@nikosft.bsky.social
Reposted
Build your offensive security lab with 18 DRM-free books worth $700+. Download once, read anywhere, keep forever.
Pay what you want (starting around $36) and support the EFF while you’re at it: https://www.humblebundle.com/books/hacking-no-starch-books
Pay what you want (starting around $36) and support the EFF while you’re at it: https://www.humblebundle.com/books/hacking-no-starch-books
December 1, 2025 at 7:00 PM
Build your offensive security lab with 18 DRM-free books worth $700+. Download once, read anywhere, keep forever.
Pay what you want (starting around $36) and support the EFF while you’re at it: https://www.humblebundle.com/books/hacking-no-starch-books
Pay what you want (starting around $36) and support the EFF while you’re at it: https://www.humblebundle.com/books/hacking-no-starch-books
Reposted
At Authenticate, @iamkale.millerti.me, @nishantkaushik.com, and I decided to mix up the usual "Passkeys 101" and cover common misconceptions about #passkeys. Topics around cloud sync, phishing resistance, workforce usage, and concerns about vendor lock in.
blog.timcappalli.me/p/preso-auth...
blog.timcappalli.me/p/preso-auth...
Passkey Mythbusters: Short Takes on Common Misunderstandings @ Authenticate 2025
Passkeys promise to replace passwords with a simpler, more secure login experience, but myths and confusion still hold many organizations back. This session at Authenticate 2025 tacklea some commonly ...
blog.timcappalli.me
October 27, 2025 at 10:22 PM
At Authenticate, @iamkale.millerti.me, @nishantkaushik.com, and I decided to mix up the usual "Passkeys 101" and cover common misconceptions about #passkeys. Topics around cloud sync, phishing resistance, workforce usage, and concerns about vendor lock in.
blog.timcappalli.me/p/preso-auth...
blog.timcappalli.me/p/preso-auth...
Reposted
I wrote a long post about my experiences so far in teaching applied cryptography at the American University of Beirut: www.linkedin.com/pulse/teachi...
Teaching Applied Cryptography in Beirut: Field Update
Two months ago, I began what colleagues politely called an "ambitious" undertaking: teaching Applied Cryptography to fifty students at the American University of Beirut while the country navigates war...
www.linkedin.com
October 28, 2025 at 8:03 AM
I wrote a long post about my experiences so far in teaching applied cryptography at the American University of Beirut: www.linkedin.com/pulse/teachi...
Reposted
📣THREAD: It’s surprising to me that so many people were surprised to learn that Signal runs partly on AWS (something we can do because we use encryption to make sure no one but you–not AWS, not Signal, not anyone–can access your comms).
It’s also concerning. 1/
It’s also concerning. 1/
PSA: we're aware that Signal is down for some people. This appears to be related to a major AWS outage. Stand by.
October 27, 2025 at 10:38 AM
📣THREAD: It’s surprising to me that so many people were surprised to learn that Signal runs partly on AWS (something we can do because we use encryption to make sure no one but you–not AWS, not Signal, not anyone–can access your comms).
It’s also concerning. 1/
It’s also concerning. 1/
Reposted
#Passkeys and Verifiable Digital Credentials: Friends or Foes?
My presentation from Authenticate 2025!
blog.timcappalli.me/p/preso-auth...
#passkey #webauthn #vdc #mdl #mdoc #authenticate2025
My presentation from Authenticate 2025!
blog.timcappalli.me/p/preso-auth...
#passkey #webauthn #vdc #mdl #mdoc #authenticate2025
Passkeys and Verifiable Digital Credentials: Friends or Foes? @ Authenticate 2025
A session at Authenticate 2025 which explores the nuanced dynamics between passkeys and verifiable digital credentials, and their technological foundations across usability, privacy, trust models, and...
blog.timcappalli.me
October 24, 2025 at 11:20 PM
#Passkeys and Verifiable Digital Credentials: Friends or Foes?
My presentation from Authenticate 2025!
blog.timcappalli.me/p/preso-auth...
#passkey #webauthn #vdc #mdl #mdoc #authenticate2025
My presentation from Authenticate 2025!
blog.timcappalli.me/p/preso-auth...
#passkey #webauthn #vdc #mdl #mdoc #authenticate2025
Reposted
Some upcoming talks for my course's Applied Cryptography Speaker Series
As always, you can learn more about my course at appliedcryptography.page
(Necessary disclaimer: I'm organizing these talks on my own, AUB is not involved, and they're happening online, not at the university)
As always, you can learn more about my course at appliedcryptography.page
(Necessary disclaimer: I'm organizing these talks on my own, AUB is not involved, and they're happening online, not at the university)
October 21, 2025 at 5:04 PM
Some upcoming talks for my course's Applied Cryptography Speaker Series
As always, you can learn more about my course at appliedcryptography.page
(Necessary disclaimer: I'm organizing these talks on my own, AUB is not involved, and they're happening online, not at the university)
As always, you can learn more about my course at appliedcryptography.page
(Necessary disclaimer: I'm organizing these talks on my own, AUB is not involved, and they're happening online, not at the university)
Reposted
"I don't have anything to hide why should I care about privacy?"
The politician in South Carolina who has introduced a bill redefining contraception as abortion also wants people who share websites to be charged with aiding and abetting homicide.
October 16, 2025 at 2:46 PM
"I don't have anything to hide why should I care about privacy?"
Reposted
To implement robust mitigations across Geomys, I did a survey of open source project compromises in 2024/2025.
Three root causes dominate: phishing, control handoff, and unsafe GitHub Actions triggers. All three can be systematically avoided.
words.filippo.io/compromise-s...
Three root causes dominate: phishing, control handoff, and unsafe GitHub Actions triggers. All three can be systematically avoided.
words.filippo.io/compromise-s...
A Retrospective Survey of 2024/2025 Open Source Supply Chain Compromises
Project compromises have common root causes we can mitigate: phishing, control handoff, and unsafe GitHub Actions triggers.
words.filippo.io
October 10, 2025 at 2:34 PM
To implement robust mitigations across Geomys, I did a survey of open source project compromises in 2024/2025.
Three root causes dominate: phishing, control handoff, and unsafe GitHub Actions triggers. All three can be systematically avoided.
words.filippo.io/compromise-s...
Three root causes dominate: phishing, control handoff, and unsafe GitHub Actions triggers. All three can be systematically avoided.
words.filippo.io/compromise-s...