Aaron Parecki

51°F

#security

Stop saving credential tokens in text files | by David Calavera | Medium (medium.com)

Sat, Jul 18, 2020 7:07am -07:00 #security #cli
I'm going live with @afitnerd in 5 minutes to talk about OAuth, online security, and also chat about yesterday's massive #TwitterHack! Join us, and bring your OAuth questions! https://youtu.be/dJl5wNAPm-w

Portland, Oregon, USA

3 likes 1 repost

Thu, Jul 16, 2020 12:55pm -07:00 #oauth #twitter #security #twitterhack
An offensive guide to the Authorization Code grant (postvidia.com)

Tue, Jul 14, 2020 4:58pm -07:00 #oauth #security
Raspberry Pi Video Surveillance Monitor - Self Hosted Home (selfhostedhome.com)

Sat, Jul 4, 2020 5:02pm -07:00 #security #raspberrypi
Two Factor Auth (twofactorauth.org)

Fri, Jun 19, 2020 5:41pm -07:00 #security #2fa
If you run a community Twitter account, this is a good time to:

1) Make sure you 100% know everyone who has access to it
2) Enable two-factor authentication

You do *not* want to be in the position of having to explain that your account has been taken over by racists

Portland, Oregon • 70°F

3 likes 4 reposts 1 reply

Mon, Jun 1, 2020 3:55pm -07:00 #security #twitter
The Real Cause of the Sign In with Apple Zero-Day

The zero-day bug in Sign In with Apple actually had nothing to do with the OAuth or OpenID Connect part of the Sign In with Apple exchange, and very little to do even with JWTs. Let's take a closer look to see what actually happened.
continue reading...

37 likes 19 reposts 1 bookmark 9 replies 25 mentions

Sun, May 31, 2020 1:49pm -07:00 #oauth #oidc #apple #siwa #security #zeroday
Zero-day in Sign in with Apple (bhavukjain.com)

Sat, May 30, 2020 10:44am -07:00 #apple #security
PKCE vs. Nonce: Equivalent or Not? (danielfett.de)

Mon, May 18, 2020 4:04pm -07:00 #oauth #security #pkce #openid #nonce
The Wondeful World of OAuth: Bug Bounty Edition - A Bug’z Life - Medium (medium.com)

Sun, May 17, 2020 10:39pm -07:00 #oauth #security
Why avoiding LocalStorage for tokens is the wrong solution (pragmaticwebsecurity.com)

Mon, May 11, 2020 3:34pm -07:00 #oauth #xss #localstorage #security
Airman https://twitter.com/airman604

Outstanding talk about #OAuth and OAuth #security by @aaronpk https://www.youtube.com/watch?v=aU9RsE4fcRM

Portland, Oregon • 54°F

Tue, Apr 21, 2020 7:11pm +00:00 (liked on Tue, Apr 21, 2020 12:29pm -07:00) #OAuth #security
Stripe is Silently Recording Your Movements On its Customers' Websites · mtlynch.io (mtlynch.io)

Tue, Apr 21, 2020 11:37am -07:00 #stripe #security
Zoom, beyond the issues | Bram’s Blog (brampat.github.io)

Fri, Apr 17, 2020 6:59am -07:00 #zoom #security
A semi technical explainer of all known Zoom issues - DEV Community 👩‍💻👨‍💻 (dev.to)

"Alternatives might be just as flawed, simply less popular right now."

Sun, Apr 5, 2020 1:10pm -07:00 #zoom #security
Move Fast & Roll Your Own Crypto: A Quick Look at the Confidentiality of Zoom Meetings - The Citizen Lab (citizenlab.ca)

Sun, Apr 5, 2020 8:18am -07:00 #zoom #security
Digital Spring Cleaning

Well, it's Spring, and we're all stuck inside! 😃 So why not use this time to do a little Spring cleaning and declutter your digital life. We all have things we know we should do that we keep putting off. Here are a few things you can do to tidy things up and improve your online security in a time when most of us are interacting only online.
continue reading...

5 likes 1 bookmark

Wed, Apr 1, 2020 7:55am -07:00 #spring #security #cleaning #clutter #declutter
JWTs helping combat fraudulent and unwanted telephone calls (self-issued.info)

Wed, Feb 12, 2020 3:40pm -08:00 #jwt #security #phone
Dr. Fett https://twitter.com/dfett42

Version -14 of the #OAuth 2.0 #Security Best Current Practices Draft is out! https://tools.ietf.org/html/draft-ietf-oauth-security-topics-14

Alaska Flight 386 PDX to SFO in Albany, Oregon • 43°F

Mon, Feb 10, 2020 6:44pm +00:00 (liked on Mon, Feb 10, 2020 5:49pm -08:00) #OAuth #Security
Hardening Refresh Tokens (leastprivilege.com)

Wed, Jan 22, 2020 6:49am -08:00 #oauth #security

older