Mastouille

2 messages2 participants0 message aujourd’hui

🧿🪬🍄🌈🎮💻🚲🥓🎃💀🏴🛻🇺🇸Explain <a href="https://mastodon.social/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passkeys</a> to me like I'm your grandparents.<a href="https://mastodon.social/tags/2fa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#2fa</a> <a href="https://mastodon.social/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#authentication</a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://mastodon.social/tags/fido" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#fido</a> <a href="https://mastodon.social/tags/webauthn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#webauthn</a> <a href="https://mastodon.social/tags/fido2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#fido2</a> <a href="https://mastodon.social/tags/otp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#otp</a> <a href="https://mastodon.social/tags/yubikey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#yubikey</a> <a href="https://mastodon.social/tags/password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#password</a> <a href="https://mastodon.social/tags/auth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#auth</a>

Ethan ShollySelf-Host Weekly (6 June 2025)Open-sourced government apps, software updates and launches, a spotlight on <a href="https://fosstodon.org/tags/Tinyauth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Tinyauth</a> -- a simple <a href="https://fosstodon.org/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#authentication</a> middleware, and more in this week's self-hosted recap!<a href="https://selfh.st/weekly/2025-06-06/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://selfh.st/weekly/2025-06-06/</a><a href="https://fosstodon.org/tags/selfhost" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#selfhost</a> <a href="https://fosstodon.org/tags/selfhosted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#selfhosted</a> <a href="https://fosstodon.org/tags/selfhosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#selfhosting</a> <a href="https://fosstodon.org/tags/newsletter" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#newsletter</a> <a href="https://fosstodon.org/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a> <a href="https://fosstodon.org/tags/foss" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#foss</a> <a href="https://fosstodon.org/tags/homelab" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#homelab</a> <a href="https://fosstodon.org/tags/homeserver" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#homeserver</a> <a href="https://fosstodon.org/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#privacy</a> <a href="https://fosstodon.org/tags/nextcloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#nextcloud</a> <a href="https://fosstodon.org/tags/raspberrypi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#raspberrypi</a> <a href="https://fosstodon.org/tags/irs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#irs</a> <a href="https://fosstodon.org/tags/dumbassets" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dumbassets</a>

MainmatterUsername/password, OAuth, UI state, persistence, everything you need to know.Led by Svelte maintainer <a href="https://front-end.social/@paoloricciuti" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@paoloricciuti</a> . Hands-on. 1 day. 30 seats.📅 Book now ➡️ <a href="https://ti.to/mainmatter/authentication-for-svelte-july-2025" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://ti.to/mainmatter/authentication-for-svelte-july-2025</a> <a href="https://fosstodon.org/tags/Svelte" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Svelte</a> <a href="https://fosstodon.org/tags/SvelteKit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SvelteKit</a> <a href="https://fosstodon.org/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Authentication</a> <a href="https://fosstodon.org/tags/WebDev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WebDev</a> <a href="https://fosstodon.org/tags/Mainmatter" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Mainmatter</a>🧵2/2

Lars WirzeniusIf your software stores passwords in a way that they can be retrieved, and your software isn't a password manager, your software is broken.Verifying that a password provided by a user is correct does not require you to store the password. As an industry we knew this in 1978. It has been 0 days since I saw software that violates this.<a href="https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html</a><a href="https://toot.liw.fi/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://toot.liw.fi/tags/password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#password</a> <a href="https://toot.liw.fi/tags/passwordStorage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passwordStorage</a> <a href="https://toot.liw.fi/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#authentication</a> <a href="https://toot.liw.fi/tags/rant" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rant</a>

Felix Palmen :freebsd: :c64:Just released: <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#swad</a> 0.10<a href="https://github.com/Zirias/swad/releases/tag/v0.10" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/Zirias/swad/releases/tag/v0.10</a>Swad is the "Simple Web Authentication Daemon". If you're looking for a way to add <a href="https://mastodon.bsd.cafe/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#authentication</a> (and/or proof-of-work access as known from <a href="https://mastodon.bsd.cafe/tags/anubis" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#anubis</a>) to your <a href="https://mastodon.bsd.cafe/tags/nginx" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#nginx</a> reverse proxy -- without adding yet another reverse proxy -- swad could be for you! It's written in pure <a href="https://mastodon.bsd.cafe/tags/C" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#C</a>, has few external dependencies (just zlib, and optionally OpenSSL/Libressl and/or libpam) and compiles to a pretty small binary. It's designed for usage with nginx' 'auth_request'.Swad is tested on <a href="https://mastodon.bsd.cafe/tags/FreeBSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FreeBSD</a>, some basic functionality tests were also done on <a href="https://mastodon.bsd.cafe/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Linux</a> and <a href="https://mastodon.bsd.cafe/tags/illumos" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#illumos</a> (descendant from <a href="https://mastodon.bsd.cafe/tags/solaris" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#solaris</a>). It *should* build and work on most <a href="https://mastodon.bsd.cafe/tags/POSIX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#POSIX</a>-alike systems.This release mainly brings performance improvements and a few bugfixes. It's now stress-tested with Apache jmeter, verifying it can deal with at least 1000 requests per second on my personal (somewhat limited) FreeBSD host machine.

LinuxiacAuthelia open-source authentication and authorization server passes OpenID Connect certification, confirming full conformance with implemented profiles. <a href="https://linuxiac.com/authelia-authentication-server-achieves-openid-certified-status/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://linuxiac.com/authelia-authentication-server-achieves-openid-certified-status/</a><a href="https://mastodon.social/tags/authelia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#authelia</a> <a href="https://mastodon.social/tags/sso" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sso</a> <a href="https://mastodon.social/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a> <a href="https://mastodon.social/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#authentication</a> <a href="https://mastodon.social/tags/openid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#openid</a>

Frontend DogmaPasskeys for Normal People, by <a href="https://infosec.exchange/@troyhunt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@troyhunt</a>:<a href="https://www.troyhunt.com/passkeys-for-normal-people/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.troyhunt.com/passkeys-for-normal-people/</a><a href="https://mas.to/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://mas.to/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#authentication</a> <a href="https://mas.to/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passkeys</a> <a href="https://mas.to/tags/examples" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#examples</a> <a href="https://mas.to/tags/concepts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#concepts</a>

Christoffer S.Man... it really is one thing to talk about authentication, hashed and salted passwords, rounds etc.But when implementing one a whole new set of challenges arises. Where to store state, how to cache, how to validate/invalidate session states, how to check authenticated state, parameters to include upon authentication, secure generation of tokens.Things ... as a user you just never reflect upon, but when building things suddenly you do care, and realize how incredibly complex and hard it is to do authentication.And I have not even touched authorization and access permissions yet...<a href="https://swecyb.com/tags/Developers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Developers</a> <a href="https://swecyb.com/tags/Programming" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Programming</a> <a href="https://swecyb.com/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Authentication</a> <a href="https://swecyb.com/tags/AuthN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AuthN</a> <a href="https://swecyb.com/tags/Development" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Development</a> <a href="https://swecyb.com/tags/Reflex" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Reflex</a> <a href="https://swecyb.com/tags/Web" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Web</a> <a href="https://swecyb.com/tags/WebDev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WebDev</a>

W3C DevelopersTwo existing <a href="https://w3c.social/@w3c" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@w3c</a> specifications are published under a new level. <a href="https://w3c.social/tags/FPWD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FPWD</a> <a href="https://w3c.social/tags/timetogiveinput" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#timetogiveinput</a> - "Web Cryptography Level 2" defines a <a href="https://w3c.social/tags/JavaScript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#JavaScript</a> <a href="https://w3c.social/tags/API" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#API</a> for cryptographic operations like hashing, signing, and <a href="https://w3c.social/tags/encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#encryption</a>, <a href="https://w3c.social/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#authentication</a> ▶️ <a href="https://www.w3.org/TR/webcrypto-2/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.w3.org/TR/webcrypto-2/</a> - "Subresource Integrity" specifies a way for user agents to verify that fetched resources haven’t been tampered with ▶️ <a href="https://www.w3.org/TR/sri-2/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.w3.org/TR/sri-2/</a>Feedback welcome in the resp. directories: <a href="https://github.com/w3c/webcrypto/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/w3c/webcrypto/</a> and <a href="https://github.com/w3c/webappsec-subresource-integrity/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/w3c/webappsec-subresource-integrity/</a>

Felix Palmen :freebsd: :c64:Just released: <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#swad</a> v0.2SWAD is the "Simple Web Authentication Daemon", meant to add <a href="https://mastodon.bsd.cafe/tags/cookie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cookie</a> <a href="https://mastodon.bsd.cafe/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#authentication</a> with a simple <a href="https://mastodon.bsd.cafe/tags/login" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#login</a> form and configurable credential checker modules to a reverse <a href="https://mastodon.bsd.cafe/tags/proxy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#proxy</a> supporting to delegate authentication to a backend service, like e.g. <a href="https://mastodon.bsd.cafe/tags/nginx" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#nginx</a>' "auth_request". It's a very small piece of software written in pure <a href="https://mastodon.bsd.cafe/tags/C" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#C</a> with as little external dependencies as possible. It requires some <a href="https://mastodon.bsd.cafe/tags/POSIX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#POSIX</a> (or "almost POSIX", like <a href="https://mastodon.bsd.cafe/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Linux</a>, <a href="https://mastodon.bsd.cafe/tags/FreeBSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FreeBSD</a>, ...) environment, OpenSSL (or LibreSSL) for TLS and zlib for response compression.Currently, the only credential checker module available offers <a href="https://mastodon.bsd.cafe/tags/PAM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PAM</a> authentication, more modules will come in later releases.swad 0.2 brings a few bugfixes and improvements, especially helping with security by rate-limiting the creation of new sessions as well as failed login attempts. Read details and grab it here:<a href="https://github.com/Zirias/swad/releases/tag/v0.2" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/Zirias/swad/releases/tag/v0.2</a>

Felix Palmen :freebsd: :c64:Released: <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#swad</a> v0.1 🥳 Looking for a simple way to add <a href="https://mastodon.bsd.cafe/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#authentication</a> to your <a href="https://mastodon.bsd.cafe/tags/nginx" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#nginx</a> reverse proxy? Then swad *could* be for you!swad is the "Simple Web Authentication Daemon", written in pure <a href="https://mastodon.bsd.cafe/tags/C" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#C</a> (+ <a href="https://mastodon.bsd.cafe/tags/POSIX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#POSIX</a>) with almost no external dependencies. <a href="https://mastodon.bsd.cafe/tags/TLS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TLS</a> support requires <a href="https://mastodon.bsd.cafe/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenSSL</a> (or <a href="https://mastodon.bsd.cafe/tags/LibreSSL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LibreSSL</a>). It's designed to work with nginx' "auth_request" module and offers authentication using a <a href="https://mastodon.bsd.cafe/tags/cookie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cookie</a> and a login form.Well, this is a first release and you can tell by the version number it isn't "complete" yet. Most notably, only one single credentials checker is implemented: <a href="https://mastodon.bsd.cafe/tags/PAM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PAM</a>. But as pam already allows pretty flexible configuration, I already consider this pretty useful 🙈If you want to know more, read here: <a href="https://github.com/Zirias/swad" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/Zirias/swad</a>

Boiling SteamMatrix.org Will Migrate to MAS: <a href="https://matrix.org/blog/2025/04/matrix-auth-service/" rel="nofollow noopener noreferrer" target="_blank">https://matrix.org/blog/2025/04/matrix-auth-service/</a> <a href="https://mastodon.cloud/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#linux</a> <a href="https://mastodon.cloud/tags/update" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#update</a> <a href="https://mastodon.cloud/tags/foss" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#foss</a> <a href="https://mastodon.cloud/tags/matrix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#matrix</a> <a href="https://mastodon.cloud/tags/mas" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mas</a> <a href="https://mastodon.cloud/tags/migration" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#migration</a> <a href="https://mastodon.cloud/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#authentication</a>

Bytes EuropeTrustly to Pilot Biometric Solution in Finland Before Rollout <a href="https://www.byteseu.com/865971/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.byteseu.com/865971/</a> <a href="https://pubeurope.com/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#authentication</a> <a href="https://pubeurope.com/tags/BiometricAuthentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BiometricAuthentication</a> <a href="https://pubeurope.com/tags/biometrics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#biometrics</a> <a href="https://pubeurope.com/tags/DigitalTransformation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DigitalTransformation</a> <a href="https://pubeurope.com/tags/EMEA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EMEA</a> <a href="https://pubeurope.com/tags/Finland" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Finland</a> <a href="https://pubeurope.com/tags/gaming" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#gaming</a> <a href="https://pubeurope.com/tags/IdentityVerification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IdentityVerification</a> <a href="https://pubeurope.com/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#News</a> <a href="https://pubeurope.com/tags/PayByBank" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PayByBank</a> <a href="https://pubeurope.com/tags/PYMNTSNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PYMNTSNews</a> <a href="https://pubeurope.com/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Technology</a> <a href="https://pubeurope.com/tags/Trustly" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Trustly</a> <a href="https://pubeurope.com/tags/TrustlyID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TrustlyID</a> <a href="https://pubeurope.com/tags/What" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#What</a>'sHot

Europe Says<a href="https://www.europesays.com/1944668/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.europesays.com/1944668/</a> Trustly to Pilot Biometric Solution in Finland Before Rollout <a href="https://pubeurope.com/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#authentication</a> <a href="https://pubeurope.com/tags/BiometricAuthentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BiometricAuthentication</a> <a href="https://pubeurope.com/tags/Biometrics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Biometrics</a> <a href="https://pubeurope.com/tags/DigitalTransformation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DigitalTransformation</a> <a href="https://pubeurope.com/tags/EMEA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EMEA</a> <a href="https://pubeurope.com/tags/finland" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#finland</a> <a href="https://pubeurope.com/tags/Gaming" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Gaming</a> <a href="https://pubeurope.com/tags/IdentityVerification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IdentityVerification</a> <a href="https://pubeurope.com/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#News</a> <a href="https://pubeurope.com/tags/PayByBank" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PayByBank</a> <a href="https://pubeurope.com/tags/PYMNTSNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PYMNTSNews</a> <a href="https://pubeurope.com/tags/Suomi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Suomi</a> <a href="https://pubeurope.com/tags/technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#technology</a> <a href="https://pubeurope.com/tags/Trustly" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Trustly</a> <a href="https://pubeurope.com/tags/TrustlyID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TrustlyID</a> <a href="https://pubeurope.com/tags/uutiset" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#uutiset</a> <a href="https://pubeurope.com/tags/What" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#What</a>'sHot

Erik van Straten<a href="https://mastodon.ar.al/@aral" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@aral</a> :I don't want to pay a cent. Neither donate, nor via taxes.<a href="https://infosec.exchange/@ErikvanStraten/114227977082449887" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/114227977082449887</a><a href="https://mstdn.social/@TheDutchChief" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@TheDutchChief</a> <a href="https://ec.social-network.europa.eu/@EUCommission" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@EUCommission</a> <a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@letsencrypt</a> <a href="https://social.nlnet.nl/@nlnet" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@nlnet</a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Authentication</a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Impersonation</a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Spoofing</a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DV</a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GoogleIsEvil</a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BigTechIsEvil</a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Certificates</a> <a href="https://infosec.exchange/tags/httpsVShttp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#httpsVShttp</a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AitM</a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MitM</a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FakeWebsites</a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudflareIsEvil</a> <a href="https://infosec.exchange/tags/bond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bond</a> <a href="https://infosec.exchange/tags/dotBond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dotBond</a> <a href="https://infosec.exchange/tags/Spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Spam</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ransomware</a> <a href="https://infosec.exchange/tags/Banks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Banks</a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudflareIsEvil</a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FakeWebsites</a>

Erik van Straten<a href="https://mastodon.ar.al/@aral" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@aral</a> : most Let's Encrypt (and other Domain Validated) certificates are issued to junk- or plain criminal websites.They're the ultimate manifestation of evil big tech.They were introduced to encrypt the "last mile" because Internet Service Providers were replacing ads in webpages and, in the other direction, inserting fake clicks.DV has destroyed the internet. People loose their ebank savings and companies get ransomwared; phishing is dead simple. EDIW/EUDIW will become an identity fraud disaster (because of AitM phishing atracks).Even the name "Let's Encrypt" is wrong for a CSP: nobody needs a certificate to encrypt a connection. The primary purpose of a certificate is AUTHENTICATION (of the owner of the private key, in this case the website).However, for human beings, just a domain name simply does not provide reliable identification information. It renders impersonation a peace of cake.Decent online authentication is HARD. Get used to it instead of denying it.REASONS/EXAMPLES🔹 Troy Hunt fell in the DV trap: <a href="https://infosec.exchange/@ErikvanStraten/114222237036021070" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/114222237036021070</a>🔹 Google (and Troy Hunt!) killed non-DV certs (for profit) because of the stripe.com PoC. Now Chrome does not give you any more info than what Google argumented: <a href="https://infosec.exchange/@ErikvanStraten/114224682101772569" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/114224682101772569</a>🔹 https:⧸⧸cancel-google.com/captcha was live yesterday: <a href="https://infosec.exchange/@ErikvanStraten/114224264440704546" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/114224264440704546</a>🔹 Stop phishing proposal: <a href="https://infosec.exchange/@ErikvanStraten/113079966331873386" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/113079966331873386</a>🔹 Lots of reasons why LE sucks: <a href="https://infosec.exchange/@ErikvanStraten/112914047006977222" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/112914047006977222</a> (corrected link 09:20 UTC)🔹 This website stopped registering junk .bond domain names, probably because there were too many every day (the last page I found): <a href="https://newly-registered-domains.abtdomain.com/2024-08-15-bond-newly-registered-domains-part-1/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://newly-registered-domains.abtdomain.com/2024-08-15-bond-newly-registered-domains-part-1/</a>. However, this gang is still active, open the RELATIONS tab in <a href="https://www.virustotal.com/gui/ip-address/13.248.197.209/relations" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.virustotal.com/gui/ip-address/13.248.197.209/relations</a>. You have to multiply the number of LE certs by approx. 5 because they also register subdomains and don't use wildcard certs. Source: <a href="https://www.bleepingcomputer.com/news/security/revolver-rabbit-gang-registers-500-000-domains-for-malware-campaigns/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/revolver-rabbit-gang-registers-500-000-domains-for-malware-campaigns/</a><a href="https://ec.social-network.europa.eu/@EUCommission" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@EUCommission</a> <a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@letsencrypt</a> <a href="https://social.nlnet.nl/@nlnet" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@nlnet</a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Authentication</a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Impersonation</a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Spoofing</a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DV</a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GoogleIsEvil</a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BigTechIsEvil</a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Certificates</a> <a href="https://infosec.exchange/tags/httpsVShttp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#httpsVShttp</a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AitM</a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MitM</a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FakeWebsites</a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudflareIsEvil</a> <a href="https://infosec.exchange/tags/bond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bond</a> <a href="https://infosec.exchange/tags/dotBond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dotBond</a> <a href="https://infosec.exchange/tags/Spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Spam</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ransomware</a> <a href="https://infosec.exchange/tags/Banks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Banks</a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudflareIsEvil</a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FakeWebsites</a>

Erik van Straten<a href="https://infosec.exchange/@troyhunt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@troyhunt</a> : if we open a website that we've never visited before, we need browsers to show us all available details about that website, and warn us if such details are not available.We also need better (readable) certificates identifying the responsible / accountable party for a website.We have been lied to that anonymous DV certificates are a good idea *also* for websites we need to trust. It's a hoax.Important: certificates never directly warrant the trustworthyness of a website. They're about authenticity, which includes knowing who the owner is and in which country they are located. This helps ensuring that you can sue them (or not, if in e.g. Russia) which *indirectly* makes better identifiable websites more reliable.More info in <a href="https://infosec.exchange/@ErikvanStraten/113079966331873386" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/113079966331873386</a> (see also <a href="https://crt.sh/?Identity=mailchimp-sso.com" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://crt.sh/?Identity=mailchimp-sso.com</a>).Note: most people do not understand certificates, like <a href="https://mastodon.social/@BjornW" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@BjornW</a> in <a href="https://mastodon.social/@BjornW/114064065891034415" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://mastodon.social/@BjornW/114064065891034415</a>: ❝ <a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@letsencrypt</a> offers certificates to encrypt the traffic between a website & your browser. ❞ 2x wrong.A TLS v1.3 connection is encrypted before the website sends their certificate, which is used only for *authentication* of the website (using a digital signature over unguessable secret TLS connection parameters). A cert binds the domain name to a public key, and the website proves possession of the associated private key.However, for people a domain name simply does not suffice for reliable identification. People need more info in the certificate and it should be shown to them when it changes.Will you please help me get this topic seriously on the public agenda?Edited 09:15 UTC to add: tap "Alt" in the images for details.<a href="https://infosec.exchange/tags/DVcerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DVcerts</a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Authentication</a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Impersonation</a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Spoofing</a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DV</a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GoogleIsEvil</a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BigTechIsEvil</a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Certificates</a> <a href="https://infosec.exchange/tags/httpsVShttp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#httpsVShttp</a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AitM</a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MitM</a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FakeWebsites</a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudflareIsEvil</a>

julian2FA codes sent over ActivityPub when?

W3C DevelopersThe <a href="https://w3c.social/@w3c" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@w3c</a> Federated Identity <a href="https://w3c.social/tags/WorkingGroup" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WorkingGroup</a> aims to create specs for secure, <a href="https://w3c.social/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#privacy</a> friendly, and user-controlled <a href="https://w3c.social/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#authentication</a> and credential presentation ▶️ <a href="https://www.w3.org/groups/wg/fedid/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.w3.org/groups/wg/fedid/</a>Their updated charter introduces the Digital Credentials <a href="https://w3c.social/tags/API" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#API</a>, which facilitates user agents in managing access to and presenting digital <a href="https://w3c.social/tags/credentials" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#credentials</a>, such as a driver's license, government-issued ID, or other forms of digital credentials.🎬 Find out more about this work by <a href="https://mastodon.social/@sphcow" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@sphcow</a>: <a href="https://youtu.be/GI3UTZJ0Ue4" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://youtu.be/GI3UTZJ0Ue4</a>

Georgiana BrummellFirst, they shut down the Basic HTML site, forcing many of us to switch to clients such as Thunderbird. Now, they're using qr codes which are not only inaccessible to the blind but also to those who don't use smartphones! This is ridiculous! Yes, they do still have the option to click whether it's you trying to sign in or not (which still requires a smartphone and a carrier, which they claim to be concerned about), but how long before they remove that, too?<a href="https://www.pcmag.com/news/google-is-replacing-sms-codes-with-qr-codes-for-gmail-authentication" rel="nofollow noopener noreferrer" target="_blank">pcmag.com/news/google-is-repla…</a><a href="https://friendica.world/search?tag=accessibility" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#accessibility</a> <a href="https://friendica.world/search?tag=Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Android</a> <a href="https://friendica.world/search?tag=authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#authentication</a> <a href="https://friendica.world/search?tag=blind" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#blind</a> <a href="https://friendica.world/search?tag=Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Google</a> <a href="https://friendica.world/search?tag=GMail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GMail</a> <a href="https://friendica.world/search?tag=IOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IOS</a> <a href="https://friendica.world/search?tag=Narrator" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Narrator</a> <a href="https://friendica.world/search?tag=NVDA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NVDA</a> <a href="https://friendica.world/search?tag=sms" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sms</a> <a href="https://friendica.world/search?tag=Talkback" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Talkback</a> <a href="https://friendica.world/search?tag=technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#technology</a> <a href="https://friendica.world/search?tag=Voiceover" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Voiceover</a> <a href="https://friendica.world/search?tag=Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Windows</a>

Recherches récentes

Options de recherche

Administré par :

Statistiques du serveur :

#authentication