Profile

Cover photo
Per Thorsheim
690 followers|987,552 views
AboutPostsPhotosYouTube+1's

Stream

Per Thorsheim

Shared publicly  - 
 
Passwords 2015

The 9th International Conference on Passwords 
7, 8, 9 December 2015 
University of Cambridge, United Kingdom

The Passwords conference was launched in 2010 as a response to the lack of robustness and usability of current personal authentication practices and solutions. Annual participation has doubled over the past three years. Since 2014, the conference accepts peer-reviewed papers.

The CFP is now available here:
http://www.cl.cam.ac.uk/events/passwords2015/

Please share this with all relevant contacts you may have!
Passwords 2015. The 9th International Conference on Passwords 7, 8, 9 December 2015. University of Cambridge, United Kingdom. The Passwords conference was launched in 2010 as a response to the lack of robustness and usability of current personal authentication practices and solutions.
3
1
Bård Aase's profile photo
Add a comment...

Per Thorsheim

Shared publicly  - 
 
Good article from Lorenzo Franceschi-Bicchierai at Motherboard, with quotes from Joseph Bonneau, Jeremi Gosney, Troy Hunt and myself.

The recommendation from everyone summarizes it all: use a password manager. :-)

http://motherboard.vice.com/read/your-brain-actually-doesnt-suck-at-passwords
You can remember a combination of random words or characters, you just need to train your brain.
1
1
Sergiy Shabashkevich's profile photo
Add a comment...

Per Thorsheim

Shared publicly  - 
 
Apple raises the hacking bar with iOS9: will require 6-digit PINs instead of the previously 4 digits.

From a security perspective that is a really good move!

From a usability perspective, especially in countries were people are not used with PINs longer than 6 digits, I'm pretty sure there will be complaints. Before & after surveys on the use of 4/6-digit PIN could be interesting to do!

http://arstechnica.com/apple/2015/06/apple-to-require-6-digit-passcodes-on-newer-iphones-ipads-under-ios-9/

Stronger passcode ups the ante: there will be one million possible permutations.
1
Nils Herde's profile photo
 
I couldn't imagine writing a 4 (or 6) character passcode for every time I open my phone during a day. I know a lot of people do it and seem just fine but I don't get it. As long as my banking and password manager requires authentication I honestly don't care about the three texts read and the face rape posted someone could manage before I borrow a phone to send a locking (and possibly) wiping text to my phone.
Add a comment...

Per Thorsheim

Shared publicly  - 
 
Facebook just launched an option that allows you to upload your PGP/GPG public key to your profile, and have Facebook encrypt all email to you using that key.

This is great news, since password resets are usually https links sent by plaintext email, which can be eavesdropped at network level, or at least accessed in your mailbox. By utilizing PGP to encrypt all email sent from Facebook to you, this pretty much eliminates a very clear & present danger of account compromise.

Your move Google.

https://www.facebook.com/notes/protect-the-graph/securing-email-communications-from-facebook/1611941762379302?__mref=message
It's very important to us that the people who use Facebook feel safe and can trust that their connection to Facebook is secure; for instance this is why we run connections to our site over HTTPS with HSTS and why we provide a Tor onion site for people who want to enjoy security guarantees beyond ...
4
1
Per Thorsheim's profile photoKristian Hermansen's profile photoOle Aass's profile photo
3 comments
 
2FA over NSA controlled phone lines :(
Add a comment...

Per Thorsheim

Shared publicly  - 
 
The End of this blog - I think.
This blog is coming to an end. Although I have lots to talk and write about, time is limited and prioritized in other areas. New blog posts may appear in the future on my own company web page: https://godpraksis.no/
This blog is coming to an end. Although I have lots to talk and write about, time is limited and prioritized in other areas. New blog posts may appear in the future on my own company web page: https://godpraksis.no/
1
Add a comment...

Per Thorsheim

Shared publicly  - 
 
Gratulerer med dagen!
 ·  Translate
5
Ole Aass's profile photoBjørgen Villholth H.'s profile photo
2 comments
 
Takk ; det samme ønskes deg og dine! 💈🎂
 ·  Translate
Add a comment...
In his circles
366 people
Have him in circles
690 people
Katja Malvoni's profile photo
Kjersti Berg's profile photo
John Sigvald Skauge's profile photo
Lars Petter Emblem's profile photo
Gyle Iverson's profile photo
Stian Skulstad's profile photo
Tore Klevenberg's profile photo
Jack Daniel's profile photo
Ingvar Hironvati's profile photo

Per Thorsheim

Shared publicly  - 
 
LastPass hacked. Better change your master password now, but no need to scream & cry your eyes out.

https://blog.lastpass.com/no/2015/06/lastpass-security-notice.html/
2
Add a comment...

Per Thorsheim

Shared publicly  - 
 
Her er din månedlige påminnelse om å gå over dine innstillinger på Facebook for sikkerhet og personvern.

http://www.nrk.no/buskerud/stortingspolitikers-nettside-drukner-i-porno-1.12400549
 ·  Translate
Stortingsrepresentant Lise Christoffersen fikk seg litt av en overraskelse da hun gikk inn på Facebook-siden sin i går kveld. Den var nemlig blitt fylt opp med porno.
1
Ole Aass's profile photoPer Thorsheim's profile photo
2 comments
 
Sosiale og kulturelle forskjeller er viktig her, sensuren baseres mye på amerikansk oppfatning av akseptabelt og ikke.
 ·  Translate
Add a comment...

Per Thorsheim

Shared publicly  - 
 
Reminder:
Our #passwords15 CFP is still open, and we are still looking for presentations into anything passwords, including 2FA/MFA, biometrics and more!

CFP and more information can be found here:

https://passwordscon.org/vegas/cfp/
1
Add a comment...

Per Thorsheim

Shared publicly  - 
 
Based on my talk at the Honeynet Project Workshop yesterday in Stavanger, security blogger +Graham Cluley have written this story with some additional input from me.

https://grahamcluley.com/2015/05/ceos-hackers-entry-point-company/
With a little help from LinkedIn, it's easy to find a soft target inside many organisations.
1
Add a comment...

Per Thorsheim

Shared publicly  - 
 
My talk @ProjectHoneynet#HNW2015 on May 19th can be seen on Youtube (3:07:40) https://www.youtube.com/watch?v=WDAOkduNGak
1
Add a comment...

Per Thorsheim

Shared publicly  - 
 
Jeg har ikke tall på hvor mange mennesker som har fortalt meg deres eget eller også andre personers passord for å få høre min mening om dem. I tillegg er det også utrolig mange "tilståelser" på vegne av virksomheter som kommer frem nesten hver eneste gang jeg holder foredrag om temaet i inn- og utland.

I så måte finnes jeg ikke overrasket over resultatet fra Tørnquist her, selv om en del her åpenbart er iscenesatt og klippet til. Uansett godt egnet både som underholdning og opplæring. :-)

http://www.tv2.no/v/913629/
 ·  Translate
Det finnes Einar Tørnquist og Tørnquistklubben ut i dette innslaget. Se Tørnquistklubben på TV 2 torsdag klokken 21.40.
4
2
Filip H.F. “FiXato” Slagter's profile photoGeir Pettersen Grønningsæter's profile photoOle Aass's profile photo
 
Secrets shared, are secrets lost.
Add a comment...
People
In his circles
366 people
Have him in circles
690 people
Katja Malvoni's profile photo
Kjersti Berg's profile photo
John Sigvald Skauge's profile photo
Lars Petter Emblem's profile photo
Gyle Iverson's profile photo
Stian Skulstad's profile photo
Tore Klevenberg's profile photo
Jack Daniel's profile photo
Ingvar Hironvati's profile photo
Work
Occupation
Security.
Skills
Passwords
Links
Other profiles
Contributor to
Links
Story
Tagline
Security Professional. Password Researcher.
Introduction
I live and work in Bergen, Norway. Occupation: Security.

I currently hold the CISA and CISM certifications from ISACA, and the CISSP-ISSAP certifications from ISC(2).

More details can be found on my Linkedin profile here: http://www.linkedin.com/in/thorsheim
Bragging rights
1 of 3 finalists for the annual Rosing IT security award in Norway, 2012. Received the commander's coin from the chief of the Norwegian cyber defence forces in spring 2014.
Basic Information
Gender
Male
Relationship
Single
Per Thorsheim's +1's are the things they like, agree with, or want to recommend.
WiFi Track
market.android.com

A WiFi Survey / Wardriving App.

Break Weak Password Hashes
www.indiegogo.com

Instantly check if a hash is from a list of trillions of passwords. Works with unsalted hashes: LM, NTLM, MD5, SHA1, etc.

Jeg bekymrer meg en del for paranoia...
mollerhaug.blogspot.com

En av mine tidligere sjefer sa en gang (fritt oversatt fra engelsk): "Jeg bekymrer meg en del for paranoia. Som oftest er jeg bekymret for a

ISF Norge
market.android.com

The ISF-app gives you a complete overview over the autumn conference – directly to your smartphone! Download the app to review the updated p

Phishing without a webpage - researcher reveals how a link *itself* can ...
nakedsecurity.sophos.com

Can you phish without a phishing page? Research by a student at the University of Oslo in Norway finds that, with the help of a trusty URI,

- En gavepakke til myndighetene - Computerworld
www.idg.no

Er Skype fortsatt troverdig? Nei, sier Eivind Jonassen. Han mener du bør droppe programmet. - Bare spekulasjoner og rykter, kontrer Per Thor

The Final Word on the LinkedIn Leak
securitynirvana.blogspot.com

As you are undoubtedly aware of by now, two weeks ago the professional networking site LinkedIn became the victim of a rather unfortunate mi

Hackere kan kreve løsepenger for familiebildene dine
tv2.no

Et datavirus som tar over filer på datamaskinen din og gjør dem uleselige herjer nettet.

GO LauncherEX Norwegian langua
market.android.com

GO Launcher Dev Team A language plug-in for GO LauncherEX. This pack is for GO LauncherEX Norwegian language support. Install it and change

- Skriv gjerne passordet på lapp - Computerworld
www.idg.no

Passordekspert Per Thorsheim mener passordet er tryggere på lapp enn i utrygg app.

Passord-apper holder ikke mål - Computerworld
www.idg.no

De holder orden på passordene, men er elendig kryptert - flere mangler kryptering helt.

- Vi hater passord - Computerworld
www.idg.no

Sikkerhetssjef Úlfar Erlingsson i Google mener konkurrentene er hans største sikkerhetstrussel. Årsaken: Kundene hater passord.

Cryptohaze Blog: GPU Rainbow Tables 1.22 out - with WebTables fixes!
blog.cryptohaze.com

GPU Rainbow Tables 1.22 out - with WebTables fixes! Sorry for the delay. My random number generator code was acting up and needed revision.