Per Thorsheim

@thorsheim
1.3K Followers
925 Following
712 Posts
Founder & organizer of PasswordsCon.org.
Linkedin.com/in/thorsheim
Infosec since 1994.
Twittodon verificationhttps://twittodon.com/share.php?t=thorsheim&[email protected]
ObsessionsPasswords, digital authentication
Per Thorsheim2d ago
https://youtu.be/wfszwkoSdQA?si=3IqKjLV0WhMKkAWt
"Fahrenheit 11/9" - This is How Fascism Starts | Michael Moore

YouTube
Per Thorsheim2d ago

I vibecoded a DNS Email Security Checker: check a domain for DNSSEC, MX, PTR, DANE, SPF, DKIM, DMARC, BIMI, RLS-RPT, MTA-STS, CAA, RPKI & Security.txt, with WHOIS info on top, recommendations & explanations & examples.

https://github.com/thorsheim/Mailcheck

Also available online at https://passwordscon.org/mailcheck/

GitHub - thorsheim/Mailcheck: Standalone html that runs in your browser to check any domain: DNSSEC, MX, PTR, DANE, SPF, DKIM, DMARC, BIMI, TLS-RPT, MTA-STS, CAA, RPKI, Security.TXT and WHOIS info.

Standalone html that runs in your browser to check any domain: DNSSEC, MX, PTR, DANE, SPF, DKIM, DMARC, BIMI, TLS-RPT, MTA-STS, CAA, RPKI, Security.TXT and WHOIS info. - thorsheim/Mailcheck

GitHub
Per Thorsheim2d ago
Here is a picture to describe the current situation in middle east.
🌮
Per Thorsheim3d ago
Show threadParagon Initiative Enterprises3d ago

The PHP extension (written in Rust):

https://github.com/paragonie/ext-pqcrypto

GitHub - paragonie/ext-pqcrypto: Post-Quantum Cryptography for PHP

Post-Quantum Cryptography for PHP. Contribute to paragonie/ext-pqcrypto development by creating an account on GitHub.

GitHub
Show threadPer ThorsheimMar 27

@dbelson Would *love* to talk one day, as I'm using CF radar in preparations for that talk in august, but also to promote the use of rpki to everyone relevant.

"Never heard of it."
"Not a problem."
"Doesn't happen to us."
"That's someone elses problem."
"Theory. Ransomware is for real, so we focus on that."
"No documented losses or problems due to lack of rpki."

I've heard other versions as well. CF Radar provide documentation on some of those, but could - imho - provide more info.

Show threadPer ThorsheimMar 27
@bsdphk @SteveBellovin Granularity: Not that long since Gmail went mandatory 2FA. Processes for account recovery, forgot password & 2FA login can be excellent attack vectors, simswap makes it even more so. Even Patel is human, and humans reuse pwds across multiple services, so a compromise somewhere else may provide direct access, or increase probability of pwd spraying / credential stuffing to work.
Why should Patel be considered better than most at protecting personal accounts?
Per ThorsheimMar 27

I will be presenting "Our Vulnerable Networks" at #Sikkerhetsfestivalen 2026, talking BGP & RPKI history, status & "how to get it done".

Through history back to 1989 (BGP), L0pht testifying for congress in 1998 and lots more, I will explain the problem, the gaps, current status and what we need to do to fix a global internet routing security issue that is exploited many times daily.

Thanks to @internet_nl & @ripencc for their tools & knowledge, and the @cloudflare routing radar!

Per ThorsheimMar 26
@km sant nok siden du startet med moderne EHLO, ikke gammeldags HELO.
Per ThorsheimMar 26
@km 220 STARTTLS
Per ThorsheimMar 26

Jeg har vært på podcastinnspilling hos Advokatforeningen og snakket om mine undersøkelser av epost sikkerhet hos deres medlemmer. Resultatet kan du høre på Spotify og andre podcast plattformer. Mer info her:

https://www.advokatforeningen.no/aktuelt/podcast/bits-and-bytes-for-advokater-per-thorsheim/

Bits and bytes for advokater: Per Thorsheim

Sikkerhetsekspert Per Thorsheim har brukt fritiden på å sjekke sikkerheten på nettsidene og e-posten til norske advokatfirmaer.

Advokatforeningen