Aaron Parecki

#Security

• Counter-Forensics: Pair-Lock Your Device with Apple’s Configurator – Zdziarski's Blog of Things (www.zdziarski.com)

  

  Mon, Feb 13, 2017 11:26am -08:00 #ios #security

• Day 54: Fixed a JS Vulnerability in Quill #100DaysOfIndieWeb

  Thanks to @sebsel for pointing this out! 

  continue reading...

  1 like 3 mentions

  Sun, Feb 12, 2017 8:28pm -08:00 #security #quill #100daysofindieweb
• Cryptographically Secure PHP Development (paragonie.com)

  

  Fri, Feb 10, 2017 7:51am -08:00 #php #security
• A Lesson In Timing Attacks (or, Don’t use MessageDigest.isEquals) (codahale.com)

  

  Fri, Feb 10, 2017 7:48am -08:00 #security
• 

  When I see an access token that begins with "eyJ", I base64-decode the middle part to see what data they store in it. #oauth #jwt #security

  

  Portland, Oregon, USA

  14 likes 3 reposts 1 reply

  Tue, Jan 31, 2017 8:09am -08:00 #oauth #jwt #security
• macOS 10.12 Sierra: The Ars Technica review | Ars Technica (arstechnica.com)

  "Here’s how it works (note that any time you see “Mac” below, the feature also works on iDevices running iOS 10):
  
  Text or some other item is copied on one Mac. The device then advertises over Bluetooth that it has something in its clipboard, just as it would do if it had content available via Handoff. Unlike Handoff, though, there's no visual indicator on other Macs or iDevices that anything is ready to copy.
  Hit paste on the other Mac. There's a pause that accompanies the action—nearly unnoticeable for a snippet of text or a link but long enough to prompt a little progress bar popup for larger images or big chunks of text—during which Mac #2 requests the contents of Mac #1's clipboard, and Mac #1 sends it over.
  Though both of your devices need to be signed in to the same iCloud account to trust each other, your data never appears to touch Apple's servers—like Handoff, all communication is local. This also means that Bluetooth and Wi-Fi have to be enabled on both devices, and both devices need to be within range of each other for copying and pasting to work. You won't necessarily need an active Internet connection."

  

  Tue, Jan 17, 2017 8:34am -08:00 #osx #ios #clipboard #security
• New year means new keys (bear.im)

  

  Fri, Jan 6, 2017 2:53pm -08:00 #ssh #security #ops
• How to make WordPress secure with nginx and fail2ban | petermolnar.net (petermolnar.net)

  

  Thu, Jan 5, 2017 2:44pm -08:00 #nginx #fail2ban #security
• Op-ed: I’m throwing in the towel on PGP, and I work in security | Ars Technica (arstechnica.com)

  

  Sun, Dec 11, 2016 2:47pm -08:00 #pgp #security
• OneRNG - Hardware Random Number Generator (onerng.info)

  

  Thu, Oct 27, 2016 5:04pm -07:00 #gpg #security #usb #random
• Setting up a VPN and Remote Desktop back into your home with a Synology (from an iPhone) - Scott Hanselman (www.hanselman.com)

  

  Sun, Oct 16, 2016 9:28am -07:00 #vpn #security #synology
• 

  @sip_app @andre_goncalves @ruiaureliano Sip is a great app! But the share URLs are sequential, so it's easy to "hack" other ppls links.

  Portland, Oregon, USA

  Fri, Oct 14, 2016 1:50pm -07:00 #sip #security
• What are malicious USB keys and how to create a realistic one? (www.elie.net)

  

  Wed, Oct 12, 2016 8:07am -07:00 #security #usb
• 

  Wow, way to be proactive on the password security @instagram

  Portland, Oregon, USA

  Tue, Oct 11, 2016 3:49pm -07:00 #password #security
• Samy Kamkar: MagSpoof - credit card/magstripe spoofer (samy.pl)

  

  Sat, Oct 1, 2016 8:42am -07:00 #creditcard #magstripe #security
• RFC 5929 - Channel Bindings for TLS (tools.ietf.org)

  

  Wed, Aug 31, 2016 12:09pm -07:00 #tls #https #security
• Security Guide for Developers (github.com)

  

  Mon, Jul 25, 2016 3:16pm -07:00 #security #guide
• Stop using JWT for sessions - joepie91's Ramblings (cryto.net)

  

  Mon, Jun 13, 2016 1:22pm -07:00 #jwt #security
• 

  This is perhaps the first step in the fall of certificate authorities in favor of p2p root CA trust sharing. https://twitter.com/FiloSottile/status/735940720931012608

  Portland, Oregon, USA

  1 like 1 repost 2 mentions

  Thu, May 26, 2016 3:19pm -07:00 #security #ssl #https #bluecoat
• Untrusting an intermediate CA on OS X (blog.filippo.io)

  

  Thu, May 26, 2016 3:18pm -07:00 #security #bluecoat #osx #ssl