Profile

Cover photo
Per Thorsheim
693 followers|1,011,974 views
AboutPostsPhotosYouTube+1's

Stream

Per Thorsheim

Shared publicly  - 
 
I gave a few statements to Kim Zetter @ WIRED​ regarding the Ashley Madison hack and the data being dumped online by the alleged hackers.

http://www.wired.com/2015/08/ashley-madison-hack-everything-you-need-to-know-your-questions-explained/
1
Add a comment...

Per Thorsheim

Shared publicly  - 
 
Video of KeyboardPrivacy with Tor Browser & Chrome.
2
whatisit1326's profile photoPer Thorsheim's profile photo
2 comments
 
Paul Moore is working on it, but no ETA.
Add a comment...

Per Thorsheim

Shared publicly  - 
 
<3
1
Per Thorsheim's profile photoTrond Eivind Valvik's profile photo
3 comments
 
Kan den leses et sted? :)
 ·  Translate
Add a comment...

Per Thorsheim

Shared publicly  - 
 
Nice article by Liam Tung for the Sydney Morning Herald, featuring Omer van Kloeten (Israel), Igal Tabachnik (Israel), Troy Hunt​ (Australia) & myself. Really cool to see worldwide cooperation for improving security online!

http://www.smh.com.au/it-pro/security-it/plaintext-offenders-page-names-and-shames-sites-that-abuse-password-secrecy-20150713-gi9cr9.html?stb=twt
1
Add a comment...

Per Thorsheim

Shared publicly  - 
 
LastPass hacked. Better change your master password now, but no need to scream & cry your eyes out.

https://blog.lastpass.com/no/2015/06/lastpass-security-notice.html/
2
Add a comment...

Per Thorsheim

Shared publicly  - 
 
Her er din månedlige påminnelse om å gå over dine innstillinger på Facebook for sikkerhet og personvern.

http://www.nrk.no/buskerud/stortingspolitikers-nettside-drukner-i-porno-1.12400549
 ·  Translate
Stortingsrepresentant Lise Christoffersen fikk seg litt av en overraskelse da hun gikk inn på Facebook-siden sin i går kveld. Den var nemlig blitt fylt opp med porno.
1
Ole Aass's profile photoPer Thorsheim's profile photo
2 comments
 
Sosiale og kulturelle forskjeller er viktig her, sensuren baseres mye på amerikansk oppfatning av akseptabelt og ikke.
 ·  Translate
Add a comment...
Have him in circles
693 people
Stian Skulstad's profile photo
Arve Kvaløy's profile photo
Jakob Breivik Grimstveit's profile photo
Modestas Bunokas's profile photo
Angelo Dell'Aera's profile photo
Tone Skramstad Brække's profile photo
Asle Skarpengland's profile photo
Kjersti Berg's profile photo
Lilly Haug's profile photo

Per Thorsheim

Shared publicly  - 
 
389K combinations, but 10% will use a pattern that looks like a letter. Left or right-handed, patterns will start on top left in most cases anyway.
1
Add a comment...

Per Thorsheim

Shared publicly  - 
 
Today UK based security consultant Paul Moore & myself launch a Google Chrome plugin named "KeyboardPrivacy", available in the Google Chrome webstore.

The short version is this:
"Prevents behavioral profiling by randomizing the rate at which characters reach the DOM."
---------------
The long version is explained in 2 blog posts.

My post addresses the background, motivation, risk & examples of "behavoioral biometrics" and more specifically "Keyboard Dynamics".

The post by Paul Moore goes deeper into the technology, and our work to understand, detect, block and mitigate where needed.
As far as we know this is the first time anyone has done such a description of this technology and its possible consequences for privacy.

The Register has already published their story about this, with others to come very soon. You can read their story here: http://www.theregister.co.uk/…/behavioural_profiling_defea…/

If you find this of interest, I would be happy if you share this post, or provide the link below to others within academia & the security industry.
Historical background During World War II, British intelligence operators listening to German morse code operators made anonymous profiles of the various people signaling the morse code. The speed of code, typing errors et al were used to differentiate between operators.
2
Add a comment...

Per Thorsheim

Shared publicly  - 
 
I have written a guest blog post over at Graham Cluleys site regarding the hacking of "online cheating site" Ashley Madison. I got provoked by an op-ed in the Independent about it, but didnt' comment. Then the Intercept posted an article on Saturday (july 25), which not only revealed information that may cause considerable harm, but also referred to parts of AMs business practices as "extortion". 

So I suggested doing this post to Graham, and he said yes.

https://grahamcluley.com/2015/07/ashley-madison-fake/
Ashley Madison's user database, if it ever appears in public, doesn't prove anything. Don't be too quick to judge, says Per Thorsheim.
5
Graham Cluley's profile photo
 
Great thoughtful article Per. Thanks for contributing. 
Add a comment...

Per Thorsheim

Shared publicly  - 
 
Our schedule with abstracts & speaker info for BSides Las Vegas & the #passwords15 track is now online! 

For the third time in Las Vegas and our 8th edition of PasswordsCon, I am proud and humbled of what we have achieved since our first edition in December 2010. This is going to be awesome!

http://bsideslv2015.sched.org/venues/
1
Add a comment...

Per Thorsheim

Shared publicly  - 
 
Passwords 2015

The 9th International Conference on Passwords 
7, 8, 9 December 2015 
University of Cambridge, United Kingdom

The Passwords conference was launched in 2010 as a response to the lack of robustness and usability of current personal authentication practices and solutions. Annual participation has doubled over the past three years. Since 2014, the conference accepts peer-reviewed papers.

The CFP is now available here:
http://www.cl.cam.ac.uk/events/passwords2015/

Please share this with all relevant contacts you may have!
Passwords 2015. The 9th International Conference on Passwords 7, 8, 9 December 2015. University of Cambridge, United Kingdom. The Passwords conference was launched in 2010 as a response to the lack of robustness and usability of current personal authentication practices and solutions.
3
1
Bård Aase's profile photo
Add a comment...

Per Thorsheim

Shared publicly  - 
 
Good article from Lorenzo Franceschi-Bicchierai at Motherboard, with quotes from Joseph Bonneau, Jeremi Gosney, Troy Hunt and myself.

The recommendation from everyone summarizes it all: use a password manager. :-)

http://motherboard.vice.com/read/your-brain-actually-doesnt-suck-at-passwords
You can remember a combination of random words or characters, you just need to train your brain.
1
1
Sergiy Shabashkevich's profile photo
Add a comment...
People
Have him in circles
693 people
Stian Skulstad's profile photo
Arve Kvaløy's profile photo
Jakob Breivik Grimstveit's profile photo
Modestas Bunokas's profile photo
Angelo Dell'Aera's profile photo
Tone Skramstad Brække's profile photo
Asle Skarpengland's profile photo
Kjersti Berg's profile photo
Lilly Haug's profile photo
Work
Occupation
Security.
Skills
Passwords
Links
Other profiles
Contributor to
Links
Story
Tagline
Security Professional. Password Researcher.
Introduction
I live and work in Bergen, Norway. Occupation: Security.

I currently hold the CISA and CISM certifications from ISACA, and the CISSP-ISSAP certifications from ISC(2).

More details can be found on my Linkedin profile here: http://www.linkedin.com/in/thorsheim
Bragging rights
1 of 3 finalists for the annual Rosing IT security award in Norway, 2012. Received the commander's coin from the chief of the Norwegian cyber defence forces in spring 2014.
Basic Information
Gender
Male
Relationship
Single
Per Thorsheim's +1's are the things they like, agree with, or want to recommend.
WiFi Track
market.android.com

A WiFi Survey / Wardriving App.

Break Weak Password Hashes
www.indiegogo.com

Instantly check if a hash is from a list of trillions of passwords. Works with unsalted hashes: LM, NTLM, MD5, SHA1, etc.

Jeg bekymrer meg en del for paranoia...
mollerhaug.blogspot.com

En av mine tidligere sjefer sa en gang (fritt oversatt fra engelsk): "Jeg bekymrer meg en del for paranoia. Som oftest er jeg bekymret for a

ISF Norge
market.android.com

The ISF-app gives you a complete overview over the autumn conference – directly to your smartphone! Download the app to review the updated p

Phishing without a webpage - researcher reveals how a link *itself* can ...
nakedsecurity.sophos.com

Can you phish without a phishing page? Research by a student at the University of Oslo in Norway finds that, with the help of a trusty URI,

- En gavepakke til myndighetene - Computerworld
www.idg.no

Er Skype fortsatt troverdig? Nei, sier Eivind Jonassen. Han mener du bør droppe programmet. - Bare spekulasjoner og rykter, kontrer Per Thor

The Final Word on the LinkedIn Leak
securitynirvana.blogspot.com

As you are undoubtedly aware of by now, two weeks ago the professional networking site LinkedIn became the victim of a rather unfortunate mi

Hackere kan kreve løsepenger for familiebildene dine
tv2.no

Et datavirus som tar over filer på datamaskinen din og gjør dem uleselige herjer nettet.

GO LauncherEX Norwegian langua
market.android.com

GO Launcher Dev Team A language plug-in for GO LauncherEX. This pack is for GO LauncherEX Norwegian language support. Install it and change

- Skriv gjerne passordet på lapp - Computerworld
www.idg.no

Passordekspert Per Thorsheim mener passordet er tryggere på lapp enn i utrygg app.

Passord-apper holder ikke mål - Computerworld
www.idg.no

De holder orden på passordene, men er elendig kryptert - flere mangler kryptering helt.

- Vi hater passord - Computerworld
www.idg.no

Sikkerhetssjef Úlfar Erlingsson i Google mener konkurrentene er hans største sikkerhetstrussel. Årsaken: Kundene hater passord.

Cryptohaze Blog: GPU Rainbow Tables 1.22 out - with WebTables fixes!
blog.cryptohaze.com

GPU Rainbow Tables 1.22 out - with WebTables fixes! Sorry for the delay. My random number generator code was acting up and needed revision.