Aaron Parecki

#security

• On The Design and Implementation of a Stealth Backdoor for Web Applications - Paragon Initiative Enterprises Blog (paragonie.com)

  

  Sun, Oct 8, 2017 7:08am -07:00 #security

• Passwordless Logins for Your Website

  

  Why Passwordless Logins?

  continue reading...

  7 likes 5 replies 3 mentions

  Wed, Oct 4, 2017 7:03pm -07:00 #okta #security #password #login
• Software is a Long Con – emptywheel (www.emptywheel.net)

  

  Fri, Sep 15, 2017 8:36am -07:00 #software #security
• 

  A bit ironic that the @OktaneConf app uses an embedded browser for LinkedIn's OAuth connection. #security #oktane17

  

  Las Vegas, Nevada, USA

  1 repost

  Sun, Aug 27, 2017 7:53pm -07:00 #security #oktane17
• 

  Nice, @backblaze just added two-factor auth via TOTP! Much better than SMS. #security https://www.backblaze.com/blog/two-factor-verification-via-totp/

  Portland, Oregon, USA

  1 like 1 reply

  Fri, Jul 14, 2017 7:46am -07:00 #security #totp
• Solved: [Tutorial] RTSP Raspberry Pi B+ Viewer [6-Cam] [4-Cam] - Ubiquiti Networks Community (community.ubnt.com)

  

  Thu, Jun 29, 2017 4:08pm -07:00 #rtsp #video #raspi #security
• Omxplayer - eLinux.org (elinux.org)

  

  Thu, Jun 29, 2017 4:08pm -07:00 #raspi #camera #video #security
• Troy Hunt: Reckon you've seen some stupid security things? Here, hold my beer... (www.troyhunt.com)

  

  Fri, Apr 28, 2017 6:49am -07:00 #security
• Cloning voices: Imitating people’s speech patterns precisely could bring trouble | The Economist (www.economist.com)

  

  Sun, Apr 23, 2017 9:18am -07:00 #voice #security
• The Line of Death – text/plain (textslashplain.com)

  

  Mon, Mar 6, 2017 2:20pm -08:00 #security #ux
• 

  Are there any security implications of a website knowing whether you have the 1password browser extension installed?

  This page will find out whether you have the extension installed, and it could send that information back to my server.

  Type something into the box below.

  Portland, Oregon, USA

  3 likes 2 mentions

  Sun, Mar 5, 2017 12:00pm -08:00 #security #1password
• 

  Nice follow-up to @CloudFlare's disaster bug by @1Password ♥️🔐 https://blog.agilebits.com/2017/02/23/three-layers-of-encryption-keeps-you-safe-when-ssltls-fails/ Keep being awesome, 1Password!

  Portland, Oregon, USA

  2 likes 4 reposts 1 reply

  Thu, Feb 23, 2017 7:03pm -08:00 #1password #security #cloudflare #ssl #https
• Fail2Ban How To: Increased Ban Times for Repeat Offenders (blog.shanock.com)

  

  Wed, Feb 22, 2017 8:07am -08:00 #nginx #fail2ban #security
• How I hacked my own site by feeding it a profile picture via webmention (seblog.nl)

  

  Mon, Feb 13, 2017 2:34pm -08:00 #webmention #security
• Counter-Forensics: Pair-Lock Your Device with Apple’s Configurator – Zdziarski's Blog of Things (www.zdziarski.com)

  

  Mon, Feb 13, 2017 11:26am -08:00 #ios #security

• Day 54: Fixed a JS Vulnerability in Quill #100DaysOfIndieWeb

  Thanks to @sebsel for pointing this out! 

  continue reading...

  1 like 3 mentions

  Sun, Feb 12, 2017 8:28pm -08:00 #security #quill #100daysofindieweb
• Cryptographically Secure PHP Development (paragonie.com)

  

  Fri, Feb 10, 2017 7:51am -08:00 #php #security
• A Lesson In Timing Attacks (or, Don’t use MessageDigest.isEquals) (codahale.com)

  

  Fri, Feb 10, 2017 7:48am -08:00 #security
• 

  When I see an access token that begins with "eyJ", I base64-decode the middle part to see what data they store in it. #oauth #jwt #security

  

  Portland, Oregon, USA

  14 likes 3 reposts 1 reply

  Tue, Jan 31, 2017 8:09am -08:00 #oauth #jwt #security
• macOS 10.12 Sierra: The Ars Technica review | Ars Technica (arstechnica.com)

  "Here’s how it works (note that any time you see “Mac” below, the feature also works on iDevices running iOS 10):
  
  Text or some other item is copied on one Mac. The device then advertises over Bluetooth that it has something in its clipboard, just as it would do if it had content available via Handoff. Unlike Handoff, though, there's no visual indicator on other Macs or iDevices that anything is ready to copy.
  Hit paste on the other Mac. There's a pause that accompanies the action—nearly unnoticeable for a snippet of text or a link but long enough to prompt a little progress bar popup for larger images or big chunks of text—during which Mac #2 requests the contents of Mac #1's clipboard, and Mac #1 sends it over.
  Though both of your devices need to be signed in to the same iCloud account to trust each other, your data never appears to touch Apple's servers—like Handoff, all communication is local. This also means that Bluetooth and Wi-Fi have to be enabled on both devices, and both devices need to be within range of each other for copying and pasting to work. You won't necessarily need an active Internet connection."

  

  Tue, Jan 17, 2017 8:34am -08:00 #osx #ios #clipboard #security