Just doing my undue diligence.
ISP vet, password cracker (Team Hashcat), security demi-boffin, YubiKey stan, public-interest technologist, AK license plate geek. Husband to a philosopher, father to a llama fanatic. Views his.
Day job: Enterprise Security Architect for an Alaskan ISP.
Obsessed with security keys:
techsolvency.com/mfa/security-keys
My 2017 #BSidesLV talk "Password Cracking 201: Beyond the Basics":
youtube.com/watch?v=-uiMQGICeQY&t=20260s
Followed you out of the blue = probably stole you from follows of someone I respect.
Blocked inadvertently? Ask!
Am I following a dirtbag? Tell me!
Photo: White 50-ish man w/big forehead, short beard, & glasses, grinning in front of a display of Alaskan license plates.
Boosts not about security ... usually are.
Banner: 5 rows of security keys in a wall case.
#hashcat #Alaska #YubiKeys #LicensePlates
P.S. I hate advance-fee scammers with the heat of 400B suns
❤️:⚛👨👩👧🛡🙊🌻🗽💻✏🎥🍦🌶🍫!
Dinner and a walk through a park festival at day 0 of #confconf in #Sofia, #Bulgaria
Just in those photos you see people who made #FOSDEM, #DENOG, #DebConf, #PromCon, #GrafanaCon, #CCC / #38c3, #WHY2025, #IndiaFOSS, #COSCUP, #FOSSASIA, and others happen. And more people will come tomorrow.
We're looking to have a packed agenda over this coming weekend, and I will try and do my best to update this thread with tidbits and information.
Is there a term for the class of "credential storage confusion" #security issues, where the user accidentally saves a password or passkey in a vault they don't actively use (browser, #SSO IdP, #passwordManager, OS)?
One thing that made me think of this is having to go through a separate step (like "use a different device") on Android to avoid enrolling the phone as passkey.
I can see how users spread active credentials across multiple services which seems like a massive #infosec issue to me...
Michael Feinberg, threatened with demotion over his friendship with a former official on the FBI director’s “enemies list,” details FBI leadership’s efforts to oust him from the Bureau, and his decision to ultimately resign.
The mindless, zero-friction "tag all" nature of the '@ highlight' feature of Facebook is not a net win for the ecosystem.
It's Reply All On Steroids as as Service.
Don't use @ highlight on Facebook.
["Well you're using Facebook, that's your problem" replies are not needed, thanks]
Signs that product management for Gmail on Android is dead:
No way to create or modify filters (!)
If a message is too long, the "view entire message" simply renders the entire page as HTML, including remote images, even if you have remote images disabled (!)
The assumption that no one will have more than a few labels, so it's totally okay to put "Settings" at the bottom of the label list
No way to edit or disable the "recent labels" list, or to reorder the labels list (and therefore no way to make "All mail" appear on the first page)
"All inboxes" does nothing to visually distinguish which inbox a message is in
Richard "RichiH" Hartmann
Karl Fredrik 🦊
Armin Rohde
Yes, But ⁉️
Lawfare