Aaron Parecki

#security

• A semi technical explainer of all known Zoom issues - DEV Community 👩‍💻👨‍💻 (dev.to)

  "Alternatives might be just as flawed, simply less popular right now."

  

  Sun, Apr 5, 2020 1:10pm -07:00 #zoom #security
• Move Fast & Roll Your Own Crypto: A Quick Look at the Confidentiality of Zoom Meetings - The Citizen Lab (citizenlab.ca)

  

  Sun, Apr 5, 2020 8:18am -07:00 #zoom #security

• Digital Spring Cleaning

  Well, it's Spring, and we're all stuck inside! 😃 So why not use this time to do a little Spring cleaning and declutter your digital life. We all have things we know we should do that we keep putting off. Here are a few things you can do to tidy things up and improve your online security in a time when most of us are interacting only online.

  continue reading...

  5 likes 1 bookmark

  Wed, Apr 1, 2020 7:55am -07:00 #spring #security #cleaning #clutter #declutter
• JWTs helping combat fraudulent and unwanted telephone calls (self-issued.info)

  Wed, Feb 12, 2020 3:40pm -08:00 #jwt #security #phone
• Dr. Fett https://twitter.com/dfett42

  Version -14 of the #OAuth 2.0 #Security Best Current Practices Draft is out! https://tools.ietf.org/html/draft-ietf-oauth-security-topics-14

  Alaska Flight 386 PDX to SFO in Albany, Oregon • 43°F

  Mon, Feb 10, 2020 6:44pm +00:00 (liked on Mon, Feb 10, 2020 5:49pm -08:00) #OAuth #Security
• Hardening Refresh Tokens (leastprivilege.com)

  Wed, Jan 22, 2020 6:49am -08:00 #oauth #security
• 

  oh no, please tell me this help article from Facebook is just way out of date...
  
  https://www.facebook.com/help/249817848463304
  
  "Why am I being asked to enter my email login information while trying to reset my Facebook password?"
  
  They can't still be doing this, right?

  Portland, Oregon • 43°F

  3 likes 1 reply

  Fri, Jan 17, 2020 2:46pm -08:00 #facebook #oauth #security
• 

  The confusing part about online security is knowing *when* it's safe to give your SMS two-factor auth codes to a third party.

  Portland, Oregon • 39°F

  4 likes 9 replies

  Mon, Jan 13, 2020 2:53pm -08:00 #security #mfa
• Alasdair Allan https://twitter.com/aallan

  I’m on the train, and the chap in the seat behind me is on the phone to his bank. He has just gone through security verification. I know his name, date of birth, mother’s maiden name, address, and all the account details. Don’t be this guy. He’s an idiot. #privacy #security 😖

  Chicago, Illinois • 44°F

  Fri, Jan 10, 2020 3:09pm +00:00 (liked on Fri, Jan 10, 2020 11:16am -06:00) #privacy #security
• Florian Weil https://twitter.com/derhess

  Again a great webinar by @aaronpk about protecting your #api with #oauth https://youtu.be/8c1SOuO4mPc #webdev #auth #security #identity #coding

  Portland, Oregon • 40°F

  Sun, Dec 15, 2019 2:49pm +00:00 (liked on Sun, Dec 15, 2019 8:14am -08:00) #api #oauth #webdev #auth #security #identity #coding
• 

  Since it's apparently OAuth week (yes I just made that up), this is your periodic reminder to review what third-party apps have access to your accounts!
  
  Here's a link to Twitter security settings: https://twitter.com/settings/applications
  
  and links for other services: https://indieweb.org/appaccess

  Portland, Oregon • 44°F

  10 likes 2 reposts 1 reply

  Mon, Dec 9, 2019 5:08pm -08:00 #oauth #security
• DeviceCheck | Apple Developer Documentation (developer.apple.com)

  Mon, Nov 18, 2019 5:43pm +08:00 #ios #apple #security #oauth
• 

  I'm not gonna say JSON Web Tokens are *bad* (if used properly), but I'm also not gonna say they're *great* either.
  
  Here's an interesting alternative though: PASETO
  
  https://developer.okta.com/blog/2019/10/17/a-thorough-introduction-to-paseto

  Brighton, England • 58°F

  14 likes 1 repost 1 reply

  Thu, Oct 17, 2019 6:25pm +01:00 #jwt #json #paseto #security #oktadev
• 

  Stay safe out there kids https://twitter.com/digitallawyer/status/1181348689756864513

  Washington, Washington, D.C. • 64°F

  12 likes 14 reposts 1 reply 2 mentions

  Tue, Oct 8, 2019 9:27pm -04:00 #security #2fa
• Philippe De Ryck https://twitter.com/PhilippeDeRyck

  API security touches upon various different topics. I am discussing a couple of common #API #security pitfalls at the @OWASPLondon meetup tonight. Here's an extended slide deck, with a ton of useful information. https://buff.ly/2N7ySAz
  
  Come say hi tonight, and share this info!

  

  Amsterdam, Noord-Holland • 61°F

  Thu, Sep 19, 2019 5:00pm +00:00 (liked on Thu, Sep 26, 2019 12:19pm +02:00) #API #security
• Deconstructing an iPhone Spearphishing Attack (www.darkreading.com)

  Sun, Sep 22, 2019 7:05am +00:00 #iphone #security
• Securing Your APIs with OAuth 2.0

  Sep

  19

  September 19, 2019 1:30pm - 2:00pm (+1000)

  API Days Melbourne

  API Days Melbourne

  View Slides

  Watch Video

  permalink #oauth #api #oktadev #security
• e-sushi https://twitter.com/originalesushi

  Hey @facebook, demanding the secret password of the personal email accounts of your users for verification, or any other kind of use, is a HORRIBLE idea from an #infosec point of view. By going down that road, you're practically fishing for passwords you are not supposed to know!

  

  Sydney, New South Wales • 52°F

  Sun, Mar 31, 2019 11:27pm +00:00 (liked on Tue, Sep 17, 2019 12:04pm +10:00) #infosec #facebook #oauth #security
• dekuNukem/daytripper: A Multifunctional Laser Tripwire (github.com)

  Mon, Sep 9, 2019 8:43pm -05:00 #electronics #security
• Fraudsters deepfake CEO's voice to trick manager into transferring $243,000 (thenextweb.com)

  Mon, Sep 9, 2019 8:13am -05:00 #security