Aaron Parecki

#security

• OAuth 2.0 Device Posture Signals (tools.ietf.org)

  #oauth #ios #security

  Mon, Jan 24, 2022 6:09pm -08:00
• Establishing Your App’s Integrity | Apple Developer Documentation (developer.apple.com)

  #ios #security

  Mon, Jan 24, 2022 5:40pm -08:00
• IRS Will Soon Require Selfies for Online Access – Krebs on Security (krebsonsecurity.com)

  #irs #identity #security

  Thu, Jan 20, 2022 7:54pm -08:00
• It's Now Possible To Sign Arbitrary Data With Your SSH Keys (www.agwa.name)

  #pgp #ssh #security

  Wed, Dec 8, 2021 8:53pm +02:00
• SAML is insecure by design | joonas.fi (joonas.fi)

  #saml #security

  Tue, Nov 16, 2021 8:26am -08:00
• Why Is the Majority of Our MFA So Phishable? | LinkedIn (www.linkedin.com)

  #mfa #security #oauth

  Sun, Nov 7, 2021 12:53pm +01:00
• Phishing Campaign Targets YouTube Creators With Cookie Stealing Malware To Hijack Accounts And Stream Cryptocurrency Scams - CPO Magazine (www.cpomagazine.com)

  "The hackers also used the “pass-the-cookie attack” to compromise YouTube accounts and take control. Google says that although the method has been around for decades, it has recently skyrocketed because of the adoption of multi-factor authentication (MFA)."

  #youtube #google #hacking #security #mfa #2fa

  Sat, Nov 6, 2021 8:14pm +01:00
• Thingiverse Data Leak Affects 228,000 Subscribers (www.databreachtoday.com)

  "the leaked data set was a result of a "misconfigured S3 bucket" from Thingiverse's backup data"

  #s3 #security

  Thu, Oct 14, 2021 7:04am -07:00
• Péter Szilágyi (karalabe.eth) https://twitter.com/peter_szilagyi

  Between the 3 Sept and 10 Sept, secure env vars of *all* public @travisci repositories were injected into PR builds. Signing keys, access creds, API tokens.
  
  Anyone could exfiltrate these and gain lateral movement into 1000s of orgs. #security 1/4
  
  https://travis-ci.community/t/security-bulletin/12081

  Portland, Oregon • 61°F

  #security

  Tue, Sep 14, 2021 5:15am +00:00 (liked on Tue, Sep 14, 2021 9:54am -07:00)
• FORCEDENTRY: NSO Group iMessage Zero-Click Exploit Captured in the Wild - The Citizen Lab (citizenlab.ca)

  #apple #security #zeroday #hacking

  Mon, Sep 13, 2021 10:57pm -07:00
• API Tokens: A Tedious Survey · Fly (fly.io)

  #oauth #security #api

  Tue, Aug 24, 2021 4:36pm -07:00
• Matt Raible https://twitter.com/mraible

  Today is Okta + Auth0's developer day! Learn how to secure APIs, IoT devices, and your JAMstack apps.
  
  🤓 https://developerday.com
  
  Tomorrow, we're hosting a full day of labs with hands-on exercises.
  
  📺 https://developer-day.live
  
  I hope to see you there!
  
  #security #oauth2 #oidc

  Seattle, Washington • 54°F

  #security #oauth2 #oidc

  Tue, Aug 24, 2021 2:41pm +00:00 (liked on Tue, Aug 24, 2021 8:21am -07:00)
• Changelog https://twitter.com/changelog

  🔥 New episode of The Changelog! 🔥
  
  📌 OAuth, "It's complicated."
  💫 with @aaronpk
  🎤 hosted by @adamstac @jerodsanto
  🗃️ #security
  
  💚 https://changelog.fm/456

  Portland, Oregon • 72°F

  #security #oauth

  Mon, Aug 23, 2021 11:02pm +00:00 (liked on Mon, Aug 23, 2021 4:03pm -07:00)
• Owncast https://botsin.space/@owncast

  OktaDev Live has just started streaming on their #owncast server! Check them out at:
  https://live.oktadev.events.

  OAuth Happy Hour

  #okta #security #api #oktadev #oauth

  

  Portland, Oregon • 102°F

  #oauth #oktadev #api #security #okta #owncast

  Thu, Aug 12, 2021 11:04pm +00:00 (liked on Thu, Aug 12, 2021 4:54pm -07:00)
• Expanding Client Certificates in Firefox 75 - Mozilla Security Blog (blog.mozilla.org)

  #security #web #firefox

  Wed, Aug 11, 2021 10:35am -07:00
• Evilginx 2 - Next Generation of Phishing 2FA Tokens (breakdev.org)

  #hacking #phishing #2fa #security

  Tue, Jun 29, 2021 11:04am -07:00
• How to securely store passwords in database (www.vaadata.com)

  #security #password

  Mon, Jun 28, 2021 7:29pm -07:00
• Bypassing 2FA using OpenID Misconfiguration (youst.in)

  #openid #security

  Sun, Jun 27, 2021 3:18pm -07:00
• Owncast https://botsin.space/@owncast

  OktaDev Live has just started streaming on their #owncast server! Check them out at:
  https://live.oktadev.events.

  OAuth Happy Hour

  #okta #security #api #oktadev #oauth

  

  Portland, Oregon • 66°F

  #oauth #oktadev #api #security #okta #owncast

  Thu, Jun 10, 2021 11:03pm +00:00 (liked on Thu, Jun 10, 2021 5:05pm -07:00)
• Apple says its new logon tech is as easy as passwords but far more secure - CNET (www.cnet.com)

  #apple #security #icloud #passkey #wwdc #wwdc21

  Thu, Jun 10, 2021 3:08pm -07:00