Just doing my undue diligence.
ISP vet, password cracker (Team Hashcat), security demi-boffin, YubiKey stan, public-interest technologist, AK license plate geek. Husband to a philosopher, father to a llama fanatic. Views his.
Day job: Enterprise Security Architect for an Alaskan ISP.
Obsessed with security keys:
techsolvency.com/mfa/security-keys
My 2017 #BSidesLV talk "Password Cracking 201: Beyond the Basics":
youtube.com/watch?v=-uiMQGICeQY&t=20260s
Followed you out of the blue = probably stole you from follows of someone I respect.
Blocked inadvertently? Ask!
Am I following a dirtbag? Tell me!
Photo: White 50-ish man w/big forehead, short beard, & glasses, grinning in front of a display of Alaskan license plates.
Boosts not about security ... usually are.
Banner: 5 rows of security keys in a wall case.
#hashcat #Alaska #YubiKeys #LicensePlates
P.S. I hate advance-fee scammers with the heat of 400B suns
β€οΈ:βπ¨βπ©βπ§π‘ππ»π½π»βπ₯π¦πΆπ«!
π‘ The #livestream doesnβt stop when we're off for the holiday or weekend. πΊπΈ
When the microfiche scanning team powers down overnight & on weekends, the feed keeps on keeping on, shifting to silent films, home movies & other gems from the #InternetArchive.
Catch the stream β‘οΈ https://www.youtube.com/live/aPg2V5RVh7U
Calling upon #Python developers. Have you implemented #Passkey authentication without using third-party services?
I'm trying to find some good reference material but all seem to include usage of third-party services for managing the authentication...
... but I want full "ownership" of the authentication stack before deciding to ship that to someone else. One of the most critical components is not something I feel entirely comfortable handing off to someone else.
So... anyone got something to share? I have come across this:
https://pypi.org/project/webauthn/
That seems to give me the server/backend stuff. If you have experience building the frontend/UX components using #Reflex then I would be even more excited to hear from you! π
in the past I've provided expert advice for inclusion in guidelines for domain owners. Often that advice is mangled once published. So I wrote my own guidelines a few yrs ago.
#dns #domains #domainnames
Dinner and a walk through a park festival at day 0 of #confconf in #Sofia, #Bulgaria
Just in those photos you see people who made #FOSDEM, #DENOG, #DebConf, #PromCon, #GrafanaCon, #CCC / #38c3, #WHY2025, #IndiaFOSS, #COSCUP, #FOSSASIA, and others happen. And more people will come tomorrow.
We're looking to have a packed agenda over this coming weekend, and I will try and do my best to update this thread with tidbits and information.
Is there a term for the class of "credential storage confusion" #security issues, where the user accidentally saves a password or passkey in a vault they don't actively use (browser, #SSO IdP, #passwordManager, OS)?
One thing that made me think of this is having to go through a separate step (like "use a different device") on Android to avoid enrolling the phone as passkey.
I can see how users spread active credentials across multiple services which seems like a massive #infosec issue to me...
Rob Fuller
Lorin Hochstein 
Daniel Swain
internetarchive
Christoffer S.
Kal Feher
Richard "RichiH" Hartmann
Karl Fredrik π¦
Armin Rohde
David Reamer