Christmas walk

This year I decided that I just want to have some piece of mind during Christmas and decided to take small hike. Initial idea was to start on 24th of December, but for some reason I had small fever, which went away during the day itself. Most likely I just needed some rest.
I've got a good hiking bag and sleeping bag from my friend, also mess kit. So my bag contained:

• Sleeping bag
• Mess kit
• 2 pair of woolen sock
• 2 pair of sport socks
• 2 shirts
• Additional sweater
• 5 liters of water
• Gift - a one sparkling wine from Veinimäe Talu
• Gift - One Tanker craft beer Hallucination  from Satiir
• Small ax
• My hunting knife
• 450g of pork
• One Hawaiian casserole dry mix
• Few candles
• Some hygiene equipment, matches, old newspapers and toilet paper.
• 10'000 mha battery bank

On the morning of 25th of December I got up at 8 in the morning and had to catch a bus to get to Tartu and then from there to train to get to Põlva. I was so lucky that it took bit more time to dress-up in the morning and bus was bit early. Missed that bus.

Walked back indoors, took my rain-boots, jacket, snowboarding pants off and waited an hour. This time I was bit earlier and got to the bus which got to Tartu Bus Station 3 minutes before bus to Põlva took off. According to schedule the bus actually should have been arrived at the same time when the next one deployed.

My day started at 8 am and I got to Põlva at 11:20 am. Lost few hours. Põlva itself is a very nice city. I really loved the park in city center, haven't seen outdoor boxing bag before, in here, in Estonia.
Also they had a clubhouse and one statue made for accordion player.

Hiked from Põlva to correct direction, initially I planned to walk from train station but life turned out else and started from bus station, it meant that I walked parallel route. The road was slippery and basically nothing to see, unfortunately. The most thrilling place was Süvahaava, where it was 12% of decent and then 13% of accent. River was still flowing.




After Süvahaava the road took me to a place where the snow was not plowed, it was knee deep. Turned out that it was forest trail what was suitable for summer. I quite often thought that I will cut some spruce branches and sleep there. Also it turned dark. I had flashlight but retinal rod photoreceptors in eye will adjust in the dark around 30-40 minutes, I had my bets on that.


2+ hours of hiking in the dark, snow was slowing me down, I kept going. Finally thought that now I am out of the woods then I still had one hour to go. It was around 6 p.m. in the evening. I was seriously thinking wtf I am doing why and hoped secretly that I was the only one who was in the cabin.


Finally I got there, then I saw that around 20 candles were lit and one couple was trying to make some tea outside on the grill spot. Since it was public ground then we all went inside. I still think that I ruined their romantic getaway. We had some sparkling wine, shisha and then I left them alone. So much for my alone in the forest alone trip. I put on my noise canceling headphones and watched some TV shows in the sleeping bag.

They left around 9 a.m. in the morning, I bathed myself with some snow, made some fire while in my trousers and 4 people came in while I was doing breakfast. I quickly put on some clothes and they
were sweet, offered some tea, also the couple in the evening offered some mulled wine. It was sweet.

After the company left my friend picked me up and took me to his cottage home in Ruusmäe. His parents and grandma was there and they welcomed me with open arms and I had pleasant stay there almost 2 days until we got on bus with Mihkel in Võru and got back to Tartu.





Now planning for next hike, it was actually very challenging and got some good tips for next trip.

1. No need to take so many clothes for change
2. No need for so much water, nature is there, boil snow if needed
3. Try to avoid deep snow
4. Try to avoid the dark unless it is clear night when stars and moon is out
5. Take your watch charger

 The route and rest of the pictures:

100k Step Challenge

100k steps in one day - doable?

TL;DR at the end.

Me and few of my friends had a plan, to do something crazy - 100 000 steps in one day.

Date was set - 9th of June 2018. Start was whenever Saturday started and end when Saturday finished.

Got to Tartu from Tallinn around 1:30 a.m in the morning, having left behind 2 days of Geekout event and basically coming straight from Geekout afterparty. 2 days of standing already had a nice toll from my feet, but nothing to worry, 100k steps is like a walk in the park.

Having myself equipped with Sony Xperia Z1 with very low battery capacity and three 10000mah battery banks, 3 liters of water, change of clothes, laptop (I had it with me when I came from Tallinn) and then off I went. Turned on my sports-tracker and started the journey. Having a plan that I can make half hours of nap during the way since I was up since Friday.

Start was quite amazing, people playing table tennis early in the morning (3 a.m). and city was full of people who just went or came from different bars. Continued my trip next to Anne kanal. And saw the sunrise near the Sõrpuse birdge where my path went towards Ihaste. At that place my compadres texted me that to hold up, the are starting their path as well. Obviously they were at the end of this view and I didn't feel like to wait around half hours.

One of landmarks where we all made pictures was the graffiti on the bridge of Ihaste. Other guys went several times pass that bridge and took several pictures and picture edits of it.

Passing through Ihaste I saw that they are having Horse Sports Centre (Ratsasprodikeskus). I had no clue that this kind of thing exists there. Pleasantly surprised.

Around 4:30 a.m I got out of Tartu and took direction to Luunja. After the border of Tartu, there are lot's of new developments, some of either have their own lakes where fishing and swimming is prohibited people who are not living there. Cannot even imagine the price tag of those developments. Few more steps and there was a forest and one deer spooked me. I just walked forward and tried to avoid major roads. Just narrow and small places.

During the road to Luunja there are lots of places where you can go swimming and camping near Emajõgi. One of them which I passed had few fisherman who enjoyed the morning and tried to catch some.

Finally around 6:30 I got to Luunja. The place was completely something else that I had expected. I always was hoping for cucumbers, as Luunja Kurk. I, all against my exceptions found really nice river side, harbor, swimming place, new park, one old park. Also a pink basically full size horse sculpture. It worth of a walk. Unfortunately I had to recover this walk from the GPS coordinates which I had on the pictures. Luckily I made a lot of them in there.

There my feet took me across Emajõgi and I got to Kaagvere. There is now nice 6 hole disc golf track and basically I was on opposite side of Emajõgi. On the other side there was Luunja. Trough Kaagvere I got to Roiu. Starwed, haven't had a bite since 21:00 p.m on Friday, just 2 pieces of chocolate. Sat down on the grass and waited when the shop opened. Instantly at 10 a.m shop was full of locals and everybody knew everybody. Felt myself as total outsider. Got some snacks and Vytautas and trip took me to Põlva-Tartu highway. Some bike competition was going on, but didn't see any.  Competition signs where already before Roiu. This was the first time when people asked direction from me - how to get to Lennumuuseum to see Air show event.

From Põlva-Tartu highway got few more snacks and continued my trip to Kambja. Haven't never really been there, so I checked it out. First when I saw that it is uphill, then I figured, how long way it can be. It was a very long way. At least at the border of Kambja I saw first familiar faces. Most likely they were surprised to see me there. Kambja, on first sightings had at least 2 churches, a beach where to swim, bit bigger shopping malls and a lot of people visited the cemetery. 

Next stop for me was Nõo. This was long road. Before startting this road I saw some more familiar faces. I had to decline a lift. The road to Nõo was quiet. Only thing what bothered me was empty broken bike inner-tubes, water bottles and gel snack packages on the side of the roads. I had so much more respect to bikers before, this basically went to the same level as people who smoke in the car and throw cigarette packages to the site for the road.

Before I got to Nõo there was Unipiha manor and the park of it. Near by was also Luke manor, but 3 kilometers of gravel road was bit scary as I already felt how my feet don't like asphalt anymore. I started to feel every small rock trough my shoes.  Unipiha minor park was actually neat and I had small break next to the park. Going forward there I saw strawberry plantation, first I though that it is some place where you can hold events, but those were just camping houses for foreign workers in that strawberry plantation. 

Once I reached Nõo and passed it, I got very nasty highway so looked the first exit out. Finally found one - Külitse. This took me trough Külitse and to familiar place called Haage - place on the way to home. I knew that from Haage there is very nice road for travelling either by foot or bike and it had a gas stop where I could do final recharge. Coke and sugar it was. Even on that road some of my colleagues wanted to give me a lift. 

From here the road was most painful, feet didn't work, lots of kilometers to go. Life was not very nice anymore. When I got to Biometicum then it took tremendous amount of time to reach to the Riia street. Where I stopped the tracker and took the bus to city center. Finally small shower to give some rest to my muscles.

After that I made one final stretch to get to Shisha Studio for one hookah. I met my friends on the way and they though that I was either really drunk and beaten up or something worse....It was not so bad, I just walked very slowly, limped, was swollen from the face due sunburn, standard regular Saturday.

TL;DR version:

Table

Duration	Distance	Steps	Kcal	Step length	Link
3:11:46	17,05	19096	1495	0,892857143	Part # 1
1:00:59	3,90	4367	314	0,893061598	Part # 2
5:03:22	15,39	17235	1306	0,892950392	Part # 3
1:42:58	7,98	9161	677	0,871083943	Part # 4
1:54:12	7,84	9122	681	0,859460645	Part # 5
1:22:04	6,05	7110	497	0,850914205	Part # 6
1:09:09	4,28	5452	360	0,785033015	Part # 7
0:42:10	3,06	3471	258	0,88159032	Part # 8
1:06:36	4,28	5725	358	0,747598253	Part # 9
0:49:24	2,85	3617	253	0,787945811	Part # 10
0:40:05	2,32	3199	197	0,725226633	Part # 11
0:23:50	0,88	2458	91	0,358014646	Part # 12
0:05:36	0,16	573	23	0,279232112	Part # 13
0:12:58	0,62	1148	56	0,540069686	Part # 14
19:25:09 h	76,66  km	91734 steps	6566  kcal	0,835677066	Full map

Map

At least my friends did it, superb guys (y)

So what did I miss, like 4 kilometers? :)
Cheers and till next time.

Cyber Security Summer School - Social Engineering

Third year in a row there has been one very big cyber security event in Tallinn – Cyber Security Summer School. This year’s topic was related to Social Engineering (http://www.studyitin.ee/c3s2017) . It took place between 10^th of July and 14^th of July – 5 full days of workshops and practical sessions, from 8 AM to 8 PM. 

Somehow I managed to get myself in and taking into account that there were participants from 25 countries, including USA, Australia, Morocco, all over Europe and maximum 50 people were accepted.  And presenters were had very different backgrounds and positions. There were people from NSA (Louisiana), Cambridge (previously worked in Royal Navy, Norwegian Armed Forces, NATO), Temple University in the States (Criminal Justice), Netherlands Forensic Institute,  CERT,  University of Applied Sciences Mittweida (Germany), and of course, Estonia.

Although I cannot go in deep details due confidentiality agreement which we had to sign, but will give as much as possible to you. We don't  want ,even can't damage or victimize anybody and this agreement was signed just to protect people. Everybody owns a chance for privacy.

We had sessions and practical work, people were randomly divided into teams and we had total 8 teams from A-H. Each team was assigned 2 mentors, once technical one more soft skills oriented. And then the game was on. Organizers made a deal with one company which we could start hacking and making reports of this for each day. Imagine, you have basically 50 people, who will target your organization and find out all social vulnerabilities and those people are all taking a part in cyber security event? 

Employees of this company had no clue what started to happen, this company for our exercise  was not picked randomly, summer school organizers had done a lot of pre-work to keep it all ethical and legal. Contracts were all signed between that company, summer school and ourselves.  The CERT  was  also informed and tons of discussions  were held with the ministry of justice. It is illegal to hack somebody, please do not engage  into those activities. This was purely educational and not a training to become a cyber terrorist, but training how to build our systems stronger, better, and to fight back unethical hackers, to discover them and make their life harder.

We got 5 different big missions.

1. OSINT - Open-source intelligence which was meant for passive data gathering, no personal contacts with anybody, finding out company structure, who is on vacations, who does what and when, also finding potential holes and confidential documents from the web. Every piece of information is useful in order to start planning your attack. This mission was very thrilling and interesting, there are so many tools available online for this also Kali Linux is useful. I cannot disclosure the tools which we learnt and how to use them, but web is full of it.

2. Second mission actually wasn’t directly related, but still relevant – we had to social engineer one person away from laptop with roleplay, it was public inside classroom and laptop owner played along, then we needed to get data off from that laptop, specific files, folders, crypto keys. Time window was 10 minutes, all what was needed was to prepare random pdf, image or some other type of file, which you look at it is legit, but it is jacked with malware and if it is ran then we have a shell on their computer. Voila, we can do whatever we want. And we had fully patched windows8 which we used for that exercise.

3. Creating a fake persona – well this one is simple, isn’t it? But what if you have like 4 days in order to set it up and aim is to get as many as friends as possible and have comments, likes, etc? You needs to start from the beginning. Where is this person born, parents, sisters, brothers, etc. Huge amount of work and you need to make it look as legit as possible.

4. We had a mission not to get caught by shoulder surfers, but you yourself wanted to shoulder surf others. Minus and plus points were given depending if you were photographed or you were the photographer. From here we had some extra missions as well, like if we had a screenshot of organizers Taxify then they asked from us to social engineer the hotel and the room number. Hotels cannot disclose that information without knowing the name and room together, but still we managed to get it within 30 minutes.

5. We needed to map down a profiles of all the mentors who were there. A huge work of research.

Also we had extra assignments as well. With mission 1 and 2 we learned some skills and then we were allowed to make fake domains which is related to that company which we targeted and then send them legit e-mails and Spear Phish 2 persons from that company. Each team had their own persons. With proper research you most likely get anybody.

I wish I could disclose more information but my hands are tied. There are 2 movie suggestions which are very relevant to all this:

• The Net (1995) – Old movie, but more true today than 22 years ago.

• The Circle (2017) – Most likely a future of our privacy.  

Beware, noting is 100% secure, everything can be hacked, even you. Make sure that you just have a plan how to get up and running once it happens. There is no when, it will happen. Locate the attack, isolate it, do not let it spread. It might be your phone, laptop, IOT device, your best friend or YOU.

And again - summer school had full permission to host this kind of event in order to raise awareness for the dangers and problems of social engineering. 

Be Safe,

Taivo

from team G-spot 

impossible to find

School - I026:- Book review - Be Fast or Be Gone: Racing the Clock with Critical Chain Project Management by Andreas Scherer.

It describes a man who goes to work in a new company and starts implementing Critical Chain project management methodology. Book is novel based, quite good reading.

Few words, I wouldn’t like to spoil the reading experience of the 234 pages.

It starts with a reason why one man changed his company where he had successfully used Critical Chain methodology and needed to implement it in a pharmaceutical company.

At the beginning there is a test project what will show what this method can do and throughout the process of implementing it to all company. It includes complex relationships with management, workers and includes a lot of interesting twists and turns. 

The book has got good examples how to communicate delays and how to make very clear, visible reports of the projects.

One interesting part on page 138 witch I would like to share, rest of the story you can get by reading this book.

“What you need is the relay race mentality we’ve encouraging in the <Project> team.  We were able to substantially beat the previous timelines, because we relentlessly worked on the tasks on the Critical Chain with high priority and focus. We constantly looked for ways to regain lost ground. This has to be the mindset on all of our projects. If it is, you’ll win. It’s that simple.”

Amazon shop link: https://www.amazon.com/Be-Fast-Gone-Management-ebook/dp/B004THZ9VK

School - I026: XIV - Pick one company's code of ethics and analyze it in the blog

The piece of writing related to I026. This session concentrated on the ethics and IT. It is actually quite fun to write on those different topics. Having some guideline, make some research, write your heart out. Hopefully will have more post coming in the future as well. Need to take on some challenge.

We had to pick one company and analyze the code of ethics about this company. Since I have covered Tesla in many of my past posts here, then let's go over their Code of Business Conduct and Ethics.

They have 14 sections and one for CEO and senior financial officers and of-course introduction. PDF contains total 4 pages, but also it is readable in their webpage, no need to download the file.

I made high level summary of all those chapters below. It is written in more detail in the document, but everything is very clear.

Introduction

It is very specific, if you break the code, your contract with the company will be terminated and if the code of ethics conflicts with the law, then always follow the law.

1. Compliance with Laws, Rules and Regulations

Laws of the countries are most important and if needed, always ask for help. It is straight forward and they come back and tell that laws is most important topic.

2. Conflicts of Interest

Easy and simple - do not work with competitors, do not use your position in the company to gain benefits, try to avoid loans and other guarantees between employees. If you cannot fulfill your obligations to the company, notify your superior.

3. Insider Trading

Do not use confidential information for trading.

4. Corporate Opportunities

Do not use company property for personal gains.

5. Competition and Fair Dealing

Outperform competition with fairness and honesty, not by sabotage.

6. Discrimination and Harassment

They will not tolerate any illegal discrimination or harassment of any kind.

7. Health and Safety

Be safe, keep others safe.

8. Record-Keeping

Mark down your actual work hours, keep records in detail. Keep in mind that every e-mail, note, memo is candidate for becoming public. Be honest.

9. Confidentiality

Keep confidential information confidential.

10. Protection and Proper Use of Company Assets

Company equipment should not be used for non-Company business, though incidental personal use may be permitted.

11. Payments to Government Personnel

Do not bribe.

12. Waivers of the Code of Business Conduct and Ethics

Any waivers  of the code can be done only by the Board of Directors.

13. Reporting any Illegal or Unethical Behavior

Talk with supervisors always when you see something which shouldn't be tolerated.

14. Compliance Procedures

Ask first, act later. Do not be scared of asking and do it without fear. Anonymity will be protected if needed.

CODE OF ETHICS FOR CEO AND SENIOR FINANCIAL OFFICERS

This chapter basically describes how and what are responsibilities of CEO and senior financial officers. All those chapters are understandable and it is basic ethics

Conclusion

I feel that Tesla's code of ethics can be easily adopted to any company and they are more than reasonable. Nothing unnecessary and it is basic ethics. Coming to think that is it ethical that I wrote this post using my company's laptop? In the end my company will benefit once I have finalized the school and even during when I am in school. Something to think about though. Since I have company's chat and e-mail client also open and will not reject any email or chat then I am not so conserned.

School - I026: XIII - Security, pick one security big security risks in IT and write an review of it - Internet of Things: Internet connected smart devices

This weeks session was focused on security in IT. We needed to take one biggest risks in IT and describe it based on the Mitnic's formula. This contains 3 different parts: technology, training,  policy.

Internet of Things (IOT)

IOT is part of our everyday's life and it will only grow, soon we have sensors and smart devices everywhere, they are not smartphones or tablets, but they can be simple light switch, teddy bear who receives and sends voice messages, cars who come around the corner to pick you up, mirror which tells your temperature, the list is unlimited and it is only increasing. What about Mitnic's formula, how it applies?

Technology

There have been developed special routers for IOT devices, which move them to segmented network to ensure that hacker cannot reach to the computer device network through IOT network easily. Each home should be equipped with firewall inside the router already to keep out the most of the attacks, which just scans ports and tries to get inside trough insecure port. All IOT device access needs to be monitored and alerts of suspicious activity needs to be noticed. Always, when you use IOT device, think it as the weakest point of your computer network (humans doesn't count). Usually those devices are small chips, standard bluetooth/wireless connection points, no additional security layer. Make sure that at least bluetooth / wireless passwords can be changed and no remote access is allowed. Basically it comes to you, and your training and policy.

Training

There are not much trainings of IOT devices, you can acquainted with biggest failures online. There are many good stories out there and summaries as well, like this one in Forbes about IOT bots or how your coffee machine can ruin your life or the Tech Radar article how the hack rate is growing. Just listen to security podcasts, read articles, and always think that this is most insecure part of your network.

Policy

As I have stated two times already. IOT device is the most insecure device in your network (now stated 3 times), then you can prevent a lot by:

• Move IOT devices to segmented network. It would be even good if you have dedicated networks for separate functions of IOT devices based on what they can do.
• Update your firewall, make sure that you log suspicious activity in firewall.
• Make sure that you can change IOT connection passwords and change them often.
• Read about the product before you buy it, use words in google: "how to hack device id/name"
• Always be on alert if it comes to IOT

School - I026: XII - Different way of IT - Write an description of the modern accessibility tool which you have encountered.

This weeks session specialized on accessibility software and hardware tools. We have to write an description of the modern accessibility tool which you have encountered.

I was thinking about different people groups and different accessibility settings and there are so many special tools and hardware made for it. Nothing for single fit which could be used in many operating systems, phones, tablets, laptops/PC's and so on.

  

There will be one silver bullet, really soon, which will resolve all those issues and tools into one, most likely it will eliminate most of the input modules as well. This is called roughly "brain implant".

I've just heard the most ambitious plans by Elon Musk, again he pops up in my blog. He calls it Neuralink. They want to enable this to brain damaged persons in the first step, but it can be enabled to everybody. The area is very wide, job offerings include material engineering, biomedical engineering, electrochemicist and so on. The product will be in the border of ethics and how it can be ensured that nobody doesn't hack your brain-chip?

I think that the most important job here is to ensure full and transparent security for this product, preferably open sourced so the people can in community to see the code and fix bugs whatever are there. The initiative although is perfect. Let's hook us up with the chips and control stuff with our mind.

We can be real live x-men's.

After brain-chip, next step will be enabling exoskeletons. They are divided into 2, active and passive. It depends on the person which one needs to be used also those exoskeletons can be built for different purposes, depending on the needs of the person.

There you have it, basically 2 technologies, which must be used back to back can resolve most of disabilities problems for persons. Brain chip also may help with brain computing power.

•  Eyesight, if we now have brain-chip, exoskeletons, plug in artificial eye and vision.
•  Hearing, microfon, no magic here.
•  Voice, speakers are present.
•  Missing limbs, get artificial one.

Starting from brain-chip we are basically fighting disabilities and actually "normal" people will remove their human disabilities like cannot fly or cannot see  through walls with brain-chip and counted technologies.