Lari LehtomÀki

@latsku@infosec.exchange
39 Followers
462 Following
466 Posts

Infosec specialist đŸ–„, former infosec consultant & Windows sysadmin , geek đŸ‘Ÿ

"If I have seen further it is by standing on the shoulders of Giants"

#fedi22

LocationFinland
PronounsHe/him
Twitter (not active anymore)https://www.twitter.com/@larilehtomaki
Lari LehtomÀki22h ago
Dgar1d ago

My roommates are convinced that our house is haunted.

I’ve lived here for 278 years and I haven’t noticed anything strange.

Lari LehtomÀki22h ago
Ben1d ago
It's quite funny to me that since moving social media it's evident my lived experience is off with some people I've known my whole life. Saw a friend I haven't seen in ages recently who was excitedly telling me he's bought an electric car. Realising what was about to happen, I asked what, thinking - don'tsayitdon'tsayitdon'tsayit - of course it is a Tesla. And I saw another friend for the first time in years recently who kept going on about how terrific ChatGPT is and that she uses it for literally everything (she's the HR Director for one of the largest companies in the world). I wonder, sitting in those situations, if I come across to them as some utter loon. A modern day hippy. Like someone who might turn up at a restaurant with no shoes or socks on and refuse to sit on a chair made of wood because a tree was harmed in the making of it.
Lari LehtomÀki2d ago
Ricky Mondello2d ago

iOS 26 (and OSes 26 in general) add an OS-facilitated way to securely migrate your passkeys, passwords, and other data saved in one password manager app to another. The details here are super interesting and are covered in the WWDC25 video “What's new in passkeys” (https://developer.apple.com/videos/play/wwdc2025/279). The rest of this post includes a summary of part of that video and other publicly-available information. (I am not breaking any kind of news here.)

- Data is sent from one app to the other without exporting any kind of file to a filesystem. This means it can’t accidentally be accidentally uploaded to an attacker attempting to compromise one or all of your accounts.
- There’s an OS API that password manager apps call to export their data. Then, securely and out-of-process, users select which app to send the data to. They are reminded of the scope of the data, and authentication with local biometrics or their passcode to confirm sending the data.
- The destination app is not revealed to the source app.
- Remember that crappy unstandardized CSV format for migrating passwords between password managers? It’s going to be a thing of the past, because

- The data sendable via the API is explicitly based on the “Credential Exchange Format” (https://fidoalliance.org/specifications-credential-exchange-specifications/) standard. This standard is being developed in the FIDO Alliance, the standards body working on passkeys, but the spec covers far more than passwords and passkeys. In fact, it was co-developed by 1Password, Dashlane, and others. There’s a collection of Swift structs in the SDK implementing the standard, with as few modifications as possible.
- The data format part of the API is versioned so it can evolve as the Credential Exchange Format does.

I know it’s taken some time for this to come to fruition, but I hope that delivering a phishing-resistant credential migration process based on open standards (with a credential format standardized for the first time!) makes up for the delay. As I have said since day 1, your passkey data is yours. Passkeys are not a form of “vendor lock-in”.

What’s new in passkeys - WWDC25 - Videos - Apple Developer

Discover how iOS, iPadOS, macOS, and visionOS 26 enhance passkeys. We'll explore key updates including: the new account creation API for...

Apple Developer
Lari LehtomÀki3d ago
daniel:// stenberg://3d ago
It has officially begun. The CRA info request counter is no longer at zero.
Lari LehtomÀki3d ago
Ken Shirriff3d ago
The Globus is a navigational instrument that uses a rotating globe to show the position of the Soyuz spacecraft above the Earth. Inside the Globus, a complicated system of gears and motors positions the globe. Jon Bruner from @lumafield created a three-dimensional X-ray scan for us. 1/4
Lari LehtomÀki3d ago
Taggart 3d ago
This is the good stuff right here. Read this whole thread on reversing a Flock camera.
https://infosec.exchange/@kajer/114702028324249657
kajer (@kajer@infosec.exchange)

Attached: 2 images Miserable piece of shit is getting opened soon.

Infosec Exchange
Lari LehtomÀki3d ago
Nanoraptor4d ago
LLMs simulate confidence more than they do intelligence.
Lari LehtomÀki4d ago
Natasha Jay4d ago

Why do we say 'slept like a baby'? Babies wake up every two hours crying.

I want to sleep like my cat. 14 hours, no responsibilities, zero regrets.

Lari LehtomÀki4d ago
Anuj AhoojaJun 26
In the last five years, we've gone from "employees will never have to go into an office" to "employees need to be in the office because creative and innovative work can only be done face-to-face between humans" to "lol we don't need humans"
Lari LehtomÀki6d ago
Natasha Jay6d ago

It's sunflower season starting here in Ireland at least đŸŒ»đŸŒ»đŸŒ». David Zinn shows how they can be cultivated on pavements using chalk, water and a large dose of whimsy ...

#DavidZinn #StreetArt #Art

×
Show threadDustin D. WindJun 21

@tshirtman @ciaranmak I was wondering the same thing, and verified that someone fixed the answer at least for Google's "AI". Sort of.

They fixed the specific instance it was getting mocked for, but not the underlying issue. 😅

Show threadGabriel PettierJun 21

@MySideIsHumanity @ciaranmak oh, fun, IIRC, back then when i tried in ChatGPT, it got strawberry wrong but raspberry wrong.

Now you are testing Geminy (google) though, so different bugs. (and people consider it to be behind the competition).