Aaron Parecki

#security

• Two Factor Auth (twofactorauth.org)

  Fri, Jun 19, 2020 5:41pm -07:00 #security #2fa
• 

  If you run a community Twitter account, this is a good time to:
  
  1) Make sure you 100% know everyone who has access to it
  2) Enable two-factor authentication
  
  You do *not* want to be in the position of having to explain that your account has been taken over by racists

  Portland, Oregon • 70°F

  3 likes 4 reposts 1 reply

  Mon, Jun 1, 2020 3:55pm -07:00 #security #twitter

• The Real Cause of the Sign In with Apple Zero-Day

  

  The zero-day bug in Sign In with Apple actually had nothing to do with the OAuth or OpenID Connect part of the Sign In with Apple exchange, and very little to do even with JWTs. Let's take a closer look to see what actually happened.

  continue reading...

  37 likes 19 reposts 1 bookmark 9 replies 25 mentions

  Sun, May 31, 2020 1:49pm -07:00 #oauth #oidc #apple #siwa #security #zeroday
• Zero-day in Sign in with Apple (bhavukjain.com)

  Sat, May 30, 2020 10:44am -07:00 #apple #security
• PKCE vs. Nonce: Equivalent or Not? (danielfett.de)

  Mon, May 18, 2020 4:04pm -07:00 #oauth #security #pkce #openid #nonce
• The Wondeful World of OAuth: Bug Bounty Edition - A Bug’z Life - Medium (medium.com)

  Sun, May 17, 2020 10:39pm -07:00 #oauth #security
• Why avoiding LocalStorage for tokens is the wrong solution (pragmaticwebsecurity.com)

  Mon, May 11, 2020 3:34pm -07:00 #oauth #xss #localstorage #security
• Airman https://twitter.com/airman604

  Outstanding talk about #OAuth and OAuth #security by @aaronpk https://www.youtube.com/watch?v=aU9RsE4fcRM

  Portland, Oregon • 54°F

  Tue, Apr 21, 2020 7:11pm +00:00 (liked on Tue, Apr 21, 2020 12:29pm -07:00) #OAuth #security
• Stripe is Silently Recording Your Movements On its Customers' Websites · mtlynch.io (mtlynch.io)

  Tue, Apr 21, 2020 11:37am -07:00 #stripe #security
• Zoom, beyond the issues | Bram’s Blog (brampat.github.io)

  

  Fri, Apr 17, 2020 6:59am -07:00 #zoom #security
• A semi technical explainer of all known Zoom issues - DEV Community 👩‍💻👨‍💻 (dev.to)

  "Alternatives might be just as flawed, simply less popular right now."

  

  Sun, Apr 5, 2020 1:10pm -07:00 #zoom #security
• Move Fast & Roll Your Own Crypto: A Quick Look at the Confidentiality of Zoom Meetings - The Citizen Lab (citizenlab.ca)

  

  Sun, Apr 5, 2020 8:18am -07:00 #zoom #security

• Digital Spring Cleaning

  Well, it's Spring, and we're all stuck inside! 😃 So why not use this time to do a little Spring cleaning and declutter your digital life. We all have things we know we should do that we keep putting off. Here are a few things you can do to tidy things up and improve your online security in a time when most of us are interacting only online.

  continue reading...

  5 likes 1 bookmark

  Wed, Apr 1, 2020 7:55am -07:00 #spring #security #cleaning #clutter #declutter
• JWTs helping combat fraudulent and unwanted telephone calls (self-issued.info)

  Wed, Feb 12, 2020 3:40pm -08:00 #jwt #security #phone
• Dr. Fett https://twitter.com/dfett42

  Version -14 of the #OAuth 2.0 #Security Best Current Practices Draft is out! https://tools.ietf.org/html/draft-ietf-oauth-security-topics-14

  Alaska Flight 386 PDX to SFO in Albany, Oregon • 43°F

  Mon, Feb 10, 2020 6:44pm +00:00 (liked on Mon, Feb 10, 2020 5:49pm -08:00) #OAuth #Security
• Hardening Refresh Tokens (leastprivilege.com)

  Wed, Jan 22, 2020 6:49am -08:00 #oauth #security
• 

  oh no, please tell me this help article from Facebook is just way out of date...
  
  https://www.facebook.com/help/249817848463304
  
  "Why am I being asked to enter my email login information while trying to reset my Facebook password?"
  
  They can't still be doing this, right?

  Portland, Oregon • 43°F

  3 likes 1 reply

  Fri, Jan 17, 2020 2:46pm -08:00 #facebook #oauth #security
• 

  The confusing part about online security is knowing *when* it's safe to give your SMS two-factor auth codes to a third party.

  Portland, Oregon • 39°F

  4 likes 9 replies

  Mon, Jan 13, 2020 2:53pm -08:00 #security #mfa
• Alasdair Allan https://twitter.com/aallan

  I’m on the train, and the chap in the seat behind me is on the phone to his bank. He has just gone through security verification. I know his name, date of birth, mother’s maiden name, address, and all the account details. Don’t be this guy. He’s an idiot. #privacy #security 😖

  Chicago, Illinois • 44°F

  Fri, Jan 10, 2020 3:09pm +00:00 (liked on Fri, Jan 10, 2020 11:16am -06:00) #privacy #security
• Florian Weil https://twitter.com/derhess

  Again a great webinar by @aaronpk about protecting your #api with #oauth https://youtu.be/8c1SOuO4mPc #webdev #auth #security #identity #coding

  Portland, Oregon • 40°F

  Sun, Dec 15, 2019 2:49pm +00:00 (liked on Sun, Dec 15, 2019 8:14am -08:00) #api #oauth #webdev #auth #security #identity #coding