Aaron Parecki

#security

• Raspberry Pi Video Surveillance Monitor - Self Hosted Home (selfhostedhome.com)

  #security #raspberrypi

  Sat, Jul 4, 2020 5:02pm -07:00
• Two Factor Auth (twofactorauth.org)

  #security #2fa

  Fri, Jun 19, 2020 5:41pm -07:00
• 

  If you run a community Twitter account, this is a good time to:
  
  1) Make sure you 100% know everyone who has access to it
  2) Enable two-factor authentication
  
  You do *not* want to be in the position of having to explain that your account has been taken over by racists

  Portland, Oregon • 70°F

  3 likes 4 reposts 1 reply

  #security #twitter

  Mon, Jun 1, 2020 3:55pm -07:00

• The Real Cause of the Sign In with Apple Zero-Day

  

  The zero-day bug in Sign In with Apple actually had nothing to do with the OAuth or OpenID Connect part of the Sign In with Apple exchange, and very little to do even with JWTs. Let's take a closer look to see what actually happened.

  continue reading...

  37 likes 19 reposts 1 bookmark 9 replies 25 mentions

  #oauth #oidc #apple #siwa #security #zeroday

  Sun, May 31, 2020 1:49pm -07:00
• Zero-day in Sign in with Apple (bhavukjain.com)

  #apple #security

  Sat, May 30, 2020 10:44am -07:00
• PKCE vs. Nonce: Equivalent or Not? (danielfett.de)

  #oauth #security #pkce #openid #nonce

  Mon, May 18, 2020 4:04pm -07:00
• The Wondeful World of OAuth: Bug Bounty Edition - A Bug’z Life - Medium (medium.com)

  #oauth #security

  Sun, May 17, 2020 10:39pm -07:00
• Why avoiding LocalStorage for tokens is the wrong solution (pragmaticwebsecurity.com)

  #oauth #xss #localstorage #security

  Mon, May 11, 2020 3:34pm -07:00
• Airman https://twitter.com/airman604

  Outstanding talk about #OAuth and OAuth #security by @aaronpk https://www.youtube.com/watch?v=aU9RsE4fcRM

  Portland, Oregon • 54°F

  #OAuth #security

  Tue, Apr 21, 2020 7:11pm +00:00 (liked on Tue, Apr 21, 2020 12:29pm -07:00)
• Stripe is Silently Recording Your Movements On its Customers' Websites · mtlynch.io (mtlynch.io)

  #stripe #security

  Tue, Apr 21, 2020 11:37am -07:00
• Zoom, beyond the issues | Bram’s Blog (brampat.github.io)

  

  #zoom #security

  Fri, Apr 17, 2020 6:59am -07:00
• A semi technical explainer of all known Zoom issues - DEV Community 👩‍💻👨‍💻 (dev.to)

  "Alternatives might be just as flawed, simply less popular right now."

  

  #zoom #security

  Sun, Apr 5, 2020 1:10pm -07:00
• Move Fast & Roll Your Own Crypto: A Quick Look at the Confidentiality of Zoom Meetings - The Citizen Lab (citizenlab.ca)

  

  #zoom #security

  Sun, Apr 5, 2020 8:18am -07:00

• Digital Spring Cleaning

  Well, it's Spring, and we're all stuck inside! 😃 So why not use this time to do a little Spring cleaning and declutter your digital life. We all have things we know we should do that we keep putting off. Here are a few things you can do to tidy things up and improve your online security in a time when most of us are interacting only online.

  continue reading...

  5 likes 1 bookmark

  #spring #security #cleaning #clutter #declutter

  Wed, Apr 1, 2020 7:55am -07:00
• JWTs helping combat fraudulent and unwanted telephone calls (self-issued.info)

  #jwt #security #phone

  Wed, Feb 12, 2020 3:40pm -08:00
• Dr. Fett https://twitter.com/dfett42

  Version -14 of the #OAuth 2.0 #Security Best Current Practices Draft is out! https://tools.ietf.org/html/draft-ietf-oauth-security-topics-14

  Alaska Flight 386 PDX to SFO in Albany, Oregon • 43°F

  #OAuth #Security

  Mon, Feb 10, 2020 6:44pm +00:00 (liked on Mon, Feb 10, 2020 5:49pm -08:00)
• Hardening Refresh Tokens (leastprivilege.com)

  #oauth #security

  Wed, Jan 22, 2020 6:49am -08:00
• 

  oh no, please tell me this help article from Facebook is just way out of date...
  
  https://www.facebook.com/help/249817848463304
  
  "Why am I being asked to enter my email login information while trying to reset my Facebook password?"
  
  They can't still be doing this, right?

  Portland, Oregon • 43°F

  3 likes 1 reply

  #facebook #oauth #security

  Fri, Jan 17, 2020 2:46pm -08:00
• 

  The confusing part about online security is knowing *when* it's safe to give your SMS two-factor auth codes to a third party.

  Portland, Oregon • 39°F

  4 likes 9 replies

  #security #mfa

  Mon, Jan 13, 2020 2:53pm -08:00
• Alasdair Allan https://twitter.com/aallan

  I’m on the train, and the chap in the seat behind me is on the phone to his bank. He has just gone through security verification. I know his name, date of birth, mother’s maiden name, address, and all the account details. Don’t be this guy. He’s an idiot. #privacy #security 😖

  Chicago, Illinois • 44°F

  #privacy #security

  Fri, Jan 10, 2020 3:09pm +00:00 (liked on Fri, Jan 10, 2020 11:16am -06:00)