Aaron Parecki

Jay Graber https://twitter.com/arcalinea

Here are the protocol features we're excited to finish:

- Domain names as usernames & account portability
- Algorithmic choice & custom feeds
- Composable moderation & reputation systems

Portland, Oregon • 40°F

Fri, Mar 3, 2023 10:55pm +00:00 (liked on Fri, Mar 3, 2023 8:24pm -08:00)
Jay Graber https://twitter.com/arcalinea

The app is a simple, straightforward microblogging client because our devs are currently focused on surfacing protocol features in the UX. The purpose of the app is to be a reference client for devs building on atproto, and to be a landing place for curious users.

Portland, Oregon • 40°F

Fri, Mar 3, 2023 10:55pm +00:00 (liked on Fri, Mar 3, 2023 8:24pm -08:00)
patrick. https://twitter.com/imPatrickT

influencer marketing is broken. hear me out.

the space needs disrupting. think:
- display ads
- promoting posts on social media
- billboards
- product placement in tv/movies
- pre-roll
- brand accessible analytics
- actionable KPI’s

who’s building this?

Portland, Oregon • 40°F

Fri, Mar 3, 2023 4:08pm +00:00 (liked on Fri, Mar 3, 2023 5:02pm -08:00)
The Fediverse is Already Dead | Nora Codes (nora.codes)

Fri, Mar 3, 2023 9:23am -08:00 #mastodon #fediverse
Contributions from: Australia, France, Germany, India, Kuwait, Sweden, United Kingdom, United States

Fri, Mar 3, 2023 8:58am -08:00
9:35pm
Asleep

5:37am
Awake

8h 02m
Slept

28m
Awake for

Portland, Oregon, USA • 37°F

Fri, Mar 3, 2023 5:37am -08:00
Brandon Trebitowski https://brandontreb.com • Mar 3
True, but it would be tricky.

Wouldn’t the attacker have find a way to extract the code_verifier from local storage and pass it along with the hijacked redirect?

They would have to somehow have the ability to write custom js code on the path they are redirecting to. I guess this is possible on sites that don’t sanitize user inputs.

I was thinking the attacker makes up their *own* `code_verifier` and injects that into the first open redirect

Portland, Oregon • 42°F

1 reply

Thu, Mar 2, 2023 4:16pm -08:00
Brandon Trebitowski https://brandontreb.com • Mar 2
Could using PKCE fix this issue?

Yep! This is exactly the kind of thing PKCE prevents! With PKCE, even if the open redirect were in place, the attacker wouldn't have been able to do anything with the stolen authorization code.

Although now I'm thinking this through and if the open redirects are really open enough, you could probably still pull something off even while using PKCE.

Portland, Oregon • 42°F

1 reply

Thu, Mar 2, 2023 4:03pm -08:00
another day, another account takeover caused by an open redirector and the OAuth Implicit flow 🫠

https://salt.security/blog/traveling-with-oauth-account-takeover-on-booking-com

Portland, Oregon • 40°F

14 likes 4 reposts 1 reply

Thu, Mar 2, 2023 10:16am -08:00 #oauth #security
Charlotte Brandhorst-Satzkorn https://inuh.net/@catzkorn • Mar 2
Ever wanted to use your own choice of OIDC IdP with @tailscale? I'm looking for private alpha testers - new and existing users welcome. DM me!

I would love to check this out actually, I'm working on some documentation to help companies like Tailscale adopt features exactly like this!

I don't have a way to DM you on mastodon but you can email me! https://aaronparecki.com/contact/

Portland, Oregon • 39°F

Thu, Mar 2, 2023 9:40am -08:00
Brian O'Connor https://twitter.com/BrianFOConnor

2) Write your brand's story

This story is about the customer.

Make them the hero, their problem is the "villain" and you are the guide who will give them a plan to overcome their pain.

Here are the 7 steps you need to build your story:

Portland, Oregon • 39°F

Wed, Mar 1, 2023 1:35pm +00:00 (liked on Thu, Mar 2, 2023 7:54am -08:00)
The Great Gaslighting of the JavaScript Era | The Spicy Web (www.spicyweb.dev)

Thu, Mar 2, 2023 6:30am -08:00 #web #react #javascript
11:32pm
Asleep

5:31am
Awake

5h 59m
Slept

22m
Awake for

Portland, Oregon, USA • 39°F

Thu, Mar 2, 2023 5:31am -08:00
Vittorio https://twitter.com/vibronet • Mar 1
Finally took pics of the @Delta Parallel Reality experience. TL;DR, you scan your BP and a smart billboard uses face recognition to present your information just to you, using a parallactic display to ensure your text can only be seen from your position.
Big Delta fan, Diamond… https://twitter.com/i/web/status/1631049565699813377

Oh but they already have multifactor auth in their login page!

Username, password, and that "last name" box that pops up right before you're about to click log in, which also breaks password managers 😇🤦‍♂️

Portland, Oregon • 42°F

6 likes

Wed, Mar 1, 2023 6:01pm -08:00
Sherrod DeGrippo 📬 https://twitter.com/sherrod_im

The idea that a user can be wrong for clicking on a link, is an abject failure of our work as security practitioners. A user clicking a link should never be wrong on their part.

Portland, Oregon • 45°F

Wed, Mar 1, 2023 3:12pm +00:00 (liked on Wed, Mar 1, 2023 4:04pm -08:00)
TW https://twitter.com/twesq

No only did this $8 tweet cost Eli Lilly $15 billion in market cap, it eventually led to an insulin price cap. I think we can safely call this the greatest shitpost in the history of the internet. https://twitter.com/nbcnews/status/1630918613577154561

Portland, Oregon • 45°F

Wed, Mar 1, 2023 3:17pm +00:00 (liked on Wed, Mar 1, 2023 4:02pm -08:00)
gaut https://twitter.com/0xgaut

Airbnb is broken. Hear me out.

The space needs disrupting. Think:
- a building dedicated to hosting
- full service & cleaning
- central city location
- guaranteed amenities
- professionally trained staff
- knowledgeable concierge
- an integrated restaurant

who’s building this?

Portland, Oregon • 45°F

Tue, Feb 28, 2023 4:06pm +00:00 (liked on Wed, Mar 1, 2023 3:40pm -08:00)
Ride

1.28mi
Distance

5:46
Duration

2:57pm
Start

3:03pm
End

Portland, Oregon • 45°F

Wed, Mar 1, 2023 3:03pm -08:00
9:34pm
Asleep

5:29am
Awake

7h 55m
Slept

25m
Awake for

Portland, Oregon, USA • 33°F

Wed, Mar 1, 2023 5:29am -08:00
Contributions from: Australia, France, India, Kuwait, Sweden, United Kingdom, United States

Tue, Feb 28, 2023 9:32pm -08:00

older