Aaron Parecki

#security

• 

  I'm not gonna say JSON Web Tokens are *bad* (if used properly), but I'm also not gonna say they're *great* either.
  
  Here's an interesting alternative though: PASETO
  
  https://developer.okta.com/blog/2019/10/17/a-thorough-introduction-to-paseto

  Brighton, England • 58°F

  13 likes 1 repost 1 reply

  #jwt #json #paseto #security #oktadev

  Thu, Oct 17, 2019 6:25pm +01:00
• 

  Stay safe out there kids https://twitter.com/digitallawyer/status/1181348689756864513

  Washington, Washington, D.C. • 64°F

  12 likes 14 reposts 1 reply 2 mentions

  #security #2fa

  Tue, Oct 8, 2019 9:27pm -04:00
• Philippe De Ryck https://twitter.com/PhilippeDeRyck

  API security touches upon various different topics. I am discussing a couple of common #API #security pitfalls at the @OWASPLondon meetup tonight. Here's an extended slide deck, with a ton of useful information. https://buff.ly/2N7ySAz
  
  Come say hi tonight, and share this info!

  

  Amsterdam, Noord-Holland • 61°F

  #API #security

  Thu, Sep 19, 2019 5:00pm +00:00 (liked on Thu, Sep 26, 2019 12:19pm +02:00)
• Deconstructing an iPhone Spearphishing Attack (www.darkreading.com)

  United Flight 99 MEL to LAX • 61°F

  #iphone #security

  Sun, Sep 22, 2019 7:05am +00:00
• e-sushi https://twitter.com/originalesushi

  Hey @facebook, demanding the secret password of the personal email accounts of your users for verification, or any other kind of use, is a HORRIBLE idea from an #infosec point of view. By going down that road, you're practically fishing for passwords you are not supposed to know!

  

  Sydney, New South Wales • 52°F

  #infosec #facebook #oauth #security

  Sun, Mar 31, 2019 11:27pm +00:00 (liked on Tue, Sep 17, 2019 12:04pm +10:00)
• dekuNukem/daytripper: A Multifunctional Laser Tripwire (github.com)

  Tulsa, Oklahoma • 84°F

  #electronics #security

  Mon, Sep 9, 2019 8:43pm -05:00
• Fraudsters deepfake CEO's voice to trick manager into transferring $243,000 (thenextweb.com)

  Bartlesville, Oklahoma • 74°F

  #security

  Mon, Sep 9, 2019 8:13am -05:00
• 

  This @jack situation is making me rethink my phone number strategy. I've been treating my SIM number as disposable and easily replaceable, where the number I use for 2FA is a google voice number. But now I'm thinking treating my SIM number as a password is a better plan.

  Portland, Oregon, USA

  6 likes 1 repost 2 replies

  #security

  Fri, Aug 30, 2019 2:23pm -07:00
• 

  TIL even web developers aren't safe from side-channel attacks. Nice overview of CORB and why it's important. https://developer.okta.com/blog/2019/08/26/combat-side-channel-attacks-with-corb

  Portland, Oregon, USA

  4 likes

  #security #corb

  Mon, Aug 26, 2019 9:08am -07:00
• A Technical Analysis of the Capital One Hack - CloudSploit (blog.cloudsploit.com)

  Portland, Oregon

  #security #aws

  Wed, Aug 7, 2019 12:03pm -07:00
• apple_bleee/README.md at master · hexway/apple_bleee (github.com)

  Portland, Oregon

  #bluetooth #apple #ios #security

  Mon, Jul 29, 2019 7:42am -07:00
• UniFi Video & Nginx Reverse Proxy | Ubiquiti Community (community.ui.com)

  Portland, Oregon

  #unifi #video #camera #security #homeautomation

  Sat, Jul 20, 2019 5:35pm -07:00
• Heather Downing https://twitter.com/quorralyne

  Come to the @oktadev booth at #KCDC2019 to chat with fun and awesome people about #oauth #security and win stuff in it developer challenge! @briandemers @aaronpk @afitnerd @okta #Okta

  

  Kansas City, Missouri

  1 mention

  #KCDC2019 #oauth #security #Okta

  Wed, Jul 17, 2019 3:16pm +00:00 (liked on Wed, Jul 17, 2019 11:08am -05:00)
• 

  Good reminder to add "check whether the password field supports pasting from password managers" to my list of criteria when deciding where to open a bank account. https://twitter.com/KeyBank_Help/status/1148247347463446528

  Portland, Oregon, USA

  23 likes 2 reposts 4 replies

  #security

  Mon, Jul 8, 2019 8:20am -07:00
• Everybody is getting tragically sim swapped and you will too (www.tonysheng.com)

  London, England

  #sim #security #hack

  Wed, Jun 19, 2019 11:54pm +01:00
• privacy/security concerns · Issue #68 · plaid/link (web.archive.org)

  London, England

  #bank #security #oauth

  Wed, Jun 19, 2019 11:32am +01:00
• Drummond Reed https://twitter.com/drummondreed

  Biggest laugh at #IIW so far: when @justin__richer in his session on “Is #selfsovereignidentity really possible” turned to Dave Crocker and said that we can all blame him for the Internet not having #security built in from the start.

  

  San Jose, California • 49°F

  #IIW #selfsovereignidentity #security

  Thu, May 2, 2019 6:03pm +00:00 (liked on Thu, May 2, 2019 4:18pm -07:00)
• #110293 Insufficient OAuth callback validation which leads to Periscope account takeover (hackerone.com)

  Portland, Oregon • 49°F

  #oauth #twitter #security

  Fri, Apr 12, 2019 11:37pm -07:00
• Security Considerations While Using ssh-agent. – Command Prompt, Inc. (www.commandprompt.com)

  Langenhagen, Niedersachsen • 49°F

  #ssh #security

  Fri, Apr 12, 2019 10:29am +02:00
• Aaron Parecki https://aaronparecki.com/

  Standing room only for my talk at #oktane19! 🎉 "OAuth: When Things Go Wrong" I had a blast, thanks everyone for coming to the session!
  The video will be posted to the @okta YouTube channel soon! .
  .
  .
  #okta #oktane #oauth #security #devrel #facebookfail #twitterfail #googlefail 📷 @quorralyne

  

  San Francisco, California • 49°F

  #oktane19 #okta #oktane #oauth #security #devrel #facebookfail #twitterfail #googlefail

  Wed, Apr 3, 2019 3:48pm -07:00 (liked on Thu, Apr 4, 2019 7:35am -07:00)