Build your offensive security lab with 18 DRM-free books worth $700+. Download once, read anywhere, keep forever.

Pay what you want (starting around $36) and support the EFF while you’re at it: https://www.humblebundle.com/books/hacking-no-starch-books

01.12.2025 19:00 — 👍 40    🔁 23    💬 1    📌 1

Passkey Mythbusters: Short Takes on Common Misunderstandings @ Authenticate 2025 Passkeys promise to replace passwords with a simpler, more secure login experience, but myths and confusion still hold many organizations back. This session at Authenticate 2025 tacklea some commonly ...

At Authenticate, @iamkale.millerti.me, @nishantkaushik.com, and I decided to mix up the usual "Passkeys 101" and cover common misconceptions about #passkeys. Topics around cloud sync, phishing resistance, workforce usage, and concerns about vendor lock in.

blog.timcappalli.me/p/preso-auth...

27.10.2025 22:22 — 👍 3    🔁 2    💬 1    📌 0

Teaching Applied Cryptography in Beirut: Field Update Two months ago, I began what colleagues politely called an "ambitious" undertaking: teaching Applied Cryptography to fifty students at the American University of Beirut while the country navigates war...

I wrote a long post about my experiences so far in teaching applied cryptography at the American University of Beirut: www.linkedin.com/pulse/teachi...

28.10.2025 08:03 — 👍 17    🔁 3    💬 0    📌 0

The link is missing

28.10.2025 20:08 — 👍 0    🔁 0    💬 0    📌 0

📣THREAD: It’s surprising to me that so many people were surprised to learn that Signal runs partly on AWS (something we can do because we use encryption to make sure no one but you–not AWS, not Signal, not anyone–can access your comms).

It’s also concerning. 1/

27.10.2025 10:38 — 👍 2892    🔁 1077    💬 44    📌 182

Passkeys and Verifiable Digital Credentials: Friends or Foes? @ Authenticate 2025 A session at Authenticate 2025 which explores the nuanced dynamics between passkeys and verifiable digital credentials, and their technological foundations across usability, privacy, trust models, and...

#Passkeys and Verifiable Digital Credentials: Friends or Foes?

My presentation from Authenticate 2025!

blog.timcappalli.me/p/preso-auth...

#passkey #webauthn #vdc #mdl #mdoc #authenticate2025

24.10.2025 23:20 — 👍 6    🔁 1    💬 0    📌 0

Some upcoming talks for my course's Applied Cryptography Speaker Series

As always, you can learn more about my course at appliedcryptography.page

(Necessary disclaimer: I'm organizing these talks on my own, AUB is not involved, and they're happening online, not at the university)

21.10.2025 17:04 — 👍 6    🔁 1    💬 0    📌 0

"I don't have anything to hide why should I care about privacy?"

16.10.2025 14:46 — 👍 425    🔁 173    💬 13    📌 4

A Retrospective Survey of 2024/2025 Open Source Supply Chain Compromises Project compromises have common root causes we can mitigate: phishing, control handoff, and unsafe GitHub Actions triggers.

To implement robust mitigations across Geomys, I did a survey of open source project compromises in 2024/2025.

Three root causes dominate: phishing, control handoff, and unsafe GitHub Actions triggers. All three can be systematically avoided.

words.filippo.io/compromise-s...

10.10.2025 14:34 — 👍 63    🔁 21    💬 4    📌 2