Felix Palmen :freebsd: :c64:<p>Just released: <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>swad</span></a> v0.2</p><p>SWAD is the "Simple Web Authentication Daemon", meant to add <a href="https://mastodon.bsd.cafe/tags/cookie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cookie</span></a> <a href="https://mastodon.bsd.cafe/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a> with a simple <a href="https://mastodon.bsd.cafe/tags/login" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>login</span></a> form and configurable credential checker modules to a reverse <a href="https://mastodon.bsd.cafe/tags/proxy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>proxy</span></a> supporting to delegate authentication to a backend service, like e.g. <a href="https://mastodon.bsd.cafe/tags/nginx" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nginx</span></a>' "auth_request". It's a very small piece of software written in pure <a href="https://mastodon.bsd.cafe/tags/C" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>C</span></a> with as little external dependencies as possible. It requires some <a href="https://mastodon.bsd.cafe/tags/POSIX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>POSIX</span></a> (or "almost POSIX", like <a href="https://mastodon.bsd.cafe/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a>, <a href="https://mastodon.bsd.cafe/tags/FreeBSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FreeBSD</span></a>, ...) environment, OpenSSL (or LibreSSL) for TLS and zlib for response compression.</p><p>Currently, the only credential checker module available offers <a href="https://mastodon.bsd.cafe/tags/PAM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PAM</span></a> authentication, more modules will come in later releases.</p><p>swad 0.2 brings a few bugfixes and improvements, especially helping with security by rate-limiting the creation of new sessions as well as failed login attempts. Read details and grab it here:</p><p><a href="https://github.com/Zirias/swad/releases/tag/v0.2" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/Zirias/swad/release</span><span class="invisible">s/tag/v0.2</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
ruby.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
If you are interested in the Ruby programming language, come join us! Tell us about yourself when signing up.
If you just want to join Mastodon, another server will be a better place for you.
Administered by:
Server stats:
1.1Kactive users
ruby.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#authentication
3 posts · 3 participants · 1 post today
Epic Eric :thinkhappy:<p>Password auth in Rust, from scratch - Attacks and best practices</p><p><a href="https://lpalmieri.com/posts/password-authentication-in-rust/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">lpalmieri.com/posts/password-a</span><span class="invisible">uthentication-in-rust/</span></a></p><p><a href="https://mastodon.xyz/tags/rust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rust</span></a> <a href="https://mastodon.xyz/tags/rustlang" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rustlang</span></a> <a href="https://mastodon.xyz/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a></p>
Felix Palmen :freebsd: :c64:<p>Released: <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>swad</span></a> v0.1 🥳 </p><p>Looking for a simple way to add <a href="https://mastodon.bsd.cafe/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a> to your <a href="https://mastodon.bsd.cafe/tags/nginx" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nginx</span></a> reverse proxy? Then swad *could* be for you!</p><p>swad is the "Simple Web Authentication Daemon", written in pure <a href="https://mastodon.bsd.cafe/tags/C" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>C</span></a> (+ <a href="https://mastodon.bsd.cafe/tags/POSIX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>POSIX</span></a>) with almost no external dependencies. <a href="https://mastodon.bsd.cafe/tags/TLS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TLS</span></a> support requires <a href="https://mastodon.bsd.cafe/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSSL</span></a> (or <a href="https://mastodon.bsd.cafe/tags/LibreSSL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LibreSSL</span></a>). It's designed to work with nginx' "auth_request" module and offers authentication using a <a href="https://mastodon.bsd.cafe/tags/cookie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cookie</span></a> and a login form.</p><p>Well, this is a first release and you can tell by the version number it isn't "complete" yet. Most notably, only one single credentials checker is implemented: <a href="https://mastodon.bsd.cafe/tags/PAM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PAM</span></a>. But as pam already allows pretty flexible configuration, I already consider this pretty useful 🙈</p><p>If you want to know more, read here:<br><a href="https://github.com/Zirias/swad" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/Zirias/swad</span><span class="invisible"></span></a></p>
Felix Palmen :freebsd: :c64:<p><a href="https://mastodon.bsd.cafe/tags/Documentation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Documentation</span></a> ... better start early I guess. What would you think of this sample <a href="https://mastodon.bsd.cafe/tags/configuration" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>configuration</span></a> file?</p><p>Hint: the tokens surrounded by %% will be replaced by my build system before installing this thing.</p><p>For context, this is a web <a href="https://mastodon.bsd.cafe/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a> service offering cookie+forms login meant for e.g. <a href="https://mastodon.bsd.cafe/tags/nginx" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nginx</span></a>' "auth_request".</p><p><a href="https://mastodon.bsd.cafe/tags/C" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>C</span></a> <a href="https://mastodon.bsd.cafe/tags/coding" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>coding</span></a></p>
Boiling Steam<p>Matrix.org Will Migrate to MAS: <a href="https://matrix.org/blog/2025/04/matrix-auth-service/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">matrix.org/blog/2025/04/matrix</span><span class="invisible">-auth-service/</span></a> <br><a href="https://mastodon.cloud/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linux</span></a> <a href="https://mastodon.cloud/tags/update" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>update</span></a> <a href="https://mastodon.cloud/tags/foss" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>foss</span></a> <a href="https://mastodon.cloud/tags/matrix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>matrix</span></a> <a href="https://mastodon.cloud/tags/mas" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mas</span></a> <a href="https://mastodon.cloud/tags/migration" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>migration</span></a> <a href="https://mastodon.cloud/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a></p>
Felix Palmen :freebsd: :c64:<p>Trying to come up with my own little self-hosted <a href="https://mastodon.bsd.cafe/tags/http" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>http</span></a> <a href="https://mastodon.bsd.cafe/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a> <a href="https://mastodon.bsd.cafe/tags/daemon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>daemon</span></a> to work with <a href="https://mastodon.bsd.cafe/tags/nginx" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nginx</span></a>' "authentication request" facility ... first step done! 🥳</p><p>Now I have a subset of HTTP 1.x implemented in <a href="https://mastodon.bsd.cafe/tags/C" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>C</span></a>, together with a dummy handler showing nothing but a static hello-world root document.</p><p>I know it's kind of stubborn doing that in C, but hey, <a href="https://mastodon.bsd.cafe/tags/coding" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>coding</span></a> it is great fun 🙈 </p><p><a href="https://github.com/Zirias/swad" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/Zirias/swad</span><span class="invisible"></span></a></p>
Erik van Straten<p>"Franse overheid voert phishingtest uit op 2,5 miljoen leerlingen"<br><a href="https://www.security.nl/posting/881630/Franse+overheid+voert+phishingtest+uit+op+2%2C5+miljoen+leerlingen" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">security.nl/posting/881630/Fra</span><span class="invisible">nse+overheid+voert+phishingtest+uit+op+2%2C5+miljoen+leerlingen</span></a></p><p>KRANKZINNIG!</p><p>Het is meestal onmogelijk om nepberichten (e-mail, SMS, ChatApp, social media en papieren post - zie plaatje) betrouwbaar van echte te kunnen onderscheiden.</p><p>Tegen phishing en vooral nepwebsites is echter prima iets te doen, zoals ik vandaag nogmaals beschreef in <a href="https://security.nl/posting/881655" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">security.nl/posting/881655</span><span class="invisible"></span></a>.</p><p>(Big Tech en luie websitebeheerders willen dat niet, dus is en blijft het een enorm gevecht).</p><p><a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/NepWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NepWebsites</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/DVcerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DVcerts</span></a> <a href="https://infosec.exchange/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LetsEncrypt</span></a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certificates</span></a> <a href="https://infosec.exchange/tags/Certificaten" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certificaten</span></a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spoofing</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/Evilginx2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Evilginx2</span></a> <a href="https://infosec.exchange/tags/Zwakke2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Zwakke2FA</span></a> <a href="https://infosec.exchange/tags/ZwakkeMFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ZwakkeMFA</span></a> <a href="https://infosec.exchange/tags/Weak2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Weak2FA</span></a> <a href="https://infosec.exchange/tags/WeakMFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WeakMFA</span></a> <a href="https://infosec.exchange/tags/Authenticatie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authenticatie</span></a> <a href="https://infosec.exchange/tags/Impersonatie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonatie</span></a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/DomainNames" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DomainNames</span></a> <a href="https://infosec.exchange/tags/Authenticity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authenticity</span></a> <a href="https://infosec.exchange/tags/Aurhenticiteit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Aurhenticiteit</span></a> <a href="https://infosec.exchange/tags/Owner" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Owner</span></a> <a href="https://infosec.exchange/tags/Eigenaar" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Eigenaar</span></a> <a href="https://infosec.exchange/tags/Verantwoordelijke" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Verantwoordelijke</span></a> <a href="https://infosec.exchange/tags/Responsible" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Responsible</span></a> <a href="https://infosec.exchange/tags/Accountable" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Accountable</span></a> <a href="https://infosec.exchange/tags/DigiD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DigiD</span></a> <a href="https://infosec.exchange/tags/SMS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SMS</span></a> <a href="https://infosec.exchange/tags/Email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Email</span></a> <a href="https://infosec.exchange/tags/ChatApps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ChatApps</span></a> <a href="https://infosec.exchange/tags/Verzender" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Verzender</span></a> <a href="https://infosec.exchange/tags/Sender" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Sender</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a></p>
Bytes Europe<p>Trustly to Pilot Biometric Solution in Finland Before Rollout <a href="https://www.byteseu.com/865971/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">byteseu.com/865971/</span><span class="invisible"></span></a> <a href="https://pubeurope.com/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a> <a href="https://pubeurope.com/tags/BiometricAuthentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BiometricAuthentication</span></a> <a href="https://pubeurope.com/tags/biometrics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>biometrics</span></a> <a href="https://pubeurope.com/tags/DigitalTransformation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DigitalTransformation</span></a> <a href="https://pubeurope.com/tags/EMEA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EMEA</span></a> <a href="https://pubeurope.com/tags/Finland" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Finland</span></a> <a href="https://pubeurope.com/tags/gaming" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>gaming</span></a> <a href="https://pubeurope.com/tags/IdentityVerification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IdentityVerification</span></a> <a href="https://pubeurope.com/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>News</span></a> <a href="https://pubeurope.com/tags/PayByBank" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PayByBank</span></a> <a href="https://pubeurope.com/tags/PYMNTSNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PYMNTSNews</span></a> <a href="https://pubeurope.com/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Technology</span></a> <a href="https://pubeurope.com/tags/Trustly" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Trustly</span></a> <a href="https://pubeurope.com/tags/TrustlyID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TrustlyID</span></a> <a href="https://pubeurope.com/tags/What" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>What</span></a>'sHot</p>
Europe Says<p><a href="https://www.europesays.com/1944668/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">europesays.com/1944668/</span><span class="invisible"></span></a> Trustly to Pilot Biometric Solution in Finland Before Rollout <a href="https://pubeurope.com/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a> <a href="https://pubeurope.com/tags/BiometricAuthentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BiometricAuthentication</span></a> <a href="https://pubeurope.com/tags/Biometrics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Biometrics</span></a> <a href="https://pubeurope.com/tags/DigitalTransformation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DigitalTransformation</span></a> <a href="https://pubeurope.com/tags/EMEA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EMEA</span></a> <a href="https://pubeurope.com/tags/finland" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>finland</span></a> <a href="https://pubeurope.com/tags/Gaming" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Gaming</span></a> <a href="https://pubeurope.com/tags/IdentityVerification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IdentityVerification</span></a> <a href="https://pubeurope.com/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>News</span></a> <a href="https://pubeurope.com/tags/PayByBank" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PayByBank</span></a> <a href="https://pubeurope.com/tags/PYMNTSNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PYMNTSNews</span></a> <a href="https://pubeurope.com/tags/Suomi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Suomi</span></a> <a href="https://pubeurope.com/tags/technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>technology</span></a> <a href="https://pubeurope.com/tags/Trustly" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Trustly</span></a> <a href="https://pubeurope.com/tags/TrustlyID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TrustlyID</span></a> <a href="https://pubeurope.com/tags/uutiset" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>uutiset</span></a> <a href="https://pubeurope.com/tags/What" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>What</span></a>'sHot</p>
Karl Voit :emacs: :orgmode:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@yacc143" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>yacc143</span></a></span> FYI: <a href="https://graz.social/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkeys</span></a> and <a href="https://graz.social/tags/FIDO2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FIDO2</span></a> (= "device-bound <a href="https://graz.social/tags/passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkey</span></a>" which can be divided into "platform-" and "roaming-authenticators") are identical except the <a href="https://graz.social/tags/cloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cloud</span></a>-sync mechanism (as of my current understanding).</p><p>So unfortunately, they get mixed up or are considered as totally different things. Both is wrong.</p><p>In reality, they are very similar except that FIDO2 hardware tokens ("device-bound passkeys" only in their "roaming-authenticator" variant) are designed that way, that Passkeys are not being able to extracted from the device (at least for the moment).</p><p>Therefore, users of HW tokens can't be tricked into transferring their passkey to a rogue third party, which is possible with all other Passkey variants. Therefore: passkeys are NOT <a href="https://graz.social/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phishing</span></a>-resistant in the general case.</p><p><a href="https://graz.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://graz.social/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a> <a href="https://graz.social/tags/2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>2FA</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://mastodon.ar.al/@aral" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>aral</span></a></span> :</p><p>I don't want to pay a cent. Neither donate, nor via taxes.</p><p><a href="https://infosec.exchange/@ErikvanStraten/114227977082449887" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114227977082449887</span></a></p><p><span class="h-card" translate="no"><a href="https://mstdn.social/@TheDutchChief" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>TheDutchChief</span></a></span> <span class="h-card" translate="no"><a href="https://ec.social-network.europa.eu/@EUCommission" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>EUCommission</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>letsencrypt</span></a></span> <span class="h-card" translate="no"><a href="https://social.nlnet.nl/@nlnet" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>nlnet</span></a></span> </p><p><a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spoofing</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certificates</span></a> <a href="https://infosec.exchange/tags/httpsVShttp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>httpsVShttp</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/bond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bond</span></a> <a href="https://infosec.exchange/tags/dotBond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dotBond</span></a> <a href="https://infosec.exchange/tags/Spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spam</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ransomware</span></a> <a href="https://infosec.exchange/tags/Banks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Banks</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://mastodon.ar.al/@aral" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>aral</span></a></span> : most Let's Encrypt (and other Domain Validated) certificates are issued to junk- or plain criminal websites.</p><p>They're the ultimate manifestation of evil big tech.</p><p>They were introduced to encrypt the "last mile" because Internet Service Providers were replacing ads in webpages and, in the other direction, inserting fake clicks.</p><p>DV has destroyed the internet. People loose their ebank savings and companies get ransomwared; phishing is dead simple. EDIW/EUDIW will become an identity fraud disaster (because of AitM phishing atracks).</p><p>Even the name "Let's Encrypt" is wrong for a CSP: nobody needs a certificate to encrypt a connection. The primary purpose of a certificate is AUTHENTICATION (of the owner of the private key, in this case the website).</p><p>However, for human beings, just a domain name simply does not provide reliable identification information. It renders impersonation a peace of cake.</p><p>Decent online authentication is HARD. Get used to it instead of denying it.</p><p>REASONS/EXAMPLES</p><p>🔹 Troy Hunt fell in the DV trap: <a href="https://infosec.exchange/@ErikvanStraten/114222237036021070" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114222237036021070</span></a></p><p>🔹 Google (and Troy Hunt!) killed non-DV certs (for profit) because of the stripe.com PoC. Now Chrome does not give you any more info than what Google argumented: <a href="https://infosec.exchange/@ErikvanStraten/114224682101772569" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114224682101772569</span></a></p><p>🔹 https:⧸⧸cancel-google.com/captcha was live yesterday: <a href="https://infosec.exchange/@ErikvanStraten/114224264440704546" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114224264440704546</span></a></p><p>🔹 Stop phishing proposal: <a href="https://infosec.exchange/@ErikvanStraten/113079966331873386" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/113079966331873386</span></a></p><p>🔹 Lots of reasons why LE sucks:<br><a href="https://infosec.exchange/@ErikvanStraten/112914047006977222" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/112914047006977222</span></a> (corrected link 09:20 UTC)</p><p>🔹 This website stopped registering junk .bond domain names, probably because there were too many every day (the last page I found): <a href="https://newly-registered-domains.abtdomain.com/2024-08-15-bond-newly-registered-domains-part-1/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">newly-registered-domains.abtdo</span><span class="invisible">main.com/2024-08-15-bond-newly-registered-domains-part-1/</span></a>. However, this gang is still active, open the RELATIONS tab in <a href="https://www.virustotal.com/gui/ip-address/13.248.197.209/relations" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">virustotal.com/gui/ip-address/</span><span class="invisible">13.248.197.209/relations</span></a>. You have to multiply the number of LE certs by approx. 5 because they also register subdomains and don't use wildcard certs. Source: <a href="https://www.bleepingcomputer.com/news/security/revolver-rabbit-gang-registers-500-000-domains-for-malware-campaigns/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/revolver-rabbit-gang-registers-500-000-domains-for-malware-campaigns/</span></a></p><p><span class="h-card" translate="no"><a href="https://ec.social-network.europa.eu/@EUCommission" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>EUCommission</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>letsencrypt</span></a></span> <span class="h-card" translate="no"><a href="https://social.nlnet.nl/@nlnet" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>nlnet</span></a></span> </p><p><a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spoofing</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certificates</span></a> <a href="https://infosec.exchange/tags/httpsVShttp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>httpsVShttp</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/bond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bond</span></a> <a href="https://infosec.exchange/tags/dotBond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dotBond</span></a> <a href="https://infosec.exchange/tags/Spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spam</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ransomware</span></a> <a href="https://infosec.exchange/tags/Banks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Banks</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://mastodon.social/@BjornW" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>BjornW</span></a></span> :</p><p>I've stopped doing that after a lot of people called me an idiot and a liar if I kindly notified them. I stopped, I'll get scolded anyway.</p><p>Big tech and most admins want everyone to believe that "Let's Encrypt" is the only goal. Nearly 100% of tech people believe that.</p><p>And admins WANT to believe that, because reliable authentication of website owners is a PITA. They just love ACME and tell their website visitors to GFY.</p><p>People like you tooting nonsense get a lot of boosts. It's called fake news or big tech propaganda. If you know better, why don't you WRITE BETTER?</p><p>It has ruined the internet. Not for phun but purely for profit. And it is what ruins people's lives and lets employees open the vdoor for ransomware and data-theft.</p><p>See also <a href="https://infosec.exchange/@ErikvanStraten/112914047006977222" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/112914047006977222</span></a> (and, in Dutch, <a href="https://security.nl/posting/881296" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">security.nl/posting/881296</span><span class="invisible"></span></a>).</p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@troyhunt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>troyhunt</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>letsencrypt</span></a></span> </p><p><a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/AnonymousCertificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AnonymousCertificates</span></a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/LetsAuthenticate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LetsAuthenticate</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LetsEncrypt</span></a> <a href="https://infosec.exchange/tags/Identity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Identity</span></a> <a href="https://infosec.exchange/tags/Authenticity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authenticity</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spoofing</span></a> <a href="https://infosec.exchange/tags/CyberCrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberCrime</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/Weak2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Weak2FA</span></a> <a href="https://infosec.exchange/tags/WeakMFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WeakMFA</span></a> <a href="https://infosec.exchange/tags/DVcerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DVcerts</span></a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certificates</span></a> <a href="https://infosec.exchange/tags/ACME" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ACME</span></a> <a href="https://infosec.exchange/tags/USdependencies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USdependencies</span></a> <a href="https://infosec.exchange/tags/USdependency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USdependency</span></a> <a href="https://infosec.exchange/tags/USdependent" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USdependent</span></a> <a href="https://infosec.exchange/tags/USAdependencies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USAdependencies</span></a> <a href="https://infosec.exchange/tags/USAdependency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USAdependency</span></a> <a href="https://infosec.exchange/tags/USAdependent" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USAdependent</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@troyhunt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>troyhunt</span></a></span> : if we open a website that we've never visited before, we need browsers to show us all available details about that website, and warn us if such details are not available.</p><p>We also need better (readable) certificates identifying the responsible / accountable party for a website.</p><p>We have been lied to that anonymous DV certificates are a good idea *also* for websites we need to trust. It's a hoax.</p><p>Important: certificates never directly warrant the trustworthyness of a website. They're about authenticity, which includes knowing who the owner is and in which country they are located. This helps ensuring that you can sue them (or not, if in e.g. Russia) which *indirectly* makes better identifiable websites more reliable.</p><p>More info in <a href="https://infosec.exchange/@ErikvanStraten/113079966331873386" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/113079966331873386</span></a> (see also <a href="https://crt.sh/?Identity=mailchimp-sso.com" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">crt.sh/?Identity=mailchimp-sso</span><span class="invisible">.com</span></a>).</p><p>Note: most people do not understand certificates, like <span class="h-card" translate="no"><a href="https://mastodon.social/@BjornW" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>BjornW</span></a></span> in <a href="https://mastodon.social/@BjornW/114064065891034415" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.social/@BjornW/114064</span><span class="invisible">065891034415</span></a>:<br>❝<br><span class="h-card" translate="no"><a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>letsencrypt</span></a></span> offers certificates to encrypt the traffic between a website & your browser.<br>❞<br>2x wrong.</p><p>A TLS v1.3 connection is encrypted before the website sends their certificate, which is used only for *authentication* of the website (using a digital signature over unguessable secret TLS connection parameters). A cert binds the domain name to a public key, and the website proves possession of the associated private key.</p><p>However, for people a domain name simply does not suffice for reliable identification. People need more info in the certificate and it should be shown to them when it changes.</p><p>Will you please help me get this topic seriously on the public agenda?</p><p>Edited 09:15 UTC to add: tap "Alt" in the images for details.</p><p><a href="https://infosec.exchange/tags/DVcerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DVcerts</span></a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spoofing</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certificates</span></a> <a href="https://infosec.exchange/tags/httpsVShttp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>httpsVShttp</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a></p>
Lucas Janin 🇨🇦🇫🇷<p>Proxmox + Pocket-ID + Bitwarden + Passkey = ❤️ <br>I love this seamless login experience! The future is passwordless authentication. Pocket-ID only supports passkey authentication, so you don't need a password.</p><p><a href="https://pocket-id.org" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pocket-id.org</span><span class="invisible"></span></a></p><p><a href="https://mastodon.social/tags/OIDC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OIDC</span></a> <a href="https://mastodon.social/tags/PocketID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PocketID</span></a> <a href="https://mastodon.social/tags/Bitwarden" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bitwarden</span></a> <a href="https://mastodon.social/tags/Vaultwarden" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vaultwarden</span></a> <a href="https://mastodon.social/tags/passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkey</span></a> <a href="https://mastodon.social/tags/Proxmox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Proxmox</span></a> <a href="https://mastodon.social/tags/selfhosted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhosted</span></a> <a href="https://mastodon.social/tags/selfhosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhosting</span></a> <a href="https://mastodon.social/tags/homelab" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>homelab</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a></p>
Grumpy Website<p>We noticed you were working. How about you do a meaningless chore for us instead?</p><p><a href="https://mastodon.online/tags/Slack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Slack</span></a> <a href="https://mastodon.online/tags/Login" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Login</span></a> <a href="https://mastodon.online/tags/Logout" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Logout</span></a> <a href="https://mastodon.online/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://mastodon.online/tags/Popup" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Popup</span></a> <a href="https://mastodon.online/tags/Timeout" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Timeout</span></a></p>
Gonçalo Valério<p>"CVE-2024-9956 - PassKey Account Takeover in All Mobile Browsers"</p><p><a href="https://mastersplinter.work/research/passkey/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastersplinter.work/research/p</span><span class="invisible">asskey/</span></a></p><p><a href="https://s.ovalerio.net/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://s.ovalerio.net/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a> <a href="https://s.ovalerio.net/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkeys</span></a></p>
injee<p><a href="https://youtube.com/watch?v=QXrSO7ASUSg" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">youtube.com/watch?v=QXrSO7ASUS</span><span class="invisible">g</span></a></p><p><a href="https://universeodon.com/tags/WebDevelopment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebDevelopment</span></a> <a href="https://universeodon.com/tags/API" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>API</span></a> <a href="https://universeodon.com/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://universeodon.com/tags/FrontEnd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FrontEnd</span></a></p>
Matthew Turland<p>If you had to explain <a href="https://phpc.social/tags/OAuth2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OAuth2</span></a> to a relatively new SWE who only had a bit of experience interacting with public APIs from a frontend UI, are there any specific beginner-friendly online resources you'd recommend to them?</p><p><a href="https://phpc.social/tags/OAuth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OAuth</span></a> <a href="https://phpc.social/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://phpc.social/tags/SoftwareEngineering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SoftwareEngineering</span></a> <a href="https://phpc.social/tags/SoftwareDevelopment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SoftwareDevelopment</span></a> <a href="https://phpc.social/tags/Education" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Education</span></a></p>
N-gated Hacker News<p>In an internet-breaking revelation, some brave soul has finally figured out how to authenticate to <a href="https://mastodon.social/tags/MSK" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MSK</span></a> without a password by using <a href="https://mastodon.social/tags/C" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>C</span></a>++. 🎉 Because who needs simplicity when you can have an extra layer of C++ complexity? 😂 Meanwhile, <a href="https://mastodon.social/tags/developers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>developers</span></a> everywhere weep with <a href="https://mastodon.social/tags/joy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>joy</span></a> at yet another way to forget their credentials. 🔑🚫<br><a href="https://github.com/timeplus-io/proton/blob/develop/src/IO/Kafka/AwsMskIamSigner.cpp" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/timeplus-io/proton/</span><span class="invisible">blob/develop/src/IO/Kafka/AwsMskIamSigner.cpp</span></a> <a href="https://mastodon.social/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://mastodon.social/tags/Passwordless" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passwordless</span></a> <a href="https://mastodon.social/tags/HackerNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HackerNews</span></a> <a href="https://mastodon.social/tags/ngated" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ngated</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload