Aaron Parecki

#security

• Frequent reauth doesn't make you more secure (tailscale.com)

  Thu, Jun 12, 2025 3:04pm -07:00 #security
• Passkeys for Normal People (www.troyhunt.com)

  Wed, May 7, 2025 7:15pm -07:00 #passkeys #security
• 

  Chase sends 8-digit 2fa SMS codes, which seems excessive compared to the 6 that most other places use, but even weirder is that the first digit of them has always been the same, effectively making it a 7 digit code. Anyone know what's up with that?

  Portland, Oregon, USA • 41°F

  4 likes 7 replies

  Sat, Feb 15, 2025 5:56pm -08:00 #security #sms #2fa
• 

  At long last, the OAuth working group has finished the Best Current Practice for OAuth 2.0 Security and it was just published as RFC9700! This has been a long time in the works, and I'm very thankful to everyone who has helped out with it over the years!
  
  https://www.rfc-editor.org/rfc/rfc9700.html
  
  This is one of the major inputs to OAuth 2.1, so I'm also very excited to be able to move that forward this year as well!

  Portland, Oregon • 37°F

  65 likes 36 reposts 3 replies

  Tue, Feb 4, 2025 11:15am -08:00 #ietf #oauth #rfc #security
• Millions of Accounts Vulnerable due to Google’s OAuth Flaw ◆ Truffle Security Co. (trufflesecurity.com)

  Tue, Jan 14, 2025 1:08pm -08:00 #oauth #security
• 

  Someone broke through the chain link fence last week, in broad daylight, while I was home, and didn't notice at the time.
  
  I started thinking about what I could do about it, and it turns out the EA Unifi cameras have a new webhook feature. So now my cameras send a webhook to Home Assistant when someone crosses a virtual line, and it will trigger the siren. Since this is a line crossing event, not generic person detection, I can leave it armed 24/7, since nobody should be in that area at all.

  Portland, Oregon, USA • 91°F

  10 likes 2 replies

  Thu, Aug 8, 2024 7:03pm -07:00 #homeautomation #security #homeassistant #unifi
• Google Online Security Blog: Improving the security of Chrome cookies on Windows (security.googleblog.com)

  Tue, Jul 30, 2024 2:08pm -07:00 #chrome #security #google
• Calendar Meeting Links Used to Spread Mac Malware – Krebs on Security (krebsonsecurity.com)

  Wed, Feb 28, 2024 11:34am -08:00 #security #malware
• How I Fell for an Amazon Scam Call and Handed Over $50,000 (www.thecut.com)

  Fri, Feb 16, 2024 3:51pm -08:00 #security #scam
• 

  Now that @1Password launched passkey support *and* it's integrated into iOS 17 with the 1Password app, I feel like I can finally actually take the plunge and set up passkeys everywhere!
  
  No more passwords! and the login UX is so much better too!

  Portland, Oregon, USA • 59°F

  32 likes 9 reposts 2 replies 1 mention

  Sat, Sep 23, 2023 6:48pm -07:00 #security #passkey #password
• HPKE: Standardizing public-key encryption (finally!) (blog.cloudflare.com)

  Wed, Aug 30, 2023 6:05pm -07:00 #encryption #security
• Device Bound Session Credentials explainer (github.com)

  Tue, Aug 29, 2023 3:50pm -07:00 #cookies #browsers #security #oauth
• MSEdgeExplainers/BindingContext/explainer.md at main · MicrosoftEdge/MSEdgeExplainers (github.com)

  Tue, Aug 29, 2023 3:49pm -07:00 #dpop #bpop #oauth #security #cookies #browsers
• London (LHR) to Portland (PDX)

  August 25, 2023 from 3:30pm (+0100) to 5:20pm (-0700)

  British Airways Flight 267

  

  Portland Intl in Portland

  permalink #oauth #security
• OAuth Security Workshop

  Aug

  22

  Aug

  23

  Aug

  24

  August 22-24, 2023
  3 days

  Royal Holloway

  Runnymede, England, GBR

  permalink #oauth #security #osw
• Portland (PDX) to London (LHR)

  August 18, 2023 at 7:10pm (-0700) until Aug 19 at 12:35pm (+0100)

  British Airways Flight 266

  

  Heathrow in London

  permalink #oauth #security
• London

  Aug

  18

  Aug

  …

  Aug

  25

  August 18-25, 2023
  8 days

  London

  London, England, GB

  permalink #oauth #security
• 

  May the 4th be with you! Brand new OAuth shirts just launched: "I find your lack of security disturbing"
  
  Available in a variety of styles and also as a hacker hoodie!
  
  https://shop.oauth.net/listing/lack-of-security-disturbing?product=46

  

  Portland, Oregon, USA • 49°F

  12 likes 4 reposts 1 reply

  Thu, May 4, 2023 11:31am -07:00 #oauth #security
• Chloé Messdaghi https://twitter.com/ChloeMessdaghi

  Excited to host the "Security Superstream: Application Security" event tomorrow with @OReillyMedia. Join experts in the field to learn about the latest techniques for securing your applications and data.
  
  Register now: https://www.oreilly.com/live-events/security-superstream-application-security/0636920083707/0636920083706/
  #security #appsec #cybersecurity

  Portland, Oregon • 50°F

  Wed, Apr 12, 2023 3:55pm +00:00 (liked on Wed, Apr 12, 2023 5:16pm -07:00) #security #appsec #cybersecurity
• Xenomorph Android malware now steals data from 400 banks (www.bleepingcomputer.com)

  Wed, Apr 12, 2023 10:05am -07:00 #security #android