Aaron Parecki

#Security

• IRS Will Soon Require Selfies for Online Access – Krebs on Security (krebsonsecurity.com)

  Thu, Jan 20, 2022 7:54pm -08:00 #irs #identity #security
• It's Now Possible To Sign Arbitrary Data With Your SSH Keys (www.agwa.name)

  Wed, Dec 8, 2021 8:53pm +02:00 #pgp #ssh #security
• SAML is insecure by design | joonas.fi (joonas.fi)

  Tue, Nov 16, 2021 8:26am -08:00 #saml #security
• Why Is the Majority of Our MFA So Phishable? | LinkedIn (www.linkedin.com)

  Sun, Nov 7, 2021 12:53pm +01:00 #mfa #security #oauth
• Phishing Campaign Targets YouTube Creators With Cookie Stealing Malware To Hijack Accounts And Stream Cryptocurrency Scams - CPO Magazine (www.cpomagazine.com)

  "The hackers also used the “pass-the-cookie attack” to compromise YouTube accounts and take control. Google says that although the method has been around for decades, it has recently skyrocketed because of the adoption of multi-factor authentication (MFA)."

  Sat, Nov 6, 2021 8:14pm +01:00 #youtube #google #hacking #security #mfa #2fa
• Thingiverse Data Leak Affects 228,000 Subscribers (www.databreachtoday.com)

  "the leaked data set was a result of a "misconfigured S3 bucket" from Thingiverse's backup data"

  Thu, Oct 14, 2021 7:04am -07:00 #s3 #security
• Péter Szilágyi (karalabe.eth) https://twitter.com/peter_szilagyi

  Between the 3 Sept and 10 Sept, secure env vars of *all* public @travisci repositories were injected into PR builds. Signing keys, access creds, API tokens.
  
  Anyone could exfiltrate these and gain lateral movement into 1000s of orgs. #security 1/4
  
  https://travis-ci.community/t/security-bulletin/12081

  Portland, Oregon • 61°F

  Tue, Sep 14, 2021 5:15am +00:00 (liked on Tue, Sep 14, 2021 9:54am -07:00) #security
• FORCEDENTRY: NSO Group iMessage Zero-Click Exploit Captured in the Wild - The Citizen Lab (citizenlab.ca)

  Mon, Sep 13, 2021 10:57pm -07:00 #apple #security #zeroday #hacking
• API Tokens: A Tedious Survey · Fly (fly.io)

  Tue, Aug 24, 2021 4:36pm -07:00 #oauth #security #api
• Matt Raible https://twitter.com/mraible

  Today is Okta + Auth0's developer day! Learn how to secure APIs, IoT devices, and your JAMstack apps.
  
  🤓 https://developerday.com
  
  Tomorrow, we're hosting a full day of labs with hands-on exercises.
  
  📺 https://developer-day.live
  
  I hope to see you there!
  
  #security #oauth2 #oidc

  Seattle, Washington • 54°F

  Tue, Aug 24, 2021 2:41pm +00:00 (liked on Tue, Aug 24, 2021 8:21am -07:00) #security #oauth2 #oidc
• Changelog https://twitter.com/changelog

  🔥 New episode of The Changelog! 🔥
  
  📌 OAuth, "It's complicated."
  💫 with @aaronpk
  🎤 hosted by @adamstac @jerodsanto
  🗃️ #security
  
  💚 https://changelog.fm/456

  Portland, Oregon • 72°F

  Mon, Aug 23, 2021 11:02pm +00:00 (liked on Mon, Aug 23, 2021 4:03pm -07:00) #security #oauth
• Owncast https://botsin.space/@owncast

  OktaDev Live has just started streaming on their #owncast server! Check them out at:
  https://live.oktadev.events.

  OAuth Happy Hour

  #okta #security #api #oktadev #oauth

  

  Portland, Oregon • 102°F

  Thu, Aug 12, 2021 11:04pm +00:00 (liked on Thu, Aug 12, 2021 4:54pm -07:00) #oauth #oktadev #api #security #okta #owncast
• Expanding Client Certificates in Firefox 75 - Mozilla Security Blog (blog.mozilla.org)

  Wed, Aug 11, 2021 10:35am -07:00 #security #web #firefox
• Evilginx 2 - Next Generation of Phishing 2FA Tokens (breakdev.org)

  Tue, Jun 29, 2021 11:04am -07:00 #hacking #phishing #2fa #security
• How to securely store passwords in database (www.vaadata.com)

  Mon, Jun 28, 2021 7:29pm -07:00 #security #password
• Bypassing 2FA using OpenID Misconfiguration (youst.in)

  Sun, Jun 27, 2021 3:18pm -07:00 #openid #security
• Owncast https://botsin.space/@owncast

  OktaDev Live has just started streaming on their #owncast server! Check them out at:
  https://live.oktadev.events.

  OAuth Happy Hour

  #okta #security #api #oktadev #oauth

  

  Portland, Oregon • 66°F

  Thu, Jun 10, 2021 11:03pm +00:00 (liked on Thu, Jun 10, 2021 5:05pm -07:00) #oauth #oktadev #api #security #okta #owncast
• Apple says its new logon tech is as easy as passwords but far more secure - CNET (www.cnet.com)

  Thu, Jun 10, 2021 3:08pm -07:00 #apple #security #icloud #passkey #wwdc #wwdc21
• OAuth 2.0 Threat Model Penetration Testing Checklist (www.binarybrotherhood.io)

  Thu, Jun 3, 2021 9:07am -07:00 #oauth #security
• The SSO Wall of Shame | A list of vendors that treat single sign-on as a luxury feature, not a core security requirement. (sso.tax)

  Tue, May 25, 2021 4:50pm -07:00 #sso #openid #security