Per Thorsheim
@thorsheim.bsky.social
Founder of #PasswordsCon. Above average interested in passwords & digital authentication. Online since 2400baud. I do security & privacy. Want me to speak at your conference / org? Reach out!
Checking the web, dns & email security of 557 domains / law firms in Norway using internet.nl:
www.linkedin.com/pulse/intern...
www.linkedin.com/pulse/intern...
November 13, 2025 at 11:09 PM
Checking the web, dns & email security of 557 domains / law firms in Norway using internet.nl:
www.linkedin.com/pulse/intern...
www.linkedin.com/pulse/intern...
Scandinavian Airlines (SAS) has launched Passkeys support, and they have chosen to call it "Hovednøkkel" in Norwegian. Directly translated to english = "Mainkey".
1) you don't have to remember a password. With "mainkeys" you can use stuff like fingerprint or face to login.
1) you don't have to remember a password. With "mainkeys" you can use stuff like fingerprint or face to login.
November 2, 2025 at 5:59 PM
Scandinavian Airlines (SAS) has launched Passkeys support, and they have chosen to call it "Hovednøkkel" in Norwegian. Directly translated to english = "Mainkey".
1) you don't have to remember a password. With "mainkeys" you can use stuff like fingerprint or face to login.
1) you don't have to remember a password. With "mainkeys" you can use stuff like fingerprint or face to login.
Almost 300 organizations within the tech landscape found in my city Bergen, Norway. With 337 domains I set out to make a snapshot of their publicly visible internet security: DNS, Email & Web. Here is what I found, from startups to global giants. (Linkedin article)
www.linkedin.com/pulse/little...
www.linkedin.com/pulse/little...
Little Mirror on the Wall, Who has the Best Publicly Visible Internet Security in This Little City Here?
Bønes Virik Executive Search in Norway has for years published an interactive map of the technology space of my city, Bergen, on the west coast of Norway. Along with this map they have also done inter...
www.linkedin.com
October 22, 2025 at 9:03 PM
Almost 300 organizations within the tech landscape found in my city Bergen, Norway. With 337 domains I set out to make a snapshot of their publicly visible internet security: DNS, Email & Web. Here is what I found, from startups to global giants. (Linkedin article)
www.linkedin.com/pulse/little...
www.linkedin.com/pulse/little...
I just cannot find any specific info on how Netflix, HBO Max, Disney or Prime on how to handle my daughters access to their services when she lives 50% at my place and 50% with her mother.
They cannot seriously require 2 subscriptions, but how do I handle it? Subscriptions are for people, not IPs.
They cannot seriously require 2 subscriptions, but how do I handle it? Subscriptions are for people, not IPs.
October 17, 2025 at 2:19 PM
I just cannot find any specific info on how Netflix, HBO Max, Disney or Prime on how to handle my daughters access to their services when she lives 50% at my place and 50% with her mother.
They cannot seriously require 2 subscriptions, but how do I handle it? Subscriptions are for people, not IPs.
They cannot seriously require 2 subscriptions, but how do I handle it? Subscriptions are for people, not IPs.
I've done something I thought I would never do.
I've used Anthropic Claude to "vibe" code a Chrome plugin to test if a website is protected with DNSSEC & RPKI for BGP.
Warning: it seems to work. USE AT YOUR OWN RISK!
Feedback wanted. 😬
github.com/thorsheim/rp...
I've used Anthropic Claude to "vibe" code a Chrome plugin to test if a website is protected with DNSSEC & RPKI for BGP.
Warning: it seems to work. USE AT YOUR OWN RISK!
Feedback wanted. 😬
github.com/thorsheim/rp...
October 7, 2025 at 11:31 PM
I've done something I thought I would never do.
I've used Anthropic Claude to "vibe" code a Chrome plugin to test if a website is protected with DNSSEC & RPKI for BGP.
Warning: it seems to work. USE AT YOUR OWN RISK!
Feedback wanted. 😬
github.com/thorsheim/rp...
I've used Anthropic Claude to "vibe" code a Chrome plugin to test if a website is protected with DNSSEC & RPKI for BGP.
Warning: it seems to work. USE AT YOUR OWN RISK!
Feedback wanted. 😬
github.com/thorsheim/rp...
Reposted by Per Thorsheim
We've just launched an awesome new feature at report-uri.com! You can now collect Integrity Metadata, natively from the browser, for JavaScript running on your site!
It takes seconds to deploy, so read the thread for the amazing benefits this will bring.
scotthelme.co.uk/capture-java...
It takes seconds to deploy, so read the thread for the amazing benefits this will bring.
scotthelme.co.uk/capture-java...
Capture JavaScript Integrity Metadata using CSP!
Today we're announcing the open beta of a brand new and incredibly powerful feature on the Report URI platform, CSP Integrity! Having the ability to collect integrity metadata for scripts running on y...
scotthelme.co.uk
September 29, 2025 at 11:09 AM
We've just launched an awesome new feature at report-uri.com! You can now collect Integrity Metadata, natively from the browser, for JavaScript running on your site!
It takes seconds to deploy, so read the thread for the amazing benefits this will bring.
scotthelme.co.uk/capture-java...
It takes seconds to deploy, so read the thread for the amazing benefits this will bring.
scotthelme.co.uk/capture-java...
I just cannot find any info about Nessus or Nexpose having modules to find missing or incorrect RPKI for prefixes or AS numbers. Neither have I seen any other vulnerability scanners doing this.
Missing RPKI may be considered a weakness or flaw, but still... scanners should detect & report imho.
Missing RPKI may be considered a weakness or flaw, but still... scanners should detect & report imho.
September 26, 2025 at 7:38 AM
I just cannot find any info about Nessus or Nexpose having modules to find missing or incorrect RPKI for prefixes or AS numbers. Neither have I seen any other vulnerability scanners doing this.
Missing RPKI may be considered a weakness or flaw, but still... scanners should detect & report imho.
Missing RPKI may be considered a weakness or flaw, but still... scanners should detect & report imho.
Well well well Google Chrome, is this how you have decided to treat @kalilinux.bsky.social all of a sudden, or do they have issues on their side, or is it just .... me?
(Version 140.0.7339.208 official build on Windows 11)
(Version 140.0.7339.208 official build on Windows 11)
September 25, 2025 at 8:05 PM
Well well well Google Chrome, is this how you have decided to treat @kalilinux.bsky.social all of a sudden, or do they have issues on their side, or is it just .... me?
(Version 140.0.7339.208 official build on Windows 11)
(Version 140.0.7339.208 official build on Windows 11)
Reposted by Per Thorsheim
1/ Hi, I'm TProphet. I write the Telecom Informer for @2600.com. A lot of people have been asking me about www.nbcnews.com/politics/nat... given that I'm somewhat knowledgeable in the area.
Here's my take: I'm kind of astonished that this is public, and it isn't normal that it would ever be.
Here's my take: I'm kind of astonished that this is public, and it isn't normal that it would ever be.
Secret Service agents dismantle network that could shut down New York cellphone system
Agents discovered electronic devices in five locations in and around the city that could be used to disable cellphone towers. The system could also be used for criminal activities.
www.nbcnews.com
September 23, 2025 at 6:49 PM
1/ Hi, I'm TProphet. I write the Telecom Informer for @2600.com. A lot of people have been asking me about www.nbcnews.com/politics/nat... given that I'm somewhat knowledgeable in the area.
Here's my take: I'm kind of astonished that this is public, and it isn't normal that it would ever be.
Here's my take: I'm kind of astonished that this is public, and it isn't normal that it would ever be.
Reposted by Per Thorsheim
Disney learned nothing from Andor.
September 18, 2025 at 5:05 AM
Disney learned nothing from Andor.
Reposted by Per Thorsheim
Not really an overstatement to say that the test of a free society is whether or not comedians can make fun of the country's leader on TV without repurcussions.
July 18, 2025 at 3:39 PM
Not really an overstatement to say that the test of a free society is whether or not comedians can make fun of the country's leader on TV without repurcussions.
Reposted by Per Thorsheim
Kimmel.
Colbert.
Suits against the New York Times, Wall Street Journal, and 60 Minutes.
Extorting settlements from CBS, ABC, and others.
Blocking the AP's access to the White House. 🧵
Colbert.
Suits against the New York Times, Wall Street Journal, and 60 Minutes.
Extorting settlements from CBS, ABC, and others.
Blocking the AP's access to the White House. 🧵
September 17, 2025 at 11:42 PM
Kimmel.
Colbert.
Suits against the New York Times, Wall Street Journal, and 60 Minutes.
Extorting settlements from CBS, ABC, and others.
Blocking the AP's access to the White House. 🧵
Colbert.
Suits against the New York Times, Wall Street Journal, and 60 Minutes.
Extorting settlements from CBS, ABC, and others.
Blocking the AP's access to the White House. 🧵
"Hey, Let's use AI to control access to AI!"
What could possibly go wrong?
What could possibly go wrong?
OpenAI also plans to develop an automated age-prediction system that will determine whether ChatGPT users are over or under 18, automatically directing younger users to a restricted version of the AI chatbot.
ChatGPT may soon require ID verification from adults, CEO says
Chatbot will “default to the under-18 experience” when age is uncertain after teen suicide lawsuit.
arstechnica.com
September 17, 2025 at 5:33 PM
"Hey, Let's use AI to control access to AI!"
What could possibly go wrong?
What could possibly go wrong?
Thread. Read, and read again.
We need to stop the ChatControl proposal here in EU. Now. For good.
We need to stop the ChatControl proposal here in EU. Now. For good.
I know it’s been said again and again, but what does it say about ChatControl that its backers keep explicitly *exempting* law enforcement and national security accounts from content scanning?
September 17, 2025 at 5:31 PM
Thread. Read, and read again.
We need to stop the ChatControl proposal here in EU. Now. For good.
We need to stop the ChatControl proposal here in EU. Now. For good.
I've always tried to do something new & funny for each iteration of #PasswordsCon.
So here is the "PasswordsCon Song" sing-a-long. Generated with ChatGPT (lyrics) and sound by Suno.
#PasswordsCon will be in Prague, December 1-3, kindly sponsored by @nic.cz. More info: passwordscon.org
So here is the "PasswordsCon Song" sing-a-long. Generated with ChatGPT (lyrics) and sound by Suno.
#PasswordsCon will be in Prague, December 1-3, kindly sponsored by @nic.cz. More info: passwordscon.org
September 16, 2025 at 8:30 PM
I've always tried to do something new & funny for each iteration of #PasswordsCon.
So here is the "PasswordsCon Song" sing-a-long. Generated with ChatGPT (lyrics) and sound by Suno.
#PasswordsCon will be in Prague, December 1-3, kindly sponsored by @nic.cz. More info: passwordscon.org
So here is the "PasswordsCon Song" sing-a-long. Generated with ChatGPT (lyrics) and sound by Suno.
#PasswordsCon will be in Prague, December 1-3, kindly sponsored by @nic.cz. More info: passwordscon.org
Reposted by Per Thorsheim
Y'all, I went to #BSidesLV 2025 and had an AMAZING time.
I wrote my thoughts up and they are already live
blog.gitguardian.com/bsides-las-v...
#passwordscon
I wrote my thoughts up and they are already live
blog.gitguardian.com/bsides-las-v...
#passwordscon
Passwords, Resilience, And Being Human: Working Together For A Brighter Future At BSides Las Vegas 2025
Dive into insights from BSides Las Vegas 2025: how identity hygiene, human ecosystems, structural resilience, and unpredictability define modern defenses.
blog.gitguardian.com
August 9, 2025 at 12:29 AM
Y'all, I went to #BSidesLV 2025 and had an AMAZING time.
I wrote my thoughts up and they are already live
blog.gitguardian.com/bsides-las-v...
#passwordscon
I wrote my thoughts up and they are already live
blog.gitguardian.com/bsides-las-v...
#passwordscon
List of speakers & talks for #PasswordsCon in Prague, December 1-3. Kindly sponsored by @nic.cz.
More speakers & talks to be added soon.
www.passwordscon.org/prague-2025-...
More speakers & talks to be added soon.
www.passwordscon.org/prague-2025-...
Prague 2025 speakers – PasswordsCon
www.passwordscon.org
September 15, 2025 at 9:22 PM
List of speakers & talks for #PasswordsCon in Prague, December 1-3. Kindly sponsored by @nic.cz.
More speakers & talks to be added soon.
www.passwordscon.org/prague-2025-...
More speakers & talks to be added soon.
www.passwordscon.org/prague-2025-...
2 scam calls from Swiss numbers today (+41). Robot voice claiming to be Paypal, unauthorised transaction of EUR 699, press 1 to authorize or 2 to talk to support staff.
Pressing 1 still takes me to support staff (Surprise!), and dude was REALLY surprised when I still insisted to authorize. 😂
Pressing 1 still takes me to support staff (Surprise!), and dude was REALLY surprised when I still insisted to authorize. 😂
September 15, 2025 at 12:33 PM
2 scam calls from Swiss numbers today (+41). Robot voice claiming to be Paypal, unauthorised transaction of EUR 699, press 1 to authorize or 2 to talk to support staff.
Pressing 1 still takes me to support staff (Surprise!), and dude was REALLY surprised when I still insisted to authorize. 😂
Pressing 1 still takes me to support staff (Surprise!), and dude was REALLY surprised when I still insisted to authorize. 😂
Asking everyone:
Is there a complete guide on how to install, register and use @signal.org without ever having to connect it with a phone number?
(Closing in on the old 'iPod touch is the safest phone there is' way of thinking...)
Is there a complete guide on how to install, register and use @signal.org without ever having to connect it with a phone number?
(Closing in on the old 'iPod touch is the safest phone there is' way of thinking...)
September 12, 2025 at 9:28 AM
Asking everyone:
Is there a complete guide on how to install, register and use @signal.org without ever having to connect it with a phone number?
(Closing in on the old 'iPod touch is the safest phone there is' way of thinking...)
Is there a complete guide on how to install, register and use @signal.org without ever having to connect it with a phone number?
(Closing in on the old 'iPod touch is the safest phone there is' way of thinking...)
Professor Marte E. Kjørven ved UiO og Professor Kristian Gjøsteen ved NTNU har debattinnlegg i DN om BankID sitt skytespill.
Verdt å lese teksten også på LinkedIn, samt studere alle detaljer i illustrasjonsbildet. Akademikere har det gøy på jobb!
www.linkedin.com/posts/marte-...
Verdt å lese teksten også på LinkedIn, samt studere alle detaljer i illustrasjonsbildet. Akademikere har det gøy på jobb!
www.linkedin.com/posts/marte-...
På fredag la jeg ut et innlegg om påskeegget "Stø invaders" i BankID-appen. Innlegget mitt var ment som en humoristisk observasjon, med en liten kritisk snert. Debatten som fulgte ble..… | M...
På fredag la jeg ut et innlegg om påskeegget "Stø invaders" i BankID-appen. Innlegget mitt var ment som en humoristisk observasjon, med en liten kritisk snert. Debatten som fulgte ble... overveldende....
www.linkedin.com
September 11, 2025 at 4:23 PM
Professor Marte E. Kjørven ved UiO og Professor Kristian Gjøsteen ved NTNU har debattinnlegg i DN om BankID sitt skytespill.
Verdt å lese teksten også på LinkedIn, samt studere alle detaljer i illustrasjonsbildet. Akademikere har det gøy på jobb!
www.linkedin.com/posts/marte-...
Verdt å lese teksten også på LinkedIn, samt studere alle detaljer i illustrasjonsbildet. Akademikere har det gøy på jobb!
www.linkedin.com/posts/marte-...
"and just like that, POOF, Stø Invaders was gone."
September 11, 2025 at 1:46 PM
"and just like that, POOF, Stø Invaders was gone."
Reposted by Per Thorsheim
Mange var kritiske til det hemmelige spillet i BankID. 👽
Nå forsvinner det:
Nå forsvinner det:
BankID fjerner det hemmelige spillet
Noen mente påskeegget i BankID-appen var skandaløst, og nå forsvinner hele spillet.
www.kode24.no
September 11, 2025 at 7:31 AM
Mange var kritiske til det hemmelige spillet i BankID. 👽
Nå forsvinner det:
Nå forsvinner det:
#PasswordsCon CFP closes tonight at midnight, Sunday september 7.
We have received many amazing talks already, but still room for more! 🤩
Https://PasswordsCon.org/
We have received many amazing talks already, but still room for more! 🤩
Https://PasswordsCon.org/
September 7, 2025 at 10:28 AM
#PasswordsCon CFP closes tonight at midnight, Sunday september 7.
We have received many amazing talks already, but still room for more! 🤩
Https://PasswordsCon.org/
We have received many amazing talks already, but still room for more! 🤩
Https://PasswordsCon.org/
With the Norwegian BankID app you can now:
🤩 🤩 PLAY SPACE INVADERS 🤩 🤩
- Identify yourself
- Confirm payments
- Sign documents
🤩 🤩 PLAY SPACE INVADERS 🤩 🤩
- Identify yourself
- Confirm payments
- Sign documents
September 5, 2025 at 1:04 PM
With the Norwegian BankID app you can now:
🤩 🤩 PLAY SPACE INVADERS 🤩 🤩
- Identify yourself
- Confirm payments
- Sign documents
🤩 🤩 PLAY SPACE INVADERS 🤩 🤩
- Identify yourself
- Confirm payments
- Sign documents