Alvin Ashcraft 🐿️<p>MCP Gets OAuth: Understanding the New Authorization Specification | MCP Dev Days.</p><p><a href="https://www.youtube.com/watch?v=EXxIeOfJsqA" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">youtube.com/watch?v=EXxIeOfJsq</span><span class="invisible">A</span></a> </p><p><a href="https://hachyderm.io/tags/mcp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mcp</span></a> <a href="https://hachyderm.io/tags/ai" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ai</span></a> <a href="https://hachyderm.io/tags/oauth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>oauth</span></a> <a href="https://hachyderm.io/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authorization</span></a> <a href="https://hachyderm.io/tags/modelcontextprotocol" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>modelcontextprotocol</span></a> <a href="https://hachyderm.io/tags/aiagents" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>aiagents</span></a></p>
photog.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A place for your photos and banter. Photog first is our motto
Please refer to the site rules before posting.
Administered by:
Server stats:
242active users
photog.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.3
#authorization
0 posts · 0 participants · 0 posts today
Alvin Ashcraft 🐿️<p>OAuth 2.0 Access Tokens and the Principle of Least Privilege | by Andrea Chiarelli.</p><p><a href="https://auth0.com/blog/oauth2-access-tokens-and-principle-of-least-privilege/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">auth0.com/blog/oauth2-access-t</span><span class="invisible">okens-and-principle-of-least-privilege/</span></a> </p><p><a href="https://hachyderm.io/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authorization</span></a> <a href="https://hachyderm.io/tags/oauth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>oauth</span></a> <a href="https://hachyderm.io/tags/auth0" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>auth0</span></a></p>
Serge from Babka<p>Another approach would be if Alice could generate multiple Passkeys and hand them out to individuals she trusts, and then retaining the ability to revoke them. Sadly many sites don't yet support Passkeys, and this model still lets someone like Mal revoke Alice's access, so that's not great.</p><p>Bitwarden has a feature whereby Alice can share a password with Eve but not let her see it or export it. This could work pretty well, except that if the site requires 2FA from a SMS text message (vs TOTP or a token) or if Eve has the knowhow to intercept the password.</p><p>I still think that what we ultimately want is attenuated scopes because then we can track all actions by the delegated party.</p><p>I do wonder if this need is niche or if the current solution of "good faith password sharing" works well enough often enough that it's not risen to the level of concern for developers.</p><p>2/2</p><p><a href="https://babka.social/tags/Authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authentication</span></a> <a href="https://babka.social/tags/Authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authorization</span></a> <a href="https://babka.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://babka.social/tags/Passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passwords</span></a> <a href="https://babka.social/tags/Passwordless" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passwordless</span></a> <a href="https://babka.social/tags/Programming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Programming</span></a></p>
Serge from Babka<p>I've been thinking about delegated authority on websites lately.</p><p>It would be convenient if I could delegate certain functions to people, for example allowing someone like my accountant to have access to some of my financial records.</p><p>Some organizations make this easy, allowing me to have multiple accounts.</p><p>Other services don't offer this, nor do they offer any kind of OAuth type of delegated authorization or capabilities model.</p><p>I've been thinking about ways around this.</p><p>One very wacky way would be if Alice could have a a "special browser" that would tie into some service she runs. Bob would log in with his credentials and then behind the scenes the application logs in as Alice.</p><p>This would be very complicated to implement though.</p><p>1/</p><p><a href="https://babka.social/tags/Authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authentication</span></a> <a href="https://babka.social/tags/Authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authorization</span></a> <a href="https://babka.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://babka.social/tags/Passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passwords</span></a> <a href="https://babka.social/tags/Passwordless" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passwordless</span></a> <a href="https://babka.social/tags/Programming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Programming</span></a></p>
Alvin Ashcraft 🐿️<p>Please Don't Write Your Own MCP Authorization Code | by Den Delimarsky.</p><p><a href="https://den.dev/blog/mcp-prm-auth/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">den.dev/blog/mcp-prm-auth/</span><span class="invisible"></span></a> </p><p><a href="https://hachyderm.io/tags/ai" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ai</span></a> <a href="https://hachyderm.io/tags/mcp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mcp</span></a> <a href="https://hachyderm.io/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authorization</span></a> <a href="https://hachyderm.io/tags/modelcontextprotocol" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>modelcontextprotocol</span></a> <a href="https://hachyderm.io/tags/aiagents" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>aiagents</span></a></p>
Alvin Ashcraft 🐿️<p>An Introduction to MCP and Authorization | Auth0.</p><p><a href="https://auth0.com/blog/an-introduction-to-mcp-and-authorization/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">auth0.com/blog/an-introduction</span><span class="invisible">-to-mcp-and-authorization/</span></a> </p><p><a href="https://hachyderm.io/tags/ai" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ai</span></a> <a href="https://hachyderm.io/tags/mcp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mcp</span></a> <a href="https://hachyderm.io/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authorization</span></a> <a href="https://hachyderm.io/tags/aimodels" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>aimodels</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://cyberplace.social/@GossiTheDog" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>GossiTheDog</span></a></span> the sheer fact that <a href="https://infosec.space/tags/MSPs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MSPs</span></a> & <a href="https://infosec.space/tags/CSPs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CSPs</span></a> can access clients' setups without proper <a href="https://infosec.space/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authorization</span></a> [including <a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KYC</span></a> / <a href="https://infosec.space/tags/KYB" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KYB</span></a>, <a href="https://infosec.space/tags/AuthCode" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AuthCode</span></a>|s and proper authorization via contract] is already sickening.</p><ul><li><a href="https://cyberplace.social/@GossiTheDog/114104955818018205" rel="nofollow noopener" target="_blank">This</a> literally <em>begs to be abused</em> via <a href="https://infosec.space/tags/SocialEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SocialEngineering</span></a> / <a href="https://infosec.space/tags/SocialHacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SocialHacking</span></a> of <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> personnel or just blatant <em>"<a href="https://infosec.space/tags/PrivilegueEscalation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PrivilegueEscalation</span></a>"</em> through falsefully claiming to be a <a href="https://infosec.space/tags/MSP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MSP</span></a> / <a href="https://infosec.space/tags/CSP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CSP</span></a> contracted by the targeted company.</li></ul><p>Such fundamental <a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITsec</span></a> fuckups are reasons alone not to use <a href="https://infosec.space/tags/Azure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Azure</span></a> or any <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> products & services <em>at all</em>...</p><ul><li>I mean, it doesn't require <a href="https://infosec.space/tags/Mitnick" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mitnick</span></a>-level skills to pull this off, since it doesn't necessitate <a href="https://infosec.space/tags/Lapsus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Lapsus</span></a>-Style <a href="https://infosec.space/tags/SIMswap" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIMswap</span></a> or other means to gain access...</li></ul>
C.<p><span class="h-card" translate="no"><a href="https://fosstodon.org/@kentoseth" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>kentoseth</span></a></span> </p><p>I think the main reason that API frameworks commonly don't have built-in authentication and authorization controls is that there are too many different ways to do that, for many different use cases, each with their own benefits and drawbacks.</p><p>A highly-opinionated framework could include support for one type and declare it to be The Supported Auth Method. If none do that, perhaps there's a reason... but of course, you could always create such an opinionated package, if you thought it important enough.</p><p>There are almost always add-on packages available for a given framework implementing different approaches to this, giving you almost-zero-code integration with the auth type of your choice. Have you looked around for these sorts of add-on solutions?</p><p><a href="https://mindly.social/tags/FastAPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FastAPI</span></a> <a href="https://mindly.social/tags/authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentication</span></a> <a href="https://mindly.social/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authorization</span></a> <a href="https://mindly.social/tags/opinionated" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opinionated</span></a> <a href="https://mindly.social/tags/web" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>web</span></a> <a href="https://mindly.social/tags/framework" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>framework</span></a></p>
Alvin Ashcraft 🐿️<p>RAG and Access Control: Where Do You Start?</p><p><a href="https://auth0.com/blog/rag-and-access-control-where-do-you-start/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">auth0.com/blog/rag-and-access-</span><span class="invisible">control-where-do-you-start/</span></a><br><a href="https://hachyderm.io/tags/auth0" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>auth0</span></a> <a href="https://hachyderm.io/tags/ai" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ai</span></a> <a href="https://hachyderm.io/tags/rag" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rag</span></a> <a href="https://hachyderm.io/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://hachyderm.io/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authorization</span></a></p>
Erik van Straten<p>🌘DV-CERT MIS-ISSUANCES & OCSP ENDING🌒<br>🧵#1/3</p><p>On Jul 23, 2024, Josh Aas of Let's Encrypt wrote, while his nose was growing rapidly:</p><p><<< Intent to End OCSP Service<br>[...]<br>We plan to end support for OCSP primarily because it represents a considerable risk to privacy on the Internet.<br>[...]<br>CRLs do not have this issue. >>><br><a href="https://letsencrypt.org/2024/07/23/replacing-ocsp-with-crls.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">letsencrypt.org/2024/07/23/rep</span><span class="invisible">lacing-ocsp-with-crls.html</span></a></p><p>🚨 On THAT SAME DAY, Jul 23, 2024, LE (Let's Encrypt) issued at least 34 certs (certificates) for [*.]dydx.exchange to cybercriminals, of which LE revoked 27 mis-issued certs approximately 6.5 hours later.</p><p>Note that falsified DNS records may instruct DNS caching servers to retain entries for a long time; therefore speedy revocation helps reducing the number of victims.</p><p>Apart from this mis-issuance *blunder*, CRL's have HUGE issues that Josh does not mention: they are SSSLLLOOOWWW and files are potentially huge - while OCSP is instantaneous and uses little bandwith.</p><p>🌘NO OCSP INCREASES INTERNET RISKS🌒<br>If LE quits OCSP support, the average risk of using the internet will *increase*.</p><p>🌘LIES🌒<br>Furthermore, the privacy argument is mostly moot, as nearly every website makes people's browsers connect to domains owned by Google (and even let's those browsers execute Javascript from third party servers, allowing nearly unlimited espionage). In addition, IP-addresses are sent in the plain anyway (📎).</p><p>(📎 When using a VPN, source and destination IP-addresses *within the tunnel* are not visible for anyone with access to the *outside* of the tunnel - but they are sent in the plain between the end of the tunnel and the actual server.)</p><p>Worse, the remote endpoint of your E2EE https connection increasingly often is *not* the actual server (that website was moved to sombody else's server in the cloud anyway), but a CDN proxy server which has the ability to monitor everything you do (unencrypting your data: three letter agencies love it, FISA section 702 grants them unlimmited access - without anyone informing you).</p><p>🤷 LE may try to blame others for their mis-issuance blunder, but *THEY* chose to use old, notoriously untrustworthy, internet protocols (BGP and DNS, including database records - that DNSSEC will never protect) as the basis for authentication. By making that choice, LE and other DV cert suppliers were simply ASKING for trouble.</p><p>🔓 In fact, the promise that Let's Encrypt would make the internet safer was misleading from the start: domain names are mostly meaningless to users, 100% fault intolerant, unpredictable and easily forgotten. If your browser is communicating with a malicious server, encryption is pointless.</p><p>Josh, stop lying to us; your motives are purely economical.</p><p>🌘CORRUPT: BIG TECH FACILITATES CRIME🌒<br>DV-certs were heavily promoted by Google (not for phun but for profit) after their researchers "proved" that it was possible to show misleasing identification information in the browser's address bar after certificate mis-issuance (the "Stripe, Inc" incident, <a href="https://arstechnica.com/information-technology/2017/12/nope-this-isnt-the-https-validated-stripe-website-you-think-it-is/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/information-te</span><span class="invisible">chnology/2017/12/nope-this-isnt-the-https-validated-stripe-website-you-think-it-is/</span></a>).</p><p>This message was repeated by many specialists (e.g. <a href="https://www.troyhunt.com/paypals-beautiful-demonstration-of-extended-validation-fud/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">troyhunt.com/paypals-beautiful</span><span class="invisible">-demonstration-of-extended-validation-fud/</span></a>) with stupid arguments: certificates do NOT directly warrant reliable websites.</p><p>OV and EV certificates, and QWAC's, more or less reliably, warrant *WHO OWNS* a domain name. That means that users know *who* they're doing business with, can depend on their reputation and can sue them if they violate laws.</p><p>"Of course" Google recently lost trust in Entrust for mis-issuing certificates (<a href="https://security.googleblog.com/2024/06/sustaining-digital-certificate-security.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">security.googleblog.com/2024/0</span><span class="invisible">6/sustaining-digital-certificate-security.html</span></a>).</p><p>Meanwhile the internet has become a corrupt and criminal mess; its users get to see misleading identification info in their browser's address bar WAY MORE OFTEN, e.g. https:⁄⁄us–usps–ny.com (for loads of examples see <a href="https://www.virustotal.com/gui/ip-address/188.114.96.0/relations" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">virustotal.com/gui/ip-address/</span><span class="invisible">188.114.96.0/relations</span></a>; tap ••• a couple of times).</p><p>Supporting DN's like "ing–movil.com" and "m–santander.de" *is* facilitating cybercrime, by repeatedly mis-issuing certs for them (see <a href="https://crt.sh/?q=ing-movil.com" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">crt.sh/?q=ing-movil.com</span><span class="invisible"></span></a> and <a href="https://crt.sh/?q=m-santander.de" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">crt.sh/?q=m-santander.de</span><span class="invisible"></span></a>) and by letting them hide behind a CDN (see <a href="https://www.virustotal.com/gui/domain/ing-movil.com/details" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">virustotal.com/gui/domain/ing-</span><span class="invisible">movil.com/details</span></a> and <a href="https://www.virustotal.com/gui/domain/m-santander.de/details" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">virustotal.com/gui/domain/m-sa</span><span class="invisible">ntander.de/details</span></a>).</p><p>In addition, *thousands* of DV-certs have been mis-issued - without *their* issuers getting distrusted by Google, Microsoft, Apple and Mozilla.</p><p>People have their bank accounts drained and companies get slammed with ransomware because of this.</p><p>But no Big Tech company (including the likes of Cloudflare) takes ANY responsibility; they make Big Money by facilitating cybercrime. Not by issuing "free" DV-certs, but by selling domain names, server space and CDN functionality, and by letting browsers no longer distinguish between useful and useless certs. They've deliberately made the internet insecure *FOR PROFIT*.</p><p>🌘CERT MIS-ISSUANCE ROOT CAUSE🌒<br>The mis-issuance of LE certs was caused by the unauthorized modification of customer DNS records managed by SquareSpace; this incident was further described in <a href="https://www.bleepingcomputer.com/news/security/defi-exchange-dydx-v3-website-hacked-in-dns-hijack-attack/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/defi-exchange-dydx-v3-website-hacked-in-dns-hijack-attack/</span></a>.</p><p>Note that a similar attack, also affecting SquareSpace customers, occurred on July 11, 2024 (see <a href="https://www.bleepingcomputer.com/news/security/dns-hijacks-target-crypto-platforms-registered-with-squarespace/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/dns-hijacks-target-crypto-platforms-registered-with-squarespace/</span></a>). Even if it *looks like* that no certs were mis-issued during the July 11 incident, because (AFAIK) none of them have been revoked, this does not warrant that none of them were mis-issued; such certs can still be abused by attackers, albeit on a smaller scale.</p><p>🌘MORE INFO🌒<br>Please find additional information in two followups of this toot:</p><p>🧵#2/3 Extensive details regarding Mis-issued dydx.exchange certs on 2024-07-23;</p><p>🧵#3/3 Links to descriptions of multiple other DV-cert mis-issuance issues.</p><p>🌘DISCLAIMER🌒<br>I am not (and have never been) associated with any certificate supplier. My goal is to obtain a safer internet, in particular for users who are not forensic experts. It is *way* too hard for ordinary internet users to destinguish between 'fake' and 'authentic' on the internet. Something that, IMO, can an must significantly improve ASAP.</p><p>Edited 08:16 UTC to add people:<br><span class="h-card" translate="no"><a href="https://infosec.exchange/@troyhunt" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>troyhunt</span></a></span> <br><span class="h-card" translate="no"><a href="https://infosec.exchange/@dangoodin" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>dangoodin</span></a></span> <br><span class="h-card" translate="no"><a href="https://infosec.exchange/@BleepingComputer" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>BleepingComputer</span></a></span> <br><span class="h-card" translate="no"><a href="https://infosec.exchange/@agl" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>agl</span></a></span> </p><p><a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/LE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LE</span></a> <a href="https://infosec.exchange/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LetsEncrypt</span></a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Certificates</span></a> <a href="https://infosec.exchange/tags/Certs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Certs</span></a> <a href="https://infosec.exchange/tags/Misissuance" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Misissuance</span></a> <a href="https://infosec.exchange/tags/Mis_issuance" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mis_issuance</span></a> <a href="https://infosec.exchange/tags/Revocation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Revocation</span></a> <a href="https://infosec.exchange/tags/Revoked" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Revoked</span></a> <a href="https://infosec.exchange/tags/Weaknessess" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Weaknessess</span></a> <a href="https://infosec.exchange/tags/WeakCertificates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WeakCertificates</span></a> <a href="https://infosec.exchange/tags/WeakAuthentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WeakAuthentication</span></a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/Identification" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Identification</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNS</span></a> <a href="https://infosec.exchange/tags/DNSHijacks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNSHijacks</span></a> <a href="https://infosec.exchange/tags/SquareSpace" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SquareSpace</span></a> <a href="https://infosec.exchange/tags/Authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authorization</span></a> <a href="https://infosec.exchange/tags/UnauthorizedChanges" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UnauthorizedChanges</span></a> <a href="https://infosec.exchange/tags/UnauthorizedModifications" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UnauthorizedModifications</span></a> <a href="https://infosec.exchange/tags/DeFi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DeFi</span></a> <a href="https://infosec.exchange/tags/dydx_exchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dydx_exchange</span></a> <a href="https://infosec.exchange/tags/CryptoCoins" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CryptoCoins</span></a></p>
Anders Eknert<p>This was a nice surprise! Me and <span class="h-card" translate="no"><a href="https://hachyderm.io/@parcifal" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>parcifal</span></a></span> will be talking <a href="https://hachyderm.io/tags/OPA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OPA</span></a> for <a href="https://hachyderm.io/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authorization</span></a> in <a href="https://hachyderm.io/tags/Backstage" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Backstage</span></a> at <a href="https://hachyderm.io/tags/KubeCon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KubeCon</span></a> 🇫🇷 Well, the co-located backstage event anyway, but who’s counting. </p><p><a href="https://colocatedeventseu2024.sched.com/event/1YFhV/can-it-be-done-building-fine-grained-access-control-for-backstage-with-opa-peter-macdonald-vodafoneziggo-anders-eknert-styra" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">colocatedeventseu2024.sched.co</span><span class="invisible">m/event/1YFhV/can-it-be-done-building-fine-grained-access-control-for-backstage-with-opa-peter-macdonald-vodafoneziggo-anders-eknert-styra</span></a></p><p><a href="https://hachyderm.io/tags/CloudNative" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudNative</span></a> <a href="https://hachyderm.io/tags/CNCF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CNCF</span></a> <a href="https://hachyderm.io/tags/DevOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevOps</span></a></p>
Art Smart<p>Remember when <a href="https://mas.to/tags/RonaldReagan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RonaldReagan</span></a> famously stood up to the <a href="https://mas.to/tags/SovietUnion" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SovietUnion</span></a>? "Mr. Gorbachev, tear down this <a href="https://mas.to/tags/wall" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wall</span></a>."</p><p>It's amazing how far the <a href="https://mas.to/tags/GOP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GOP</span></a> has devolved since then. Instead of tearing down walls, it demands they be built. Instead of admonishing <a href="https://mas.to/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authorization</span></a> <a href="https://mas.to/tags/dictators" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dictators</span></a>, it admires them. <a href="https://mas.to/tags/Trump" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Trump</span></a> repeatedly promises to be one himself (but just for one day, as only the most gullible could ever foolishly believe).</p><p>That's not an earthquake. It's <a href="https://mas.to/tags/Reagan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Reagan</span></a> spinning in his grave.</p><p><a href="https://www.newyorker.com/news/letter-from-bidens-washington/a-congressional-christmas-gift-to-putin" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">newyorker.com/news/letter-from</span><span class="invisible">-bidens-washington/a-congressional-christmas-gift-to-putin</span></a></p>
Joey de Villa 🪗<p>This week, I’ll be in San Francisco’s Moscone West, helping run the Developer Hub booth at Okta’s annual conference, Oktane, where I’ll show how you can secure your websites and applications with Auth0 by Okta...and playing some accordion too!</p><p><a href="https://mastodon.cloud/tags/Okta" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Okta</span></a> <a href="https://mastodon.cloud/tags/Oktane" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Oktane</span></a> <a href="https://mastodon.cloud/tags/Auth0" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Auth0</span></a> <a href="https://mastodon.cloud/tags/conference" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>conference</span></a> <a href="https://mastodon.cloud/tags/conferences" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>conferences</span></a> <a href="https://mastodon.cloud/tags/tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tech</span></a> <a href="https://mastodon.cloud/tags/technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>technology</span></a> <a href="https://mastodon.cloud/tags/identity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>identity</span></a> <a href="https://mastodon.cloud/tags/passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passkeys</span></a> <a href="https://mastodon.cloud/tags/passwordless" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwordless</span></a> <a href="https://mastodon.cloud/tags/OAuth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OAuth</span></a> <a href="https://mastodon.cloud/tags/OAuth2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OAuth2</span></a> <a href="https://mastodon.cloud/tags/OIDC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OIDC</span></a> <a href="https://mastodon.cloud/tags/OpenID" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenID</span></a> <a href="https://mastodon.cloud/tags/authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentication</span></a> <a href="https://mastodon.cloud/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authorization</span></a> <a href="https://mastodon.cloud/tags/SanFrancisco" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SanFrancisco</span></a> <a href="https://mastodon.cloud/tags/SFO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SFO</span></a></p><p><a href="https://www.globalnerdy.com/2023/09/14/ill-be-at-the-oktane-conference-in-san-francisco-oct-3-5/" rel="nofollow noopener" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">globalnerdy.com/2023/09/14/ill</span><span class="invisible">-be-at-the-oktane-conference-in-san-francisco-oct-3-5/</span></a></p>
Susan Larson ♀️🏳️🌈🏳️⚧️🌈<p>‘What We Do in the <a href="https://mastodon.online/tags/Shadows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Shadows</span></a>’ <a href="https://mastodon.online/tags/Stars" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Stars</span></a> Take Us <a href="https://mastodon.online/tags/Behindthescenes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Behindthescenes</span></a> in <a href="https://mastodon.online/tags/Season5" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Season5</span></a>’s <a href="https://mastodon.online/tags/Pride" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pride</span></a> <a href="https://mastodon.online/tags/episode" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>episode</span></a> </p><p>This <a href="https://mastodon.online/tags/interview" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>interview</span></a> was conducted <a href="https://mastodon.online/tags/prior" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>prior</span></a> to the <a href="https://mastodon.online/tags/SAG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SAG</span></a>-<a href="https://mastodon.online/tags/AFTRA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AFTRA</span></a> <a href="https://mastodon.online/tags/strike" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>strike</span></a> <a href="https://mastodon.online/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authorization</span></a> </p><p><a href="https://mastodon.online/tags/Women" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Women</span></a> <a href="https://mastodon.online/tags/Transgender" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Transgender</span></a> <a href="https://mastodon.online/tags/LGBTQ" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LGBTQ</span></a> <a href="https://mastodon.online/tags/LGBTQIA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LGBTQIA</span></a> <a href="https://mastodon.online/tags/Entertainment" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Entertainment</span></a> <a href="https://mastodon.online/tags/TV" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TV</span></a> <a href="https://mastodon.online/tags/Representation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Representation</span></a> <a href="https://mastodon.online/tags/Culture" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Culture</span></a> </p><p><a href="https://www.tvinsider.com/1100096/what-we-do-in-the-shadows-season-5-pride-parade-nadja-colin-body-swap-nandor-space/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">tvinsider.com/1100096/what-we-</span><span class="invisible">do-in-the-shadows-season-5-pride-parade-nadja-colin-body-swap-nandor-space/</span></a></p>
Al Jazeera (unofficial)A man detained in North Korea after crossing the military demarcation line separating the two Koreas is a United States soldier who entered the country “will...<br><a href="https://www.youtube.com/watch?v=I2hyodR4Zms" rel="nofollow noopener" target="_blank">US national likely held by North Korea after crossing border: UN</a>
Fahim FarookFor work, I'm working on a custom macOS installer at the moment …<br><br>"Why an installer when installing a macOS app is as simple as dragging and dropping into a folder”, you ask? Well, because this is for a macOS login/authorization plugin …<br><br>At this point, most people will probably go “Huh?” and I don’t blame you, because this is a dark corner of macOS coding that most probably don’t venture into 😛<br><br>A macOS login plugin allows you to customise the macOS login flow so that you can add your own layer of authorization/security or carry out some specific tasks that need to happen during the login process.<br><br>Unofrtunately, none of that is very well documented. In fact, I spent months scouring the Internet and going through documentation to get our implementation of a macOS login plugin working correctly.<br><br>In fact, somebody at work said that I was one of possibly 10 people in the world who understood this stuff. Honestly, I don’t believe that since I think that if I could figure it out, anybody else could too since the information is all out there 🙂<br><br>Whatever the case, our login plugin requires particular authorization rules to be set and what most people seem to do is to use a shell script to do this since that’s fairly widely documented. But in our case, while that’s the option we are using now, I want to actually do this via code because it simplifies a few logistical issues.<br><br>So here I am, exploring the macOS documentation again to see how you can do what I want to do in Swift and finding that this is not very well documented at all 😛<br><br>I do wish that the Apple documentation was excellent throughout instead of being very informative for the areas that everybody is interested in and then getting rather opaque, terse, or downright non-existent for the areas that people don’t venture into often. But I guess that’s how it works out — afterall, why bother spending the time on documenting something that not many people will use?<br><br><a class="hashtag" href="https://a.farook.org/tag/coding" rel="nofollow noopener" target="_blank">#Coding</a> <a class="hashtag" href="https://a.farook.org/tag/apple" rel="nofollow noopener" target="_blank">#Apple</a> <a class="hashtag" href="https://a.farook.org/tag/macos" rel="nofollow noopener" target="_blank">#macOS</a> <a class="hashtag" href="https://a.farook.org/tag/authorization" rel="nofollow noopener" target="_blank">#Authorization</a> <a class="hashtag" href="https://a.farook.org/tag/documentation" rel="nofollow noopener" target="_blank">#Documentation</a> <a class="hashtag" href="https://a.farook.org/tag/security" rel="nofollow noopener" target="_blank">#Security</a> <a class="hashtag" href="https://a.farook.org/tag/login" rel="nofollow noopener" target="_blank">#Login</a> <a class="hashtag" href="https://a.farook.org/tag/swift" rel="nofollow noopener" target="_blank">#Swift</a>
Joey de Villa 🪗<p>Follow the JWT (JSON Web Token) Rabbit, collect all 13 pieces, and share your badge! It’s all part of Okta’s Developer Days, taking place today and tomorrow.</p><p><a href="https://mastodon.cloud/tags/Auth0" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Auth0</span></a> <a href="https://mastodon.cloud/tags/Okta" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Okta</span></a> <a href="https://mastodon.cloud/tags/Identity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Identity</span></a> <a href="https://mastodon.cloud/tags/DigitalIdentity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DigitalIdentity</span></a> <a href="https://mastodon.cloud/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authorization</span></a> <a href="https://mastodon.cloud/tags/authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentication</span></a> <a href="https://mastodon.cloud/tags/online" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>online</span></a> <a href="https://mastodon.cloud/tags/conference" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>conference</span></a> <a href="https://mastodon.cloud/tags/DevDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevDay</span></a> <a href="https://mastodon.cloud/tags/DeveloperDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DeveloperDay</span></a> <a href="https://mastodon.cloud/tags/JWT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JWT</span></a> <a href="https://mastodon.cloud/tags/JSONWebToken" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JSONWebToken</span></a> <a href="https://mastodon.cloud/tags/ScavengerHunt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ScavengerHunt</span></a> </p><p><a href="https://developer.auth0.com/resources/challenges" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">developer.auth0.com/resources/</span><span class="invisible">challenges</span></a></p>
Joey de Villa 🪗<p>It’s not too late to join Okta’s/Auth0 by Okta’s Developer Day, a FREE ONLINE conference taking place today and tomorrow. Today’s about customer identity — that is, login, logout, and permissions. Join us! </p><p><a href="https://mastodon.cloud/tags/Auth0" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Auth0</span></a> <a href="https://mastodon.cloud/tags/Okta" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Okta</span></a> <a href="https://mastodon.cloud/tags/Identity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Identity</span></a> <a href="https://mastodon.cloud/tags/DigitalIdentity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DigitalIdentity</span></a> <a href="https://mastodon.cloud/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authorization</span></a> <a href="https://mastodon.cloud/tags/authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentication</span></a> <a href="https://mastodon.cloud/tags/online" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>online</span></a> <a href="https://mastodon.cloud/tags/conference" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>conference</span></a> <a href="https://mastodon.cloud/tags/DevDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevDay</span></a> <a href="https://mastodon.cloud/tags/DeveloperDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DeveloperDay</span></a></p><p><a href="https://developerday.com/" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="">developerday.com/</span><span class="invisible"></span></a></p>
Joey de Villa 🪗<p>TOMORROW and WEDNESDAY! A free online conference on digital identity — a.k.a. login, logout, and who’s allowed to do what in your applications — courtesy of Okta and Auth0 by Okta. Register, and I’ll see you there!</p><p><a href="https://mastodon.cloud/tags/Auth0" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Auth0</span></a> <a href="https://mastodon.cloud/tags/Okta" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Okta</span></a> <a href="https://mastodon.cloud/tags/Identity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Identity</span></a> <a href="https://mastodon.cloud/tags/DigitalIdentity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DigitalIdentity</span></a> <a href="https://mastodon.cloud/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authorization</span></a> <a href="https://mastodon.cloud/tags/authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentication</span></a> <a href="https://mastodon.cloud/tags/online" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>online</span></a> <a href="https://mastodon.cloud/tags/conference" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>conference</span></a> <a href="https://mastodon.cloud/tags/DevDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevDay</span></a> <a href="https://mastodon.cloud/tags/DeveloperDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DeveloperDay</span></a></p><p><a href="https://developerday.com/" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="">developerday.com/</span><span class="invisible"></span></a></p>
Joey de Villa 🪗<p>Okta’s Developer Day is about identity: namely, logging users in and knowing what they’re allowed (and not allowed) to do once logged in. Sign up for this free online conference that happens next week!</p><p><a href="https://mastodon.cloud/tags/Auth0" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Auth0</span></a> <a href="https://mastodon.cloud/tags/Okta" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Okta</span></a> <a href="https://mastodon.cloud/tags/identity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>identity</span></a> <a href="https://mastodon.cloud/tags/authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentication</span></a> <a href="https://mastodon.cloud/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authorization</span></a> <a href="https://mastodon.cloud/tags/login" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>login</span></a> <a href="https://mastodon.cloud/tags/online" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>online</span></a> <a href="https://mastodon.cloud/tags/conference" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>conference</span></a></p><p><a href="https://developerday.com/" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="">developerday.com/</span><span class="invisible"></span></a></p>
Live feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload