jm + auth   3

ChromeCast HTTP APIs
similar to the Google Home hackable APIs, it seems Chromecasts are easily hacked/scripted with no auth
auth  http  apis  security  chromecast  google 
18 days ago by jm
Google Home (in)Security
0 authentication on some setup APIs, including 'delete the current wifi network config' -- pretty major lack of security
auth  security  fail  google  google-home 
18 days ago by jm
Authenticated app packages on Sandstorm with PGP and Keybase
Nice approach to package authentication UX using Keybase/PGP.
When you go to install a package, Sandstorm verifies that the package is correctly signed by the Ed25519 key. It looks for a PGP signature in the metadata, and verifies that the PGP-signed assertion is for the correct app ID and the email address specified in the metadata. It queries the Keybase API to see what accounts the packager has proven ownership of, and lists them with their links on the app install page.
authentication  auth  packages  sandstorm  keybase  pgp  gpg  security 
november 2015 by jm

Copy this bookmark:



description:


tags: