#apple
-
I wrote an in-depth explanation of the "Sign In with Apple" Zero-Day that was revealed by a security researcher this weekend.
The problem had nothing to do with OAuth or JWT, and you might be surprised at how simple the bug actually was.
https://aaronparecki.com/2020/05/31/30/the-real-cause-of-the-sign-in-with-apple-zero-day -
The Real Cause of the Sign In with Apple Zero-Day
The zero-day bug in Sign In with Apple actually had nothing to do with the OAuth or OpenID Connect part of the Sign In with Apple exchange, and very little to do even with JWTs. Let's take a closer look to see what actually happened.continue reading... -
My 2017 12" MacBook is starting to show its age, but I hate that there is nothing to replace it right now. There's no reason to get a MacBook Air since it's the same form factor as the 13" Pro. But it seems unlikely they're going to release a small computer again at this point.
-
welp, the rumors were true, Google did in fact buy FitBit: https://www.theverge.com/2019/11/1/20943318/google-fitbit-acquisition-fitness-tracker-announcement
I *want* to switch to an Apple watch, but I can't until it has built-in automatic sleep tracking like the FitBit does! -
Ricky Mondello
https://twitter.com/rmondello
•
Oct 4
Yes, and one of my goals is to, while adhering to Apple’s business practices and style, get involved where I can. I’d really appreciate it if you could publicly or privately let me know about venues you think would be relevant to my team.
Yes, come to the next Internet Identity Workshop, or even the next OAuth group's meeting! (November in Singapore) We would all gladly welcome any engagement by Apple in this space! -
Something about Apple's decision to do "OAuth-but-not-quite" rubbed me the wrong way, but this is a great example of how it breaks down very concretely.
https://twitter.com/atomicbird/status/1163478833326108673
