jm + auth   4

What I Learned Trying To Secure Congressional Campaigns (Idle Words)
'on August 22, the DNC had a phishing scare, where they mistook a vulnerability assessment for an actual attack. The next day, DCCC Executive Director Dan Sena sent an email to all campaigns with the subject line "Reminder About Cybersecurity". That email included three attachments, including a file evocatively titled "2-20170712-Falcon.docx".'
politics  security  dnc  democrats  funny  yubikeys  gmail  google  auth  phishing  hacking  congress 
21 days ago by jm
ChromeCast HTTP APIs
similar to the Google Home hackable APIs, it seems Chromecasts are easily hacked/scripted with no auth
auth  http  apis  security  chromecast  google 
october 2018 by jm
Google Home (in)Security
0 authentication on some setup APIs, including 'delete the current wifi network config' -- pretty major lack of security
auth  security  fail  google  google-home 
october 2018 by jm
Authenticated app packages on Sandstorm with PGP and Keybase
Nice approach to package authentication UX using Keybase/PGP.
When you go to install a package, Sandstorm verifies that the package is correctly signed by the Ed25519 key. It looks for a PGP signature in the metadata, and verifies that the PGP-signed assertion is for the correct app ID and the email address specified in the metadata. It queries the Keybase API to see what accounts the packager has proven ownership of, and lists them with their links on the app install page.
authentication  auth  packages  sandstorm  keybase  pgp  gpg  security 
november 2015 by jm

Copy this bookmark:



description:


tags: