mastodon.ie

Alvin Ashcraft 🐿️OAuth 2.0 Access Tokens and the Principle of Least Privilege | by Andrea Chiarelli.<a href="https://auth0.com/blog/oauth2-access-tokens-and-principle-of-least-privilege/" rel="nofollow noopener" translate="no" target="_blank">https://auth0.com/blog/oauth2-access-tokens-and-principle-of-least-privilege/</a> <a href="https://hachyderm.io/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#authorization</a> <a href="https://hachyderm.io/tags/oauth" class="mention hashtag" rel="nofollow noopener" target="_blank">#oauth</a> <a href="https://hachyderm.io/tags/auth0" class="mention hashtag" rel="nofollow noopener" target="_blank">#auth0</a>

BillHere's a new-to-me password spray tool that looks a hell of a lot more functional that Burp Intruder.<a href="https://github.com/blacklanternsecurity/TREVORspray" rel="nofollow noopener" translate="no" target="_blank">https://github.com/blacklanternsecurity/TREVORspray</a><a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#pentest</a> <a href="https://infosec.exchange/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#authorization</a>

|7eter l-|. l3oling 🧰Ann: Launched Open Collective for Ruby OAuth gems (oauth, oauth2, & others)I've been the primary maintainer of OAuth tools in Ruby since 2017. In this move toward supporting myself with open source work I need your help! <a href="https://opencollective.com/ruby-oauth" rel="nofollow noopener" translate="no" target="_blank">https://opencollective.com/ruby-oauth</a> <a href="https://ruby.social/tags/Ruby" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ruby</a> <a href="https://ruby.social/tags/OAuth" class="mention hashtag" rel="nofollow noopener" target="_blank">#OAuth</a> <a href="https://ruby.social/tags/Authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#Authorization</a> <a href="https://ruby.social/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#Security</a> <a href="https://ruby.social/tags/OIDC" class="mention hashtag" rel="nofollow noopener" target="_blank">#OIDC</a>

Alvin Ashcraft 🐿️Please Don't Write Your Own MCP Authorization Code | by Den Delimarsky.<a href="https://den.dev/blog/mcp-prm-auth/" rel="nofollow noopener" translate="no" target="_blank">https://den.dev/blog/mcp-prm-auth/</a> <a href="https://hachyderm.io/tags/ai" class="mention hashtag" rel="nofollow noopener" target="_blank">#ai</a> <a href="https://hachyderm.io/tags/mcp" class="mention hashtag" rel="nofollow noopener" target="_blank">#mcp</a> <a href="https://hachyderm.io/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#authorization</a> <a href="https://hachyderm.io/tags/modelcontextprotocol" class="mention hashtag" rel="nofollow noopener" target="_blank">#modelcontextprotocol</a> <a href="https://hachyderm.io/tags/aiagents" class="mention hashtag" rel="nofollow noopener" target="_blank">#aiagents</a>

beSpacificTrump’s effort, combined thrust of his other <a href="https://newsie.social/tags/constitutional" class="mention hashtag" rel="nofollow noopener" target="_blank">#constitutional</a> transgressions, uniquely dangerous. No indication he gave any thought to seeking <a href="https://newsie.social/tags/congressional" class="mention hashtag" rel="nofollow noopener" target="_blank">#congressional</a> <a href="https://newsie.social/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#authorization</a>. As self-concerned, immature a commander-in-chief as country has had, he likely acted, as always, out of crass self-interest. <a href="https://newsie.social/tags/Israel" class="mention hashtag" rel="nofollow noopener" target="_blank">#Israel</a> surprisingly successful <a href="https://newsie.social/tags/bombardment" class="mention hashtag" rel="nofollow noopener" target="_blank">#bombardment</a> of last week put him in position to be a winner by finishing off the job—very possibly the only thing that was in his <a href="https://newsie.social/tags/lizard" class="mention hashtag" rel="nofollow noopener" target="_blank">#lizard</a> <a href="https://newsie.social/tags/brain" class="mention hashtag" rel="nofollow noopener" target="_blank">#brain</a>. <a href="https://harrylitman.substack.com/p/trumps-strike-on-iran-and-the-constitution" rel="nofollow noopener" translate="no" target="_blank">https://harrylitman.substack.com/p/trumps-strike-on-iran-and-the-constitution</a>

beSpacific<a href="https://newsie.social/tags/Trump" class="mention hashtag" rel="nofollow noopener" target="_blank">#Trump</a> faces <a href="https://newsie.social/tags/bipartisan" class="mention hashtag" rel="nofollow noopener" target="_blank">#bipartisan</a> blowback in <a href="https://newsie.social/tags/Congress" class="mention hashtag" rel="nofollow noopener" target="_blank">#Congress</a> on <a href="https://newsie.social/tags/Iran" class="mention hashtag" rel="nofollow noopener" target="_blank">#Iran</a> strikes Why it matters: While most <a href="https://newsie.social/tags/congressional" class="mention hashtag" rel="nofollow noopener" target="_blank">#congressional</a> <a href="https://newsie.social/tags/Republicans" class="mention hashtag" rel="nofollow noopener" target="_blank">#Republicans</a> some pro-Israel <a href="https://newsie.social/tags/Democrats" class="mention hashtag" rel="nofollow noopener" target="_blank">#Democrats</a> are praising President Trump's strikes on <a href="https://newsie.social/tags/Iranian" class="mention hashtag" rel="nofollow noopener" target="_blank">#Iranian</a> <a href="https://newsie.social/tags/nuclear" class="mention hashtag" rel="nofollow noopener" target="_blank">#nuclear</a> facilities, pockets of <a href="https://newsie.social/tags/opposition" class="mention hashtag" rel="nofollow noopener" target="_blank">#opposition</a> are already emerging over whether he needed congressional <a href="https://newsie.social/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#authorization</a> for such a <a href="https://newsie.social/tags/provocative" class="mention hashtag" rel="nofollow noopener" target="_blank">#provocative</a> use of <a href="https://newsie.social/tags/military" class="mention hashtag" rel="nofollow noopener" target="_blank">#military</a> <a href="https://newsie.social/tags/force" class="mention hashtag" rel="nofollow noopener" target="_blank">#force</a>. Yes, he did need Congressional <a href="https://newsie.social/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#authorization</a>..why is there even a question. <a href="https://newsie.social/tags/warpowers" class="mention hashtag" rel="nofollow noopener" target="_blank">#warpowers</a> <a href="https://newsie.social/tags/foreign" class="mention hashtag" rel="nofollow noopener" target="_blank">#foreign</a> <a href="https://newsie.social/tags/policy" class="mention hashtag" rel="nofollow noopener" target="_blank">#policy</a> <a href="https://newsie.social/tags/retaliation" class="mention hashtag" rel="nofollow noopener" target="_blank">#retaliation</a> <a href="https://newsie.social/tags/democracy" class="mention hashtag" rel="nofollow noopener" target="_blank">#democracy</a> <a href="https://newsie.social/tags/war" class="mention hashtag" rel="nofollow noopener" target="_blank">#war</a>

MineEyesDazzle<a href="https://mas.to/tags/USpolitics" class="mention hashtag" rel="nofollow noopener" target="_blank">#USpolitics</a> <a href="https://mas.to/tags/Hegseth" class="mention hashtag" rel="nofollow noopener" target="_blank">#Hegseth</a> <a href="https://mas.to/tags/mass" class="mention hashtag" rel="nofollow noopener" target="_blank">#mass</a> <a href="https://mas.to/tags/protesters" class="mention hashtag" rel="nofollow noopener" target="_blank">#protesters</a> <a href="https://mas.to/tags/protests" class="mention hashtag" rel="nofollow noopener" target="_blank">#protests</a> <a href="https://mas.to/tags/protest" class="mention hashtag" rel="nofollow noopener" target="_blank">#protest</a> <a href="https://mas.to/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#authorization</a> <a href="https://mas.to/tags/authorize" class="mention hashtag" rel="nofollow noopener" target="_blank">#authorize</a> <a href="https://mas.to/tags/UseOfForce" class="mention hashtag" rel="nofollow noopener" target="_blank">#UseOfForce</a><a href="https://www.reddit.com/r/Astuff/comments/1lexjw3/hegseth_refuses_to_answer_whether_he_has_given/" rel="nofollow noopener" translate="no" target="_blank">https://www.reddit.com/r/Astuff/comments/1lexjw3/hegseth_refuses_to_answer_whether_he_has_given/</a>

🤘 The Metal Dog 🤘<a href="https://mastodon.themetaldog.net/tags/TheMetalDogArticleList" class="mention hashtag" rel="nofollow noopener" target="_blank">#TheMetalDogArticleList</a> <a href="https://mastodon.themetaldog.net/tags/Blabbermouth" class="mention hashtag" rel="nofollow noopener" target="_blank">#Blabbermouth</a> NANCY WILSON Says TRUMP's Military Parade Used HEART's 'Barracuda' 'Without Permission Or Authorization'<a href="https://blabbermouth.net/news/nancy-wilson-says-trumps-military-parade-used-hearts-barracuda-without-permission-or-authorization" rel="nofollow noopener" translate="no" target="_blank">https://blabbermouth.net/news/nancy-wilson-says-trumps-military-parade-used-hearts-barracuda-without-permission-or-authorization</a><a href="https://mastodon.themetaldog.net/tags/NancyWilson" class="mention hashtag" rel="nofollow noopener" target="_blank">#NancyWilson</a> <a href="https://mastodon.themetaldog.net/tags/Trump" class="mention hashtag" rel="nofollow noopener" target="_blank">#Trump</a> <a href="https://mastodon.themetaldog.net/tags/HEART" class="mention hashtag" rel="nofollow noopener" target="_blank">#HEART</a> <a href="https://mastodon.themetaldog.net/tags/Barracuda" class="mention hashtag" rel="nofollow noopener" target="_blank">#Barracuda</a> <a href="https://mastodon.themetaldog.net/tags/MilitaryParade" class="mention hashtag" rel="nofollow noopener" target="_blank">#MilitaryParade</a> <a href="https://mastodon.themetaldog.net/tags/WashingtonDC" class="mention hashtag" rel="nofollow noopener" target="_blank">#WashingtonDC</a> <a href="https://mastodon.themetaldog.net/tags/USArmy" class="mention hashtag" rel="nofollow noopener" target="_blank">#USArmy</a> <a href="https://mastodon.themetaldog.net/tags/DonaldTrump" class="mention hashtag" rel="nofollow noopener" target="_blank">#DonaldTrump</a> <a href="https://mastodon.themetaldog.net/tags/MusicLicensing" class="mention hashtag" rel="nofollow noopener" target="_blank">#MusicLicensing</a> <a href="https://mastodon.themetaldog.net/tags/Authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#Authorization</a>

beSpacificVial military.com - Guard troops unpaid and in limbo: Over 4,000 <a href="https://newsie.social/tags/California" class="mention hashtag" rel="nofollow noopener" target="_blank">#California</a> <a href="https://newsie.social/tags/NationalGuard" class="mention hashtag" rel="nofollow noopener" target="_blank">#NationalGuard</a> <a href="https://newsie.social/tags/soldiers" class="mention hashtag" rel="nofollow noopener" target="_blank">#soldiers</a> deployed to <a href="https://newsie.social/tags/LosAngeles" class="mention hashtag" rel="nofollow noopener" target="_blank">#LosAngeles</a> remain unpaid due to delays in official activation orders, leaving their pay, benefits, and legal status uncertain. <a href="https://newsie.social/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#authorization</a> <a href="https://newsie.social/tags/orders" class="mention hashtag" rel="nofollow noopener" target="_blank">#orders</a> <a href="https://newsie.social/tags/pentagon" class="mention hashtag" rel="nofollow noopener" target="_blank">#pentagon</a> <a href="https://newsie.social/tags/DHS" class="mention hashtag" rel="nofollow noopener" target="_blank">#DHS</a> <a href="https://newsie.social/tags/immigration" class="mention hashtag" rel="nofollow noopener" target="_blank">#immigration</a> <a href="https://newsie.social/tags/civilliberties" class="mention hashtag" rel="nofollow noopener" target="_blank">#civilliberties</a> <a href="https://newsie.social/tags/logistics" class="mention hashtag" rel="nofollow noopener" target="_blank">#logistics</a> <a href="https://newsie.social/tags/hegseth" class="mention hashtag" rel="nofollow noopener" target="_blank">#hegseth</a> Poor planning & conditions: Troops report chaotic logistics w some sleeping outdoors on cots, facing inconsistent access to <a href="https://newsie.social/tags/food" class="mention hashtag" rel="nofollow noopener" target="_blank">#food</a>, <a href="https://newsie.social/tags/fuel" class="mention hashtag" rel="nofollow noopener" target="_blank">#fuel</a>, hastily organized <a href="https://newsie.social/tags/mission" class="mention hashtag" rel="nofollow noopener" target="_blank">#mission</a> <a href="https://newsie.social/tags/trump" class="mention hashtag" rel="nofollow noopener" target="_blank">#trump</a>

Pyrzout :vm:Best Practices for User Authentication and Authorization in Web Applications: A Comprehensive Security Framework – Source: securityboulevard.com <a href="https://ciso2ciso.com/best-practices-for-user-authentication-and-authorization-in-web-applications-a-comprehensive-security-framework-source-securityboulevard-com/" rel="nofollow noopener" translate="no" target="_blank">https://ciso2ciso.com/best-practices-for-user-authentication-and-authorization-in-web-applications-a-comprehensive-security-framework-source-securityboulevard-com/</a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#rssfeedpostgeneratorecho</a> <a href="https://social.skynetcloud.site/tags/SecurityBloggersNetwork" class="mention hashtag" rel="nofollow noopener" target="_blank">#SecurityBloggersNetwork</a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurityNews</a> <a href="https://social.skynetcloud.site/tags/SecurityBoulevard" class="mention hashtag" rel="nofollow noopener" target="_blank">#SecurityBoulevard</a> <a href="https://social.skynetcloud.site/tags/DigitalIdentity" class="mention hashtag" rel="nofollow noopener" target="_blank">#DigitalIdentity</a> <a href="https://social.skynetcloud.site/tags/Identity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Identity</a>&Access <a href="https://social.skynetcloud.site/tags/authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#authentication</a> <a href="https://social.skynetcloud.site/tags/infrastructure" class="mention hashtag" rel="nofollow noopener" target="_blank">#infrastructure</a> <a href="https://social.skynetcloud.site/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#authorization</a> <a href="https://social.skynetcloud.site/tags/BestPractices" class="mention hashtag" rel="nofollow noopener" target="_blank">#BestPractices</a> <a href="https://social.skynetcloud.site/tags/CIAM" class="mention hashtag" rel="nofollow noopener" target="_blank">#CIAM</a>

CybernewsHackers can craft a request, send it to the Asus router, and execute functions without authorization.<a href="https://infosec.exchange/tags/hack" class="mention hashtag" rel="nofollow noopener" target="_blank">#hack</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/Asus" class="mention hashtag" rel="nofollow noopener" target="_blank">#Asus</a> <a href="https://infosec.exchange/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#authorization</a> <a href="https://cnews.link/asus-routers-affected-by-critical-vulnerability-1/" rel="nofollow noopener" translate="no" target="_blank">https://cnews.link/asus-routers-affected-by-critical-vulnerability-1/</a>

Alvin Ashcraft 🐿️An Introduction to MCP and Authorization | Auth0.<a href="https://auth0.com/blog/an-introduction-to-mcp-and-authorization/" rel="nofollow noopener" translate="no" target="_blank">https://auth0.com/blog/an-introduction-to-mcp-and-authorization/</a> <a href="https://hachyderm.io/tags/ai" class="mention hashtag" rel="nofollow noopener" target="_blank">#ai</a> <a href="https://hachyderm.io/tags/mcp" class="mention hashtag" rel="nofollow noopener" target="_blank">#mcp</a> <a href="https://hachyderm.io/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#authorization</a> <a href="https://hachyderm.io/tags/aimodels" class="mention hashtag" rel="nofollow noopener" target="_blank">#aimodels</a>

Rod2ik 🇪🇺 🇨🇵 🇪🇸 🇺🇦 🇨🇦 🇩🇰 🇬🇱Le <a href="https://mastodon.social/tags/Royaume" class="mention hashtag" rel="nofollow noopener" target="_blank">#Royaume</a>-Uni <a href="https://mastodon.social/tags/UK" class="mention hashtag" rel="nofollow noopener" target="_blank">#UK</a> impose une taxe d’entrée aux <a href="https://mastodon.social/tags/Europ%C3%A9ens" class="mention hashtag" rel="nofollow noopener" target="_blank">#Européens</a>, une <a href="https://mastodon.social/tags/ETA" class="mention hashtag" rel="nofollow noopener" target="_blank">#ETA</a> <a href="https://mastodon.social/tags/Electronic" class="mention hashtag" rel="nofollow noopener" target="_blank">#Electronic</a> <a href="https://mastodon.social/tags/Travel" class="mention hashtag" rel="nofollow noopener" target="_blank">#Travel</a> <a href="https://mastodon.social/tags/Authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#Authorization</a> , ou <a href="https://mastodon.social/tags/Autorisation" class="mention hashtag" rel="nofollow noopener" target="_blank">#Autorisation</a> <a href="https://mastodon.social/tags/Electronique" class="mention hashtag" rel="nofollow noopener" target="_blank">#Electronique</a> de <a href="https://mastodon.social/tags/Voyage" class="mention hashtag" rel="nofollow noopener" target="_blank">#Voyage</a>Ça mériterait bien un petit <a href="https://mastodon.social/tags/Liberation" class="mention hashtag" rel="nofollow noopener" target="_blank">#Liberation</a> <a href="https://mastodon.social/tags/Day" class="mention hashtag" rel="nofollow noopener" target="_blank">#Day</a> et des <a href="https://mastodon.social/tags/taxes" class="mention hashtag" rel="nofollow noopener" target="_blank">#taxes</a> <a href="https://mastodon.social/tags/r%C3%A9ciproques" class="mention hashtag" rel="nofollow noopener" target="_blank">#réciproques</a> pour les <a href="https://mastodon.social/tags/citoyens" class="mention hashtag" rel="nofollow noopener" target="_blank">#citoyens</a> <a href="https://mastodon.social/tags/britanniques" class="mention hashtag" rel="nofollow noopener" target="_blank">#britanniques</a>.. (sorry guys..)<a href="https://www.ouest-france.fr/europe/royaume-uni/le-royaume-uni-impose-une-taxe-dentree-aux-europeens-88acf66e-0fd7-11f0-a359-3785f88c9270" rel="nofollow noopener" translate="no" target="_blank">https://www.ouest-france.fr/europe/royaume-uni/le-royaume-uni-impose-une-taxe-dentree-aux-europeens-88acf66e-0fd7-11f0-a359-3785f88c9270</a>

Pyrzout :vm:Next.js Middleware Flaw Lets Attackers Bypass Authorization <a href="https://hackread.com/next-js-middleware-flaw-bypass-authorization/" rel="nofollow noopener" translate="no" target="_blank">https://hackread.com/next-js-middleware-flaw-bypass-authorization/</a> <a href="https://social.skynetcloud.site/tags/Authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#Authorization</a> <a href="https://social.skynetcloud.site/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#Vulnerability</a> <a href="https://social.skynetcloud.site/tags/Middleware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Middleware</a> <a href="https://social.skynetcloud.site/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#Security</a> <a href="https://social.skynetcloud.site/tags/Nextjs" class="mention hashtag" rel="nofollow noopener" target="_blank">#Nextjs</a> <a href="https://social.skynetcloud.site/tags/React" class="mention hashtag" rel="nofollow noopener" target="_blank">#React</a>

Pyrzout :vm:Next.js Middleware Flaw Lets Attackers Bypass Authorization – Source:hackread.com <a href="https://ciso2ciso.com/next-js-middleware-flaw-lets-attackers-bypass-authorization-sourcehackread-com/" rel="nofollow noopener" translate="no" target="_blank">https://ciso2ciso.com/next-js-middleware-flaw-lets-attackers-bypass-authorization-sourcehackread-com/</a> <a href="https://social.skynetcloud.site/tags/1CyberSecurityNewsPost" class="mention hashtag" rel="nofollow noopener" target="_blank">#1CyberSecurityNewsPost</a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurityNews</a> <a href="https://social.skynetcloud.site/tags/Authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#Authorization</a> <a href="https://social.skynetcloud.site/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#Vulnerability</a> <a href="https://social.skynetcloud.site/tags/Middleware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Middleware</a> <a href="https://social.skynetcloud.site/tags/Hackread" class="mention hashtag" rel="nofollow noopener" target="_blank">#Hackread</a> <a href="https://social.skynetcloud.site/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://social.skynetcloud.site/tags/Nextjs" class="mention hashtag" rel="nofollow noopener" target="_blank">#Nextjs</a> <a href="https://social.skynetcloud.site/tags/React" class="mention hashtag" rel="nofollow noopener" target="_blank">#React</a>

Dan 🌈👋 Very stoked to announce that I will be speaking at <a href="https://hachyderm.io/tags/OWASP" class="mention hashtag" rel="nofollow noopener" target="_blank">#OWASP</a> <a href="https://hachyderm.io/tags/Snowfroc" class="mention hashtag" rel="nofollow noopener" target="_blank">#Snowfroc</a> this Friday at 11:00 in the Great Hall. The talk is entitled "Patterns of failure in modern <a href="https://hachyderm.io/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#authorization</a>" and it's mostly about why <a href="https://hachyderm.io/tags/authz" class="mention hashtag" rel="nofollow noopener" target="_blank">#authz</a> is getting harder (instead of easier). I'll be citing some academic research but also looking at some interesting examples of authz failure at some fairly large, well-known brands. Hope to see you there! 🎤p.s. I've never been to <a href="https://hachyderm.io/tags/Denver" class="mention hashtag" rel="nofollow noopener" target="_blank">#Denver</a> so looking forward to checking the city out a bit too. If you have suggestions for things to do (read: eat), let me know! 😄

Kevin Karhan :verified:<a href="https://cyberplace.social/@GossiTheDog" class="u-url mention" rel="nofollow noopener" target="_blank">@GossiTheDog</a> the sheer fact that <a href="https://infosec.space/tags/MSPs" class="mention hashtag" rel="nofollow noopener" target="_blank">#MSPs</a> & <a href="https://infosec.space/tags/CSPs" class="mention hashtag" rel="nofollow noopener" target="_blank">#CSPs</a> can access clients' setups without proper <a href="https://infosec.space/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#authorization</a> [including <a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#KYC</a> / <a href="https://infosec.space/tags/KYB" class="mention hashtag" rel="nofollow noopener" target="_blank">#KYB</a>, <a href="https://infosec.space/tags/AuthCode" class="mention hashtag" rel="nofollow noopener" target="_blank">#AuthCode</a>|s and proper authorization via contract] is already sickening.<ul><li><a href="https://cyberplace.social/@GossiTheDog/114104955818018205" rel="nofollow noopener" target="_blank">This</a> literally begs to be abused via <a href="https://infosec.space/tags/SocialEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#SocialEngineering</a> / <a href="https://infosec.space/tags/SocialHacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#SocialHacking</a> of <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft</a> personnel or just blatant "<a href="https://infosec.space/tags/PrivilegueEscalation" class="mention hashtag" rel="nofollow noopener" target="_blank">#PrivilegueEscalation</a>" through falsefully claiming to be a <a href="https://infosec.space/tags/MSP" class="mention hashtag" rel="nofollow noopener" target="_blank">#MSP</a> / <a href="https://infosec.space/tags/CSP" class="mention hashtag" rel="nofollow noopener" target="_blank">#CSP</a> contracted by the targeted company.</li></ul>Such fundamental <a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#ITsec</a> fuckups are reasons alone not to use <a href="https://infosec.space/tags/Azure" class="mention hashtag" rel="nofollow noopener" target="_blank">#Azure</a> or any <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft</a> products & services at all...<ul><li>I mean, it doesn't require <a href="https://infosec.space/tags/Mitnick" class="mention hashtag" rel="nofollow noopener" target="_blank">#Mitnick</a>-level skills to pull this off, since it doesn't necessitate <a href="https://infosec.space/tags/Lapsus" class="mention hashtag" rel="nofollow noopener" target="_blank">#Lapsus</a>-Style <a href="https://infosec.space/tags/SIMswap" class="mention hashtag" rel="nofollow noopener" target="_blank">#SIMswap</a> or other means to gain access...</li></ul>

Schneier on Security RSSDevice Code PhishingThis isn’t new, but it’s increasingly popular: The technique is known as devic... <a href="https://www.schneier.com/blog/archives/2025/02/device-code-phishing.html" rel="nofollow noopener" translate="no" target="_blank">https://www.schneier.com/blog/archives/2025/02/device-code-phishing.html</a> <a href="https://burn.capital/tags/authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#authentication</a> <a href="https://burn.capital/tags/Uncategorized" class="mention hashtag" rel="nofollow noopener" target="_blank">#Uncategorized</a> <a href="https://burn.capital/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#authorization</a> <a href="https://burn.capital/tags/phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#phishing</a> <a href="https://burn.capital/tags/Russia" class="mention hashtag" rel="nofollow noopener" target="_blank">#Russia</a>

Pyrzout :vm:Device Code Phishing – Source: www.schneier.com <a href="https://ciso2ciso.com/device-code-phishing-source-www-schneier-com/" rel="nofollow noopener" translate="no" target="_blank">https://ciso2ciso.com/device-code-phishing-source-www-schneier-com/</a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#rssfeedpostgeneratorecho</a> <a href="https://social.skynetcloud.site/tags/SchneierOnSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#SchneierOnSecurity</a> <a href="https://social.skynetcloud.site/tags/SchneieronSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#SchneieronSecurity</a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurityNews</a> <a href="https://social.skynetcloud.site/tags/authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#authentication</a> <a href="https://social.skynetcloud.site/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#authorization</a> <a href="https://social.skynetcloud.site/tags/Uncategorized" class="mention hashtag" rel="nofollow noopener" target="_blank">#Uncategorized</a> <a href="https://social.skynetcloud.site/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Phishing</a> <a href="https://social.skynetcloud.site/tags/Russia" class="mention hashtag" rel="nofollow noopener" target="_blank">#Russia</a>

Pyrzout :vm:Device Code Phishing <a href="https://www.schneier.com/blog/archives/2025/02/device-code-phishing.html" rel="nofollow noopener" translate="no" target="_blank">https://www.schneier.com/blog/archives/2025/02/device-code-phishing.html</a> <a href="https://social.skynetcloud.site/tags/authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#authentication</a> <a href="https://social.skynetcloud.site/tags/Uncategorized" class="mention hashtag" rel="nofollow noopener" target="_blank">#Uncategorized</a> <a href="https://social.skynetcloud.site/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#authorization</a> <a href="https://social.skynetcloud.site/tags/phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#phishing</a> <a href="https://social.skynetcloud.site/tags/Russia" class="mention hashtag" rel="nofollow noopener" target="_blank">#Russia</a>

Recent searches

Search options

Administered by:

Server stats:

#authorization