Complete GDPR loophole in Sweden for $233!

I’ve been researching the privacy issues of Swedish websites such as Hitta, Eniro, MrKoll, Merinfo and many others that automatically collect personal information on individuals from open and semi-open resources and often use it to make money. Turns out, that in Sweden, all these resources has applied for an exception from the GDPR as per…More

Whistle Willow – whistleblowing solution in Jira or Confluence Cloud!

From December 17th, 2021 companies larger than 250 employees need to provide internal reporting channels for whistleblowing tips and suggestions – as per EU directive on whistleblower protection. First of all, what is whistleblowing and why does EU protect it? Whistleblowing is what Edward Snowden did to NSA – he exposed the nation-wide illegal surveillance…More

How to pass SSH key to Docker build in Teamcity or elsewhere

When building in Docker, it is often we need to access private repos using authorized SSH key. However, since Docker builds are isolated from build agent, the keys remain outside of a container being built. Historically, people came up with many workarounds including passing the key to the container via ARG, forwarding SSH_AUTH_SOCK and other…More

So what is SecretKeeper?

One day I got a password sent to me over email at work. Then some time later – by Slack, Teams, Skype for Business, Skype, you name it. And yes, I totally get it – there are various password managers, tools and solutions that let you share a secret securely – why don’t we all…More

Running npm audit when using private registry

As I wrote previously, NPM got a great tool for checking security of the dependencies – npm audit. However, if running npm audit and using private package registry (Proget, Artifactory, etc), it may fail with “npm ERR! 400 Bad Request – POST” when trying to send audit details collected about your dependencies for checking to…More

New tool for making sense of npm-audit output

Managing Node.js dependencies and their security has never been a fun task. My heart stops for a few moments whenever I open node_modules folder and see how much stuff my minimalistic one-page app is pulling from the depth of web. In attempt to fix it, this year, NPM acquired a great project – NSP, Node…More

TechDays Sweden 2018 slides and demo

I had a great pleasure giving a talk on Secure infrastructure with Terraform, Azure DSC and Ansible at Microsoft Techdays 2018 in Stockholm. The blog post based on the content is in workings. As I promised to publish my slides and demos, here they are – in a Github repo. The demos are grouped into…More

Automating alert response with Azure Security Center and Azure Logic Apps

Responding a security event is the core practice in the modern security frameworks. After a potential threat was detected, it is time to act. The shorter the response time is the less damage an attacker can deal to your cloud. Detection in Azure Azure Security¬†Center in the Standard pricing tier ($15/VM node per month) comes…More