Aaron Parecki

#security

• Who’s Behind Wednesday’s Epic Twitter Hack? — Krebs on Security (krebsonsecurity.com)

  Fri, Jul 31, 2020 4:39pm -07:00 #twitter #twitterhack #security
• 

  Remember how I always say make sure you audit your third-party JavaScript you embed in your apps, especially in your login pages? Classic example right here, someone inserted malware into the @Twilio SDK because it was in a publicly writable S3 bucket. 😱 https://www.twilio.com/blog/incident-report-taskrouter-js-sdk-july-2020

  Portland, Oregon • 64°F

  4 likes 6 reposts

  Tue, Jul 28, 2020 7:33am -07:00 #security
• OAuth 2.1

  Jul

  22

  July 22, 2020 7:30am - 8:00am (-0700)

  Online

  OAuth Security Workshop

  View Slides

  permalink #oauth #security
• Protecting Single-Page Apps using OAuth

  Jul

  22

  July 22, 2020 5:30am - 6:00am (-0700)

  Online

  OAuth Security Workshop

  View Slides

  permalink #oauth #security
• "if I can do X online, why can't I vote online?" (threader.app)

  Sun, Jul 19, 2020 8:42am -07:00 #voting #security
• 

  Hey @Linode why do you have so many ad trackers on your *login* domain? Of all places that's where you want to use as little 3rd party JS as possible!
  
  Visiting login.linode.com loads trackers from Facebook, Doubleclick, Impact Radius, Oktopost, Linkedin, Google Ads, Bing

  Portland, Oregon, USA

  18 likes 2 reposts 8 replies

  Sat, Jul 18, 2020 12:00pm -07:00 #security
• Stop saving credential tokens in text files | by David Calavera | Medium (medium.com)

  Sat, Jul 18, 2020 7:07am -07:00 #security #cli
• 

  I'm going live with @afitnerd in 5 minutes to talk about OAuth, online security, and also chat about yesterday's massive #TwitterHack! Join us, and bring your OAuth questions! https://youtu.be/dJl5wNAPm-w

  Portland, Oregon, USA

  3 likes 1 repost

  Thu, Jul 16, 2020 12:55pm -07:00 #oauth #twitter #security #twitterhack
• An offensive guide to the Authorization Code grant (postvidia.com)

  Tue, Jul 14, 2020 4:58pm -07:00 #oauth #security
• Raspberry Pi Video Surveillance Monitor - Self Hosted Home (selfhostedhome.com)

  Sat, Jul 4, 2020 5:02pm -07:00 #security #raspberrypi
• Two Factor Auth (twofactorauth.org)

  Fri, Jun 19, 2020 5:41pm -07:00 #security #2fa
• 

  If you run a community Twitter account, this is a good time to:
  
  1) Make sure you 100% know everyone who has access to it
  2) Enable two-factor authentication
  
  You do *not* want to be in the position of having to explain that your account has been taken over by racists

  Portland, Oregon • 70°F

  3 likes 4 reposts 1 reply

  Mon, Jun 1, 2020 3:55pm -07:00 #security #twitter

• The Real Cause of the Sign In with Apple Zero-Day

  

  The zero-day bug in Sign In with Apple actually had nothing to do with the OAuth or OpenID Connect part of the Sign In with Apple exchange, and very little to do even with JWTs. Let's take a closer look to see what actually happened.

  continue reading...

  37 likes 19 reposts 1 bookmark 9 replies 25 mentions

  Sun, May 31, 2020 1:49pm -07:00 #oauth #oidc #apple #siwa #security #zeroday
• Zero-day in Sign in with Apple (bhavukjain.com)

  Sat, May 30, 2020 10:44am -07:00 #apple #security
• PKCE vs. Nonce: Equivalent or Not? (danielfett.de)

  Mon, May 18, 2020 4:04pm -07:00 #oauth #security #pkce #openid #nonce
• The Wondeful World of OAuth: Bug Bounty Edition - A Bug’z Life - Medium (medium.com)

  Sun, May 17, 2020 10:39pm -07:00 #oauth #security
• Why avoiding LocalStorage for tokens is the wrong solution (pragmaticwebsecurity.com)

  Mon, May 11, 2020 3:34pm -07:00 #oauth #xss #localstorage #security
• Airman https://twitter.com/airman604

  Outstanding talk about #OAuth and OAuth #security by @aaronpk https://www.youtube.com/watch?v=aU9RsE4fcRM

  Portland, Oregon • 54°F

  Tue, Apr 21, 2020 7:11pm +00:00 (liked on Tue, Apr 21, 2020 12:29pm -07:00) #OAuth #security
• Stripe is Silently Recording Your Movements On its Customers' Websites · mtlynch.io (mtlynch.io)

  Tue, Apr 21, 2020 11:37am -07:00 #stripe #security
• Zoom, beyond the issues | Bram’s Blog (brampat.github.io)

  

  Fri, Apr 17, 2020 6:59am -07:00 #zoom #security