. Skip to main content

(ˈpiːtə(r)), n, Dutch Computer geek, Father of 3, Living together with @Chrizzzz, security specialist at @Atos, CISSP, Opinions are my own.

srcr.nl

twitter.com/srcr

instagram.com/srcr/

reddit.com/u/srcr/

paypal.me/srcr

snapchat.com/add/srcr

keybase.io/srcr

CPE Webcasts and Podcasts

1 min read

Since I'm a certified CISSP I need to reach my yearly CPE goal. For this I watch and listen to various web- and podcast. At the moment this is what is on my diet.

Stormcast, Daily Information Security Podcast - Stormcasts are daily 5-10 minute information security threat updates from the SANS Internet Storm Center.

Digital Shadows ShadowTalk - Digital Shadows monitors and manages an organization’s digital risk, providing relevant threat intelligence across the widest range of data sources within the open, deep, and dark web to protect their brand, and reputation.

Troy Hunt's Weekly update - Troy Hunt is the owner of Have I been pwned? (HIBP), blogger, Microsoft regional director and MVP and speaks at security events and give security training.

Paul’s Security Weekly - Weekly security roundup by the security weekly team discussing the security high- and lowlights.

FireEye State of The Hack - Weekly (?) show by FireEye with your update of the various APT and FIN groups.

Inside

1 min read

  

Can't resist putting these on my site, much better attempt than my picture below.
These pictures are created by @paul_pearce

Migrating Known from MySQL to PostgreSQL

1 min read

Below are the steps I've taken to finally migrate my self hosted Known site from MySQL to PostgreSQL.


Currently the website install routine only supports MySQL so there is no need to go to either the /warmup or /begin folders on your site. You need to build that database manually.


createuser withknown

createdb -T template1 -O withknown withknown

psql -f /schema/postgres/postgres.sql withknown


To migrate the data from MySQL to PostgreSQL I use the mysql2postgresql tool from Mihail Shumilov

https://github.com/mihailShumilov/mysql2postgresql


mysqldump --xml -u root withknown > withknown.xml

php convertor.php -i withknown.xml -o withknown.sql


Edit the file withknown.sql and remove all the DROP, CREATE, ALTER lines so you are left with only the INSERT lines, which hold the actual site data. (perhaps there is a option in mysqldump to do this directly)


To get rid of the over escaping from MySQL run the below sed line.


cat withknown.sql | sed -e 's/\\\\/\\/g' > withknown-final.sql


As last phase import the data in PostgreSQL


sql -U withknown -f withknown-final.sql withknown


Make sure you update the config.ini and change the connection info


database = 'Postgres'

dbname = 'withknown'

dbpass = 'XXX'

dbuser = 'withknown'

dbhost = 'localhost'

Zolt - Daily news summaries for the US

2 min read

 

 

As request to me by Nick Wyatt I gave the app Zolt a try.

Zolt lets you quickly skim through the they daily news by reading 500 news sources and currating the best stories and summarizing them in sixty words. All these stories are presented via simple to read cards that you can quickly swipe through. Also the app lets you create your personal newsfeed, so If you like technology and sports you can include those in your personal feed and read that and stay up to date.

So after trying Zolt for a short time I must say I really like the minimalistic design and technical implementation. Also the sharing options from the app are great being able to us the shout icon and respond to the post with a text, drawing or photo is a nice feature. For me the biggest drawback is the content.

Zolt is clearly a US minded application and you will find this clearly in the news items. Even in the international section 8 out of the 10 news stories is about the US. So for me as someone from Europe this doesn't forfill my need for news en though the presentation and ease of consuming the content is great.

If you want to give it a try yourself the app is available for free on both Android and iOS.

The Explorations of Obsidius #Ingress

7 min read

I. It was my honor to serve under Titus as a member of the exploratores, the scouting troops, during the campaign in Judea. It was my fortune to have my commander and future emperor take notice of some novel tactics that I employed and name me Prime Exploratore, placing several soldiers(who had been deemed unfit for combat services) under my command. Titus, always wise and innovative, knew that they had value far beyond that of the traditional exploratores or spies(a word which I detest): they were to be different. I preferred the term Irregular Scout.

II. My small force numbered no more than twenty at any given time, with new recruits substituting for the many who had been captured or killed. They included three types of soldiers: those that were fleet of foot and agile, and thus able to scout large amounts of terrain in the distance; those who were able to blend into different social groups(which was very valuable in the Judea campaign) feigning other identities; and those who were able to impersonate noble personages for the purposes of gaining information. Personally, I had adopted all of these roles at different times and thus had a body of knowledge to share, and my Exploratores were quick to learn.

III. It was to my advantage that I was of average height and possibly mixed heritage. Possibly because, while my mother denies this, my features have always been undeniably different, and some have said that they belonged not to my father but to a gladiator from the east or perhaps Egypt with whom she dallied. My father, Marcus Atticus Tullius, was a merger of unfashionable but nonetheless well established republican families: Tullius being one of Marcus Tullius Cicero's relatives and Atticus being the famous statesman, also known as Cicero's correspondent. Atticus was quite possibly the most adroit politician of the age given that he died of natural causes in a treacherous political environment. As a youth I journeyed to Egypt, following a trail I thought might lead me to the truth of my parentage, but my own history remained oddly and irrevocably occluded. Whatever my lineage, I was gifted with the ability to appear to be the member of many tribes. With this gift, and the skills of both the traditional Exploratores and the Speculatores, I soon became something else altogether different.

IV. Raised in Judea, I spoke several languages and was familiar with the world of rough traders who traveled to distant and un-imagined lands. In fact, as a child, I snuck off with a caravan, pretending to be a stable boy and made it deep into Persia before my true identity was discovered. I immediately returned. My family was perceived as quite powerful and thus dangerous in the region. My father served as a member of the royal cavalry (known later as the Praetorian Guard) and was present for the murder of Caligula. He was on of the few who survived the barbarous and vengeful actions of the German Guard upon the death of the debauched emperor.

V. This is fortunate for me, because I was born two years later. Feeling it safer to be in the East, my father accepted a posting there, It afforded me an upbringing of provincial privilege and exposure to the most exotic elements of the East, West, South and North (as Judea had strategic importance as the trail-head of nearly all trading routes from the far Persian, Egyptian and African, the as well as Hellenic, Latin and Assyrian Regions). In short, I was exposed to the entire world. This gave me great knowledge to use later in life.

VI. I served Titus in Judea an attempted to serve those I'd grown up with as well. I credit myself in saving many lives in the Jewish Wars, but alas, there was no persuading some of them that attempts to flight the empire within force would not be successful. I suspect that the offshoot sect will be more effective in subverting the empire from within. After Judea I was sent north to battle with the German. I was an utterly new challenge. I had no experience in dealing with the Ice and Forest People. With no hope of blending in, I had to survive in the water. Few can sim in the north as id would be pointless for most months of the year.

VII. There, in the forest I was able to locate a well concealed enemy encampment. However, before I could return to share this information, I as captured, set to be executed and encountered a man who would change my life. His name was Valadian. He had achieved some status as a holy man or shaman or priest amongst the Barbarians. He came to me while I was caged in the rude forest outpost and asked one simple question: How had i discovered their hidden camp? What had led me there? I told him that I did not know. I had felt the pull of the Earth. I had followed an enemy.

VIII. He had me released from the cage and told me he wanted to follow the energy further. I saw no risk in doing as I had already been sentenced to dand finr the Oracle eath in a most ghastly manner (the Germanic Tribes excelled in this, frankly making our methods of execution look tame in comparison). I led him deep into the forest and we found ourselves standing amidst some ancient ruins. They were incredible to behold. Alive in some way that I cannot explain. After some silence, Valadian told me that I would be spared and that he would have great use for me inf I would agree to honor the debt of my life when I returned to Roman lands. Having little choice, I agreed. I was now bound by oath.

IX. In truth, I was as fascinated by Valadian as he was by me, most notably because he possessed a Roman name though he was clearly a German. He told me to find my way to North Africa amidst the ruins of Carthage and find the Oracle of those parts who would direct me to one known as The Magnus. There was no way I could reject this. My journey would take me not only to Rome, but to Egypt and North Africa. However, when I reached Rome again, I reported to Titus to tell him of my adventures in Germania, and upon the mention of Valadian, Titus dismissed this guards and secretary and asked to speak to me alone.

X. He told me to carry out the mission of Valadian and tell no-one of it and should meet the one known as Magnus, to send his regards. And then he, the son of the Now Emperor of Rome who would himself rule magnificently, if briefly, said something that would echo through the rest of my life: "For all of the blessings Jupiter has bestowed on me, I did not get yours. However, I did sense something and it was confirmed to me by Berenice on the one occasion when you were in her presence. Like you, she often traveled in disguise, for reasons we need not discuss here. What is more, she described you as 'Sensitiva'. Or that was the best translation to Latin that she could offer." He gave me a letter of transit through the Empire ans assigned a loyal Numidian guide by the name of SYPHAX, as well as bestowing a generous number of Sesterii.

XI. When I arrived in North Africa, I realized that no one knew the exact location of the Oracle, and that the Oracle could only be found by uncovering the hallowed sanctuary where she dwelled. My guide was of no use, save to keep me out of dangerous lands and provide some local knowledge. I realized that I would have to find the Oracle myself. The task proved to be quite simple. I realized that it was yet another test of my special skills.

Scream Fortress 7

1 min read

Scream Fortress

I didn't expect to change the theme of Team Fortress already, I started just actively playing at the start of the Invasion community upgrade. But ofcourse with Halloween around the corner Scream Fortress is released.

More information on this realease can be found on the official Scream Fortress site 

Cyber security from the get go

1 min read

With the current security climate it is important to start each project either a newly build application mobile, web or otherwise, with security in mind. This means personnel with security training should be involved on all levels from the get go. Even people on sales team , project management and of course architects and developers should have security in mind.

On a lot of occasion security is still an afterthought that needs to be arranged a few weeks for the intended go live of the environment and any security findings in that environment need to be fixed during those last few days when there is hardly time and/or funding left. I have seen application releases getting delayed and worse applications being deployed with security issues that need to be fixed with the first hotfix.

So it is pivotal that on all level of the organisation the need an urgency of cyber security policies and procedures are implemented before the next project starts.

 

- posted as "Peer Review: Discussion -- Role of Cyber Security" at Coursera

Playing around with Hortonworks hadoop

1 min read

Going through some of the Hortonworks tutorials to see how a Hadoop environment works.


I already achieved some successes and I'm stubborn enough not to follow the tutorials to the letter. So I imported a dataset from the KNMI holding the average day temperature since 1950.


This first Pig script is to get the average temperature of Eelde according to the dataset.


Apparently the answer to this query is 8.943 degrees Celsius.


and a small adjustment to the query learns that the maximum temperature was 27.7 degrees Celsius

fighting the POODLE

1 min read

I updated my nginx configuration a little earlier to day to make sure that we are not a possible victim of a POOBLE attack on SSLv3 protocol of TLS. As you can read here in CVE-2014-3566 and if you want you can also read the full details of the vulnerability here (PDF)

But it is good to know I still have my 'A' rating at the site Qualys SSL Labs


Bacula Storage daemon for Readynas Duo

1 min read

I couple of days ago I found that the old bacula-sd daemon was no longer accepting backups from my central backup server. The Backup server runs version 7.0.4 and the storage daemon was still 5.0.3

Because building is a bit tricky I wanted to share the basic steps to the get this done.

  • Download the Qemu development environment from Readynas Forum.
  • Download the PostgreSQL version used on the director, build and install PostgreSQL

            cd postgresql

            ./configure && make && make install

  • Download the matching Bacula and build and install it in a dummy root directory

            cd bacula

            ./configure --enable-build-dird=no --with-postgresql=/usr/local/pgsql

            make

            make install DESTDIR=/root/dummy


  • The complete install tree should now be in /root/dummy I trimmed this to only hold bacula-sd and bacula-fd but if you need more tools on the readynas you can keep them in here.
  • The final step is to copy everything to the Readynas. my preferred method is via a a tar archive


1 min read

View from the office (at Atos)

1 min read

M'n nieuwe auto gekregen via de post 😄

1 min read

I love strawberries (Taken with Instagram)

1 min read

Just before the start of the Half marathon Lauwersoog - Ulrum

Hornbecker Lens, DC Film, No Flash, Taken with Hipstamatic

1 min read

Wachten in Electra / Waiting in Electra

John S Lens, Alfred Infrared Film, No Flash, Taken with Hipstamatic

1 min read

The car ready for vacation / de auto klaar voor op vakantie (Taken with Instagram)

1 min read

Surprise in the mail my is here.

Foxy Lens, Dylan Film, No Flash, Taken with Hipstamatic