85°F

Aaron Parecki

  • Articles
  • Notes
  • Photos

#security

  • Péter Szilágyi (karalabe.eth) https://twitter.com/peter_szilagyi
    Between the 3 Sept and 10 Sept, secure env vars of *all* public @travisci repositories were injected into PR builds. Signing keys, access creds, API tokens.

    Anyone could exfiltrate these and gain lateral movement into 1000s of orgs. #security 1/4

    https://travis-ci.community/t/security-bulletin/12081
    Portland, Oregon • 61°F
    #security
    Tue, Sep 14, 2021 5:15am +00:00 (liked on Tue, Sep 14, 2021 9:54am -07:00)
  • FORCEDENTRY: NSO Group iMessage Zero-Click Exploit Captured in the Wild - The Citizen Lab (citizenlab.ca)
    #apple #security #zeroday #hacking
    Mon, Sep 13, 2021 10:57pm -07:00
  • API Tokens: A Tedious Survey · Fly (fly.io)
    #oauth #security #api
    Tue, Aug 24, 2021 4:36pm -07:00
  • Matt Raible https://twitter.com/mraible
    Today is Okta + Auth0's developer day! Learn how to secure APIs, IoT devices, and your JAMstack apps.

    🤓 https://developerday.com

    Tomorrow, we're hosting a full day of labs with hands-on exercises.

    📺 https://developer-day.live

    I hope to see you there!

    #security #oauth2 #oidc
    Seattle, Washington • 54°F
    #security #oauth2 #oidc
    Tue, Aug 24, 2021 2:41pm +00:00 (liked on Tue, Aug 24, 2021 8:21am -07:00)
  • Changelog https://twitter.com/changelog
    🔥 New episode of The Changelog! 🔥

    📌 OAuth, "It's complicated."
    💫 with @aaronpk
    🎤 hosted by @adamstac @jerodsanto
    🗃️ #security

    💚 https://changelog.fm/456
    Portland, Oregon • 72°F
    #security #oauth
    Mon, Aug 23, 2021 11:02pm +00:00 (liked on Mon, Aug 23, 2021 4:03pm -07:00)
  • Owncast https://botsin.space/@owncast

    OktaDev Live has just started streaming on their #owncast server! Check them out at:
    https://live.oktadev.events.

    OAuth Happy Hour

    #okta #security #api #oktadev #oauth

    Portland, Oregon • 102°F
    #oauth #oktadev #api #security #okta #owncast
    Thu, Aug 12, 2021 11:04pm +00:00 (liked on Thu, Aug 12, 2021 4:54pm -07:00)
  • Expanding Client Certificates in Firefox 75 - Mozilla Security Blog (blog.mozilla.org)
    #security #web #firefox
    Wed, Aug 11, 2021 10:35am -07:00
  • Evilginx 2 - Next Generation of Phishing 2FA Tokens (breakdev.org)
    #hacking #phishing #2fa #security
    Tue, Jun 29, 2021 11:04am -07:00
  • How to securely store passwords in database (www.vaadata.com)
    #security #password
    Mon, Jun 28, 2021 7:29pm -07:00
  • Bypassing 2FA using OpenID Misconfiguration (youst.in)
    #openid #security
    Sun, Jun 27, 2021 3:18pm -07:00
  • Owncast https://botsin.space/@owncast

    OktaDev Live has just started streaming on their #owncast server! Check them out at:
    https://live.oktadev.events.

    OAuth Happy Hour

    #okta #security #api #oktadev #oauth

    Portland, Oregon • 66°F
    #oauth #oktadev #api #security #okta #owncast
    Thu, Jun 10, 2021 11:03pm +00:00 (liked on Thu, Jun 10, 2021 5:05pm -07:00)
  • Apple says its new logon tech is as easy as passwords but far more secure - CNET (www.cnet.com)
    #apple #security #icloud #passkey #wwdc #wwdc21
    Thu, Jun 10, 2021 3:08pm -07:00
  • OAuth 2.0 Threat Model Penetration Testing Checklist (www.binarybrotherhood.io)
    #oauth #security
    Thu, Jun 3, 2021 9:07am -07:00
  • The SSO Wall of Shame | A list of vendors that treat single sign-on as a luxury feature, not a core security requirement. (sso.tax)
    #sso #openid #security
    Tue, May 25, 2021 4:50pm -07:00
  • Humanity wastes about 500 years per day on CAPTCHAs. It’s time to end this madness (blog.cloudflare.com)
    #cloudflare #captcha #webauthn #security
    Mon, May 17, 2021 8:27pm -07:00
  • Aaron Parecki
    If your company is big enough to roll out a mandatory VPN on personal iOS devices, they are big enough to buy you a work phone https://twitter.com/gabrtv/status/1391951192176021505
    Portland, Oregon • 76°F
    96 likes 18 reposts 6 replies 2 mentions
    #ios #vpn #security
    Wed, May 12, 2021 6:13pm -07:00
  • Signing HTTP Messages. There’s a new draft in the HTTP working… | by Justin Richer | May, 2021 | Medium (justinsecurity.medium.com)
    #http #security #oauth
    Tue, May 4, 2021 2:31pm -07:00
  • FAPI – Financial Grade API (fapi.openid.net)
    #openid #fapi #security
    Wed, Apr 7, 2021 12:11pm -07:00
  • Whistleblower: Ubiquiti Breach “Catastrophic” — Krebs on Security (krebsonsecurity.com)
    #security #unifi #ubiquiti
    Tue, Mar 30, 2021 2:04pm -07:00
  • Owncast https://botsin.space/@owncast

    OktaDev Live has just started streaming on their #owncast server! Check them out at:
    https://live.oktadev.events.

    OAuth Happy Hour - Live Q&A

    #okta #security #api #oktadev #oauth

    Portland, Oregon • 40°F
    #oauth #oktadev #api #security #okta #owncast
    Thu, Mar 25, 2021 6:05pm +00:00 (liked on Fri, Mar 26, 2021 8:08am -07:00)
next

Hi, I'm Aaron Parecki, co-founder of IndieWebCamp. I maintain oauth.net, write and consult about OAuth, and am the editor of several W3C specifications. I help people learn about video production and livestreaming and dabble in product design.

I've been tracking my location since 2008 and I wrote 100 songs in 100 days. I've spoken at conferences around the world about owning your data, OAuth, quantified self, and explained why R is a vowel. Read more.

  • Security Architect at Okta
  • IndieWebCamp Founder
  • OAuth WG Member

  • ⭐️ Life Stack
  • ⚙️ Home Automation
  • 🎥 YouTube
  • All
  • Articles
  • Bookmarks
  • Notes
  • Photos
  • Replies
  • Reviews
  • Sleep
  • Trips
  • Videos
  • Contact
© 1999-2022 by Aaron Parecki. Powered by p3k. This site supports Webmention.
Except where otherwise noted, text content on this site is licensed under a Creative Commons Attribution 3.0 License.
IndieWebCamp Microformats Webmention W3C HTML5 Creative Commons
WeChat ID
aaronpk_tv