Aaron Parecki

#security

• OAuth 2.0 Threat Model Penetration Testing Checklist (www.binarybrotherhood.io)

  Thu, Jun 3, 2021 9:07am -07:00 #oauth #security
• The SSO Wall of Shame | A list of vendors that treat single sign-on as a luxury feature, not a core security requirement. (sso.tax)

  Tue, May 25, 2021 4:50pm -07:00 #sso #openid #security
• Humanity wastes about 500 years per day on CAPTCHAs. It’s time to end this madness (blog.cloudflare.com)

  Mon, May 17, 2021 8:27pm -07:00 #cloudflare #captcha #webauthn #security
• 

  If your company is big enough to roll out a mandatory VPN on personal iOS devices, they are big enough to buy you a work phone https://twitter.com/gabrtv/status/1391951192176021505

  Portland, Oregon • 76°F

  96 likes 18 reposts 6 replies 2 mentions

  Wed, May 12, 2021 6:13pm -07:00 #ios #vpn #security
• Signing HTTP Messages. There’s a new draft in the HTTP working… | by Justin Richer | May, 2021 | Medium (justinsecurity.medium.com)

  Tue, May 4, 2021 2:31pm -07:00 #http #security #oauth
• FAPI – Financial Grade API (fapi.openid.net)

  Wed, Apr 7, 2021 12:11pm -07:00 #openid #fapi #security
• Whistleblower: Ubiquiti Breach “Catastrophic” — Krebs on Security (krebsonsecurity.com)

  Tue, Mar 30, 2021 2:04pm -07:00 #security #unifi #ubiquiti
• Owncast https://botsin.space/@owncast

  OktaDev Live has just started streaming on their #owncast server! Check them out at:
  https://live.oktadev.events.

  OAuth Happy Hour - Live Q&A

  #okta #security #api #oktadev #oauth

  

  Portland, Oregon • 40°F

  Thu, Mar 25, 2021 6:05pm +00:00 (liked on Fri, Mar 26, 2021 8:08am -07:00) #oauth #oktadev #api #security #okta #owncast
• Owncast https://botsin.space/@owncast

  OktaDev Live has just started streaming on their #owncast server! Check them out at:
  https://live.oktadev.events.

  What's New in OAuth 2.1

  #okta #security #api #oktadev #oauth

  

  Portland, Oregon • 54°F

  Tue, Mar 23, 2021 5:10pm +00:00 (liked on Tue, Mar 23, 2021 6:20pm -07:00) #oauth #oktadev #api #security #okta #owncast
• 

  lol the phone system is so broken https://twitter.com/josephfcox/status/1371509983842598918

  Portland, Oregon, USA • 45°F

  8 likes 4 reposts 1 reply

  Mon, Mar 15, 2021 4:15pm -07:00 #sms #security #2fa
• TOFU Attack: Your registration flow is a breach waiting to happen... (paul.reviews)

  Sat, Mar 13, 2021 7:01am -08:00 #security
• trimstray/nginx-admins-handbook: How to improve NGINX performance, security, and other important things. (github.com)

  Thu, Mar 11, 2021 5:24pm -08:00 #nginx #books #tutorial #security
• A CSO’s perspective on the recent Verkada cyber attack | Okta Security (sec.okta.com)

  Thu, Mar 11, 2021 3:38am -08:00 #security #okta #hack
• Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies | by Alex Birsan | Feb, 2021 | Medium (medium.com)

  Wed, Feb 10, 2021 9:51am -08:00 #security
• What You Should Know Before Leaking a Zoom Meeting (theintercept.com)

  Wed, Jan 20, 2021 1:41pm -08:00 #zoom #security
• That’s not how 2FA works – Terence Eden’s Blog (shkspr.mobi)

  Sun, Jan 17, 2021 12:12pm -08:00 #security #2fa
• Protect domains that don’t send email - GOV.UK (www.gov.uk)

  Wed, Nov 25, 2020 11:38am -08:00 #email #security #dns
• Ok Google: please publish your DKIM secret keys – A Few Thoughts on Cryptographic Engineering (blog.cryptographyengineering.com)

  Tue, Nov 17, 2020 7:54am -08:00 #email #dkim #cryptography #security
• When PKCE Cannot Protect Your Confidential OAuth Client (www.hackmanit.de)

  Mon, Oct 26, 2020 10:02am -07:00 #oauth #openid #pkce #nonce #security
• How I Found An alg=none JWT Vulnerability in the NHS Contact Tracing App | zofrex.com (www.zofrex.com)

  Wed, Oct 21, 2020 7:48am -07:00 #jwt #security