Per Thorsheim
@thorsheim.bsky.social
Founder of #PasswordsCon. Above average interested in passwords & digital authentication. Online since 2400baud. I do security & privacy. Want me to speak at your conference / org? Reach out!
Maximilian Golla @maximiliangolla.com presenting "Measuring the Risk Password Reuse Poses for a University" at #PasswordsCon in Prague, December 2, 2025.
youtu.be/6dEQRwueX98
youtu.be/6dEQRwueX98
Maximilian Golla - Measuring the Risk Password Reuse Poses for a University
YouTube video by Per Thorsheim
youtu.be
December 9, 2025 at 1:16 PM
Maximilian Golla @maximiliangolla.com presenting "Measuring the Risk Password Reuse Poses for a University" at #PasswordsCon in Prague, December 2, 2025.
youtu.be/6dEQRwueX98
youtu.be/6dEQRwueX98
Michal Špaček @spazef0rze.bsky.social presenting his talk "Password Reuse Is a Dumpster Fire – We Brought a Hose" at #PasswordsCon in Prague, December 2, 2025.
youtu.be/AuCNgoDf-5c
youtu.be/AuCNgoDf-5c
Michal Špaček: Password Reuse Is a Dumpster Fire – We Brought a Hose
YouTube video by Per Thorsheim
youtu.be
December 9, 2025 at 12:32 PM
Michal Špaček @spazef0rze.bsky.social presenting his talk "Password Reuse Is a Dumpster Fire – We Brought a Hose" at #PasswordsCon in Prague, December 2, 2025.
youtu.be/AuCNgoDf-5c
youtu.be/AuCNgoDf-5c
Rostyslav (Ross) Yevdiukhin presenting "OT Security meets reality" at #PasswordsCon in Prague, December 2, 2025.
youtu.be/V6B81wrlVdo
youtu.be/V6B81wrlVdo
Rostyslav (Ross) Yevdiukhin - OT Security meets reality
YouTube video by Per Thorsheim
youtu.be
December 9, 2025 at 11:12 AM
Rostyslav (Ross) Yevdiukhin presenting "OT Security meets reality" at #PasswordsCon in Prague, December 2, 2025.
youtu.be/V6B81wrlVdo
youtu.be/V6B81wrlVdo
Luci André Knudsen @woofie.dev presenting "How I Learned to Stop Worrying and Love ReBAC" at #PasswordsCon in Prague, December 2, 2025.
youtu.be/WfXt2J2gYz8
youtu.be/WfXt2J2gYz8
Luci
YouTube video by Per Thorsheim
youtu.be
December 9, 2025 at 10:28 AM
Luci André Knudsen @woofie.dev presenting "How I Learned to Stop Worrying and Love ReBAC" at #PasswordsCon in Prague, December 2, 2025.
youtu.be/WfXt2J2gYz8
youtu.be/WfXt2J2gYz8
YouTube playlist with videos from #PasswordsCon in Prague, December 1-3 2025 has been created, with the first video of Niels Loozekoot available. More videos to come.
A big thank you to @nic.cz for sponsoring & hosting the event!
youtube.com/playlist?lis...
A big thank you to @nic.cz for sponsoring & hosting the event!
youtube.com/playlist?lis...
PasswordsCon Prague 2025 - YouTube
These are the videos from PasswordsCon in Prague, December 1-2, 2025. The conference was kindly sponsored and venue organized by CZ.NIC.
youtube.com
December 8, 2025 at 10:07 PM
YouTube playlist with videos from #PasswordsCon in Prague, December 1-3 2025 has been created, with the first video of Niels Loozekoot available. More videos to come.
A big thank you to @nic.cz for sponsoring & hosting the event!
youtube.com/playlist?lis...
A big thank you to @nic.cz for sponsoring & hosting the event!
youtube.com/playlist?lis...
Reposted by Per Thorsheim
December 1, 2025 at 2:16 PM
Reposted by Per Thorsheim
#PasswordsCon Prague 2025 has come to an end. After 3 amazing days most of us have headed home to our respective countries around the world. Great location, lots and lots of food, and amazing organisation & sponsorship by @nic.cz
Looking forward to Cork, Ireland, in December 2026!
nic.cz
Looking forward to Cork, Ireland, in December 2026!
nic.cz
CZ.NIC
Správce domén CZ.
nic.cz
December 4, 2025 at 5:34 PM
#PasswordsCon Prague 2025 has come to an end. After 3 amazing days most of us have headed home to our respective countries around the world. Great location, lots and lots of food, and amazing organisation & sponsorship by @nic.cz
Looking forward to Cork, Ireland, in December 2026!
nic.cz
Looking forward to Cork, Ireland, in December 2026!
nic.cz
Hello Prague, nice to be here again!
So incredibly ready for doing #PasswordsCon number 26 since 2010!
This time with @nic.cz as sponsor, 3 full days and a stellar lineup of speakers & talks!
www.passwordscon.org/prague-2025-...
So incredibly ready for doing #PasswordsCon number 26 since 2010!
This time with @nic.cz as sponsor, 3 full days and a stellar lineup of speakers & talks!
www.passwordscon.org/prague-2025-...
Prague 2025 Program & speakers – PasswordsCon
www.passwordscon.org
November 29, 2025 at 3:41 PM
Hello Prague, nice to be here again!
So incredibly ready for doing #PasswordsCon number 26 since 2010!
This time with @nic.cz as sponsor, 3 full days and a stellar lineup of speakers & talks!
www.passwordscon.org/prague-2025-...
So incredibly ready for doing #PasswordsCon number 26 since 2010!
This time with @nic.cz as sponsor, 3 full days and a stellar lineup of speakers & talks!
www.passwordscon.org/prague-2025-...
I am honored and happy to be asked by @boblord.bsky.social to contribute & sign the open letter at hacklore.org. It is time to kill some "hacklore" - IT security advice that is now *seriously* outdated.
Please read more at the link below, and tell everyone about it.
hacklore.org
Please read more at the link below, and tell everyone about it.
hacklore.org
Stop Hacklore!
hacklore.org
November 24, 2025 at 7:40 PM
I am honored and happy to be asked by @boblord.bsky.social to contribute & sign the open letter at hacklore.org. It is time to kill some "hacklore" - IT security advice that is now *seriously* outdated.
Please read more at the link below, and tell everyone about it.
hacklore.org
Please read more at the link below, and tell everyone about it.
hacklore.org
Registration for #PasswordsCon in Prague, December 1-3 closes this Sunday, Nov 23.
Speakers & talks: www.passwordscon.org/prague-2025-...
Venue & registration:
www.nic.cz/passwordscon...
Speakers & talks: www.passwordscon.org/prague-2025-...
Venue & registration:
www.nic.cz/passwordscon...
Prague 2025 speakers – PasswordsCon
www.passwordscon.org
November 21, 2025 at 9:35 PM
Registration for #PasswordsCon in Prague, December 1-3 closes this Sunday, Nov 23.
Speakers & talks: www.passwordscon.org/prague-2025-...
Venue & registration:
www.nic.cz/passwordscon...
Speakers & talks: www.passwordscon.org/prague-2025-...
Venue & registration:
www.nic.cz/passwordscon...
Jeg har skrevet litt om usikker epost hos Nasjonal Sikkerhetsmyndighet, og desto mer kritikk serveres til Forsvarsdepartementet.
www.linkedin.com/pulse/grader...
www.linkedin.com/pulse/grader...
Gradert Usikkert: Epost Sikkerhet for Nasjonal Sikkerhetsmyndighet
All innhentet informasjon i dette innlegget er offentlig tilgjengelig. Ingen "hacking" er utført.
www.linkedin.com
November 21, 2025 at 9:48 AM
Jeg har skrevet litt om usikker epost hos Nasjonal Sikkerhetsmyndighet, og desto mer kritikk serveres til Forsvarsdepartementet.
www.linkedin.com/pulse/grader...
www.linkedin.com/pulse/grader...
Reposted by Per Thorsheim
Checking the web, dns & email security of 557 domains / law firms in Norway using internet.nl:
www.linkedin.com/pulse/intern...
www.linkedin.com/pulse/intern...
November 13, 2025 at 11:09 PM
Checking the web, dns & email security of 557 domains / law firms in Norway using internet.nl:
www.linkedin.com/pulse/intern...
www.linkedin.com/pulse/intern...
Checking the web, dns & email security of 557 domains / law firms in Norway using internet.nl:
www.linkedin.com/pulse/intern...
www.linkedin.com/pulse/intern...
November 13, 2025 at 11:09 PM
Checking the web, dns & email security of 557 domains / law firms in Norway using internet.nl:
www.linkedin.com/pulse/intern...
www.linkedin.com/pulse/intern...
Scandinavian Airlines (SAS) has launched Passkeys support, and they have chosen to call it "Hovednøkkel" in Norwegian. Directly translated to english = "Mainkey".
1) you don't have to remember a password. With "mainkeys" you can use stuff like fingerprint or face to login.
1) you don't have to remember a password. With "mainkeys" you can use stuff like fingerprint or face to login.
November 2, 2025 at 5:59 PM
Scandinavian Airlines (SAS) has launched Passkeys support, and they have chosen to call it "Hovednøkkel" in Norwegian. Directly translated to english = "Mainkey".
1) you don't have to remember a password. With "mainkeys" you can use stuff like fingerprint or face to login.
1) you don't have to remember a password. With "mainkeys" you can use stuff like fingerprint or face to login.
Almost 300 organizations within the tech landscape found in my city Bergen, Norway. With 337 domains I set out to make a snapshot of their publicly visible internet security: DNS, Email & Web. Here is what I found, from startups to global giants. (Linkedin article)
www.linkedin.com/pulse/little...
www.linkedin.com/pulse/little...
Little Mirror on the Wall, Who has the Best Publicly Visible Internet Security in This Little City Here?
Bønes Virik Executive Search in Norway has for years published an interactive map of the technology space of my city, Bergen, on the west coast of Norway. Along with this map they have also done inter...
www.linkedin.com
October 22, 2025 at 9:03 PM
Almost 300 organizations within the tech landscape found in my city Bergen, Norway. With 337 domains I set out to make a snapshot of their publicly visible internet security: DNS, Email & Web. Here is what I found, from startups to global giants. (Linkedin article)
www.linkedin.com/pulse/little...
www.linkedin.com/pulse/little...
I just cannot find any specific info on how Netflix, HBO Max, Disney or Prime on how to handle my daughters access to their services when she lives 50% at my place and 50% with her mother.
They cannot seriously require 2 subscriptions, but how do I handle it? Subscriptions are for people, not IPs.
They cannot seriously require 2 subscriptions, but how do I handle it? Subscriptions are for people, not IPs.
October 17, 2025 at 2:19 PM
I just cannot find any specific info on how Netflix, HBO Max, Disney or Prime on how to handle my daughters access to their services when she lives 50% at my place and 50% with her mother.
They cannot seriously require 2 subscriptions, but how do I handle it? Subscriptions are for people, not IPs.
They cannot seriously require 2 subscriptions, but how do I handle it? Subscriptions are for people, not IPs.
I've done something I thought I would never do.
I've used Anthropic Claude to "vibe" code a Chrome plugin to test if a website is protected with DNSSEC & RPKI for BGP.
Warning: it seems to work. USE AT YOUR OWN RISK!
Feedback wanted. 😬
github.com/thorsheim/rp...
I've used Anthropic Claude to "vibe" code a Chrome plugin to test if a website is protected with DNSSEC & RPKI for BGP.
Warning: it seems to work. USE AT YOUR OWN RISK!
Feedback wanted. 😬
github.com/thorsheim/rp...
October 7, 2025 at 11:31 PM
I've done something I thought I would never do.
I've used Anthropic Claude to "vibe" code a Chrome plugin to test if a website is protected with DNSSEC & RPKI for BGP.
Warning: it seems to work. USE AT YOUR OWN RISK!
Feedback wanted. 😬
github.com/thorsheim/rp...
I've used Anthropic Claude to "vibe" code a Chrome plugin to test if a website is protected with DNSSEC & RPKI for BGP.
Warning: it seems to work. USE AT YOUR OWN RISK!
Feedback wanted. 😬
github.com/thorsheim/rp...
Reposted by Per Thorsheim
We've just launched an awesome new feature at report-uri.com! You can now collect Integrity Metadata, natively from the browser, for JavaScript running on your site!
It takes seconds to deploy, so read the thread for the amazing benefits this will bring.
scotthelme.co.uk/capture-java...
It takes seconds to deploy, so read the thread for the amazing benefits this will bring.
scotthelme.co.uk/capture-java...
Capture JavaScript Integrity Metadata using CSP!
Today we're announcing the open beta of a brand new and incredibly powerful feature on the Report URI platform, CSP Integrity! Having the ability to collect integrity metadata for scripts running on y...
scotthelme.co.uk
September 29, 2025 at 11:09 AM
We've just launched an awesome new feature at report-uri.com! You can now collect Integrity Metadata, natively from the browser, for JavaScript running on your site!
It takes seconds to deploy, so read the thread for the amazing benefits this will bring.
scotthelme.co.uk/capture-java...
It takes seconds to deploy, so read the thread for the amazing benefits this will bring.
scotthelme.co.uk/capture-java...
I just cannot find any info about Nessus or Nexpose having modules to find missing or incorrect RPKI for prefixes or AS numbers. Neither have I seen any other vulnerability scanners doing this.
Missing RPKI may be considered a weakness or flaw, but still... scanners should detect & report imho.
Missing RPKI may be considered a weakness or flaw, but still... scanners should detect & report imho.
September 26, 2025 at 7:38 AM
I just cannot find any info about Nessus or Nexpose having modules to find missing or incorrect RPKI for prefixes or AS numbers. Neither have I seen any other vulnerability scanners doing this.
Missing RPKI may be considered a weakness or flaw, but still... scanners should detect & report imho.
Missing RPKI may be considered a weakness or flaw, but still... scanners should detect & report imho.
Well well well Google Chrome, is this how you have decided to treat @kalilinux.bsky.social all of a sudden, or do they have issues on their side, or is it just .... me?
(Version 140.0.7339.208 official build on Windows 11)
(Version 140.0.7339.208 official build on Windows 11)
September 25, 2025 at 8:05 PM
Well well well Google Chrome, is this how you have decided to treat @kalilinux.bsky.social all of a sudden, or do they have issues on their side, or is it just .... me?
(Version 140.0.7339.208 official build on Windows 11)
(Version 140.0.7339.208 official build on Windows 11)
Reposted by Per Thorsheim
1/ Hi, I'm TProphet. I write the Telecom Informer for @2600.com. A lot of people have been asking me about www.nbcnews.com/politics/nat... given that I'm somewhat knowledgeable in the area.
Here's my take: I'm kind of astonished that this is public, and it isn't normal that it would ever be.
Here's my take: I'm kind of astonished that this is public, and it isn't normal that it would ever be.
Secret Service agents dismantle network that could shut down New York cellphone system
Agents discovered electronic devices in five locations in and around the city that could be used to disable cellphone towers. The system could also be used for criminal activities.
www.nbcnews.com
September 23, 2025 at 6:49 PM
1/ Hi, I'm TProphet. I write the Telecom Informer for @2600.com. A lot of people have been asking me about www.nbcnews.com/politics/nat... given that I'm somewhat knowledgeable in the area.
Here's my take: I'm kind of astonished that this is public, and it isn't normal that it would ever be.
Here's my take: I'm kind of astonished that this is public, and it isn't normal that it would ever be.
Reposted by Per Thorsheim
Disney learned nothing from Andor.
September 18, 2025 at 5:05 AM
Disney learned nothing from Andor.