Heading to Stockholm to be the moderator of another dinner debate with Swedish CISO's about GDPR tonight. Very interesting to discuss and learn from experiences gained by others. Also: all agree compliance is minimum, but you have to do more to stay competitive, and earn your customers trust.

Couldn't agree more!


Jeg har blitt intervjuet av Aftenposten i denne saken om ny forskning på sikkerhet ved bruk av fingeravtrykk på mobiltelefoner. Forskning utført av bl.a. Professor Nasir Memon ved New York University, som var en av mange foredragsholdere på min Passwordscon konferanse på Cambridge, desember 2015.


Totally unbelievable. 😡 Read. 😱 Read again. 🤢

Not offering or enforcing 2FA for the US Senate sounds bad. Did anyone say leaks happens, or that .gov gets hacked?

But having printed pictures of a security chip INSTEAD of a real security chip on PIV cards??? Like WTFSRSLY???

Go senator Wyden!
(And I am nowhere near being a US citizen, nor do I live or work there.)

wyden.senate.gov/download/?id= (pdf)

New BIND 9 versions released (9.11.1, 9.10.5 and 9.9.10). Among other things, this versions contain the new DNSSEC KSK public key (that will be switched between June and October this year)


I really like simple services that will check & score the security of various services.

dnsspy.io/ does exactly that for any domain - for free. Premium services are also available for those interested in monitoring their domain over time. Probably a service of interest to some as well I guess.

"it is time to stop kicking the football up and down the field... Encryption technologies should be strengthened, not weakened...The Internet Society calls for ubiquitous encryption for the Internet." - circleid.com/posts/20170407_en

In summary:
- information on the server (including the DMs you send) are unencrypted.

- the person who runs your mastodon instance has access to the server and CAN access this unencrypted info. They may do this intentionally or by accident during maintenance.

- this is common across ALL messaging services, but since Mastodon servers can be small, it's easier to do than it would be on other services.

Be aware and toot safely, thanks for everyone who contributed! :sunglasses:

At Oslo airport with Scott Helme after 4 days in Oslo, including 2 days with TLS + PKI training. Beautiful weather, awesome venue location, great food and a few beers to go with it all. Absolutely smashing fantastic!

Now time to get home and allow brain to cool down over the weekend. 😎

MastodonCipher, an authenticated cipher whose code fits in a 500-char message, soon on your timelines (or however they call it here, tootlines?)

BlaBla: like ChaCha, but 64-bit instead of 32-bit thanks to BLAKE2b's permutation github.com/veorq/blabla

Yes, it's me.
As if that would be some awesome magic words you could or should trust in any way.



Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!