Aaron Parecki

Péter Szilágyi (karalabe.eth) https://twitter.com/peter_szilagyi

Between the 3 Sept and 10 Sept, secure env vars of *all* public @travisci repositories were injected into PR builds. Signing keys, access creds, API tokens.

Anyone could exfiltrate these and gain lateral movement into 1000s of orgs. #security 1/4

https://travis-ci.community/t/security-bulletin/12081

Portland, Oregon • 61°F

Tue, Sep 14, 2021 5:15am +00:00 (liked on Tue, Sep 14, 2021 9:54am -07:00) #security

FORCEDENTRY: NSO Group iMessage Zero-Click Exploit Captured in the Wild - The Citizen Lab (citizenlab.ca)

Mon, Sep 13, 2021 10:57pm -07:00 #apple #security #zeroday #hacking

API Tokens: A Tedious Survey · Fly (fly.io)

Tue, Aug 24, 2021 4:36pm -07:00 #oauth #security #api

Matt Raible https://twitter.com/mraible

Today is Okta + Auth0's developer day! Learn how to secure APIs, IoT devices, and your JAMstack apps.

🤓 https://developerday.com

Tomorrow, we're hosting a full day of labs with hands-on exercises.

📺 https://developer-day.live

I hope to see you there!

#security #oauth2 #oidc

Seattle, Washington • 54°F

Tue, Aug 24, 2021 2:41pm +00:00 (liked on Tue, Aug 24, 2021 8:21am -07:00) #security #oauth2 #oidc

Changelog https://twitter.com/changelog

🔥 New episode of The Changelog! 🔥

📌 OAuth, "It's complicated."
💫 with @aaronpk
🎤 hosted by @adamstac @jerodsanto
🗃️ #security

💚 https://changelog.fm/456

Portland, Oregon • 72°F

Mon, Aug 23, 2021 11:02pm +00:00 (liked on Mon, Aug 23, 2021 4:03pm -07:00) #security #oauth

Owncast https://botsin.space/@owncast

OktaDev Live has just started streaming on their #owncast server! Check them out at:
https://live.oktadev.events.

OAuth Happy Hour

#okta #security #api #oktadev #oauth

Portland, Oregon • 102°F

Thu, Aug 12, 2021 11:04pm +00:00 (liked on Thu, Aug 12, 2021 4:54pm -07:00) #oauth #oktadev #api #security #okta #owncast

Expanding Client Certificates in Firefox 75 - Mozilla Security Blog (blog.mozilla.org)

Wed, Aug 11, 2021 10:35am -07:00 #security #web #firefox

Evilginx 2 - Next Generation of Phishing 2FA Tokens (breakdev.org)

Tue, Jun 29, 2021 11:04am -07:00 #hacking #phishing #2fa #security

How to securely store passwords in database (www.vaadata.com)

Mon, Jun 28, 2021 7:29pm -07:00 #security #password

Bypassing 2FA using OpenID Misconfiguration (youst.in)

Sun, Jun 27, 2021 3:18pm -07:00 #openid #security

Owncast https://botsin.space/@owncast

OktaDev Live has just started streaming on their #owncast server! Check them out at:
https://live.oktadev.events.

OAuth Happy Hour

#okta #security #api #oktadev #oauth

Portland, Oregon • 66°F

Thu, Jun 10, 2021 11:03pm +00:00 (liked on Thu, Jun 10, 2021 5:05pm -07:00) #oauth #oktadev #api #security #okta #owncast

Apple says its new logon tech is as easy as passwords but far more secure - CNET (www.cnet.com)

Thu, Jun 10, 2021 3:08pm -07:00 #apple #security #icloud #passkey #wwdc #wwdc21

OAuth 2.0 Threat Model Penetration Testing Checklist (www.binarybrotherhood.io)

Thu, Jun 3, 2021 9:07am -07:00 #oauth #security

The SSO Wall of Shame | A list of vendors that treat single sign-on as a luxury feature, not a core security requirement. (sso.tax)

Tue, May 25, 2021 4:50pm -07:00 #sso #openid #security

Humanity wastes about 500 years per day on CAPTCHAs. It’s time to end this madness (blog.cloudflare.com)

Mon, May 17, 2021 8:27pm -07:00 #cloudflare #captcha #webauthn #security

If your company is big enough to roll out a mandatory VPN on personal iOS devices, they are big enough to buy you a work phone https://twitter.com/gabrtv/status/1391951192176021505

Portland, Oregon • 76°F

96 likes 18 reposts 6 replies 2 mentions

Wed, May 12, 2021 6:13pm -07:00 #ios #vpn #security