fake a from address. But if the name says john doe, and the email address is firstname.lastname@example.org something is fishy.
Is the text/offer too good to be true? No one is offering you money, bitcoin or gold!
Does the text/offer try to get you to do something in a hurry? When doing something quick, it is easier to make bad decisions
I know there is a lot of technical stuff that can be used and is used to help us with this. You can look at the headers, stuff like spf, dkim, dmarc, etc. But for the normal not tech-savvy person I would recommend the steps above.
Snow, sun, chocolate and family. It’s Easter, a lot of people enjoy being in the big cities or maybe a place like canary island. But we norwegians often travel to the mountains to live in small cabins with extended family, often without electricity and running water. I could never live like this, but for a week it’s great. One of the best things, even though it feels worst before going here is the limited possibility of using tech. Usually I’m in front of the computer 10-12 hours on a workday, and 3-4 hours in the weekend. Being limited both on device and the use of internet makes it easier. Well, ending this with a picture taken from the living room window.
So it’s time for Easter, the last part of winter. My family has a tradition to go to the cabin in the mountains, a place without water, plumbing and electricity(we have solar power for charging stuff and for lights).
Here we have fun in the snow, play board games and eat candy. Our tech use is limited, and the only internet we have is 4G based. It’s not that we don’t use tech, but we kind of use it differently. Often we play games together on them, or the kids watch together on one iPad. And the hours used on tech are much less than they would have been if we were home.
I really enjoy this vacation, the way we are stuck in the cabin and a lot few worries that I would have at home.
Tech pack list:
Chargers and a battery bank
Yes, I may be an Apple guy, but I’m not a fanboy :-p And no laptop this year, not going to work so I don’t need one.
When I started to work with infosec I tried a lot of different ways to learn new stuff. I took some courses, read books, watched videos, etc.
But to learn new things, with some help on the way I found out that playing CTFs is a great way. These websites make hacking into a game, by giving you systems to play with, and your job is to get the token(s).
It may be a website you have to get access to, a windows server with vulnerable samba, or maybe a router with a default username/password combination. Some of the sites often have walkthroughs you can look at if you are stuck, and they are great for learning. But remember, DO EVERYTHING yourself as well, that’s the way you learn. Another important thing to remember is that these techniques should only be used on testing like this, using it in the wild may be illegal.
Well enough chatting about, here is my list of some great CTF sites.
hackthebox The one I pay for atm, mostely because of great labs, and the Parrot OS you get access trough your webbrowser(a great way to make your self safe)
Well, if you read this post I guess you either know me or found this by mistake. I have tried to write a blog before and to be honest I have no idea why I do it, and I have no plan for it. But since I own this domain, and had to set up a website for a project, I ended up with a LAMP setup anyway. And by having a website I get some nice logs to do analysis on related to InfoSec.
What I will continue to write depend both on the time I have available (2 kids give me not much time to spare) and if I feel writing gives me something back. Something I plan to write about is howtos of cowrie, goaccess, lamp and more. Just the things I use for this site. But I also would like to write about InfoSec.
I just changed my domain provider and email hosting. After taking backup of all my old emails it felt great to start over with an empty inbox.
After doing some research I found Spark, an email client for iPhone(and soon Windows hopefully) made by a Ukraine company. It’s fast, has a lot of great features, and supports most email providers.
My plan and goal are to keep my inbox as empty as it can be, only emails that I’m supposed to do something with should be there. Everything else should be archived or deleted. At the same time, I will unsubscribe to most of the spam/newsletter/commercial emails to help me with the empty inbox dream.