I've given many talks about how mobile apps can't be deployed ... • Aaron Parecki

56°F

I've given many talks about how mobile apps can't be deployed with a secret, and using Twitter's 2013 "hacks" as an example. I'm just going to leave this completely unrelated string of random characters here for no particular reason

GgDYlkSvaPxGxC4X8liwpUoqKwwr3lCADbz8A7ADU

Portland, Oregon, USA • 43°F

#twitter #oauth #security

Thu, Feb 2, 2023 8:12pm -08:00

100 likes 52 reposts 10 replies
Have you written a response to this? Let me know the URL:
- DazzaGreenwood twitter.com/dazzagreenwood
  
  Is that a cat in the preceding tweet?
  
  Fri, Feb 3, 2023 5:27pm +00:00 (via brid.gy)
- DazzaGreenwood twitter.com/dazzagreenwood
  
  Hey now. gist.github.com/shobotch/51600…
  
  Fri, Feb 3, 2023 5:27pm +00:00 (via brid.gy)
- Aaron Parecki twitter.com/aaronpk
  
  😈
  
  Fri, Feb 3, 2023 4:10pm +00:00 (via brid.gy)
- Justin Richer 🐀 twitter.com/justin__richer
  
  I hovered over your tweet and got this dialog. It was very spooky.
  
  Fri, Feb 3, 2023 4:08pm +00:00 (via brid.gy)
- Dan Moore twitter.com/mooreds
  
  Fri, Feb 3, 2023 3:44pm +00:00 (via brid.gy)
- Karl Voit :emacs: :orgmode: graz.social/users/publicvoit
  
  @aaronpk https://gist.github.com/shobotch/5160017#file-key-md
  
  Fri, Feb 3, 2023 4:20am -08:00
- Ric Fink twitter.com/ricfink
  
  OK Aaron, I successfully decrypted it. It says: "OAuth is the Breakfast of Champions!" Buy me lunch and I'll tell you how I did it!
  
  Fri, Feb 3, 2023 6:25am +00:00 (via brid.gy)
- Daniel O'Holleran twitter.com/doholleran
  
  How did you guess my seed phrase?
  
  Fri, Feb 3, 2023 5:17am +00:00 (via brid.gy)
- John Gordon appdot.net/users/jgordon
  
  @aaronpk
  "Weirdly" that string has google hits.
  
  Thu, Feb 2, 2023 8:47pm -08:00
- social.veraciousnetwork.com/users/cdp1337
  
  @aaronpk From a dev standpoint it's just good practice, right? Distributing your consumer secret keys to so many devices so your team never misplaces it, right?....
  It's like when I share my ssh private key in my public github repo for backup purposes along with a list of all servers it can access. (/sarcasm)
  
  Thu, Feb 2, 2023 8:22pm -08:00

Posted in /notes using quill.p3k.io