That is indeed the case.
Untrue, any valid access key pair set can call “GetSignInToken” and access the aws console.
Maybe I’m just an unimpressed security professional but I’ve still not seen evidence I’d call a breach. At least not a significant one if you want to argue sublantics. Workers at organizations get compromised all the…
The screenshots on the linked tweet make it look like okta dog foods their own product for access to various services and someone has access to one of their admin accounts. Which is bad, but that could mean “we phished…
AWS Backup does exist.
Implicit grant is depecrated, in the forthcoming OAuth 2.1 [1] standard this is solidified. We start using the language "public client" and "private client", where a public client is an OAuth client like a mobile app or…
I'm glad adblockers are back. I'm not sure if it ever truly left, but the moment there was a bit of resistance I was happy to jump ship to FF.
That is definitely not lost on me. Life imitates art.
Job Role/Further details are risky to discuss because this forum is read by my colleagues and likely the nerdier execs. I could leave it at I am someone very senior and actively involved in trying to tackle our problem,…
I think it represented poorly. It's more than just code in one system. It's systems built upon systems built upon systems. It encompasses our network, our software deployment stack, our proprietary extensions to…
I work in an huge enterprise. We have incredibly customized software and stacks that have not changed much for 30 years, because they did not need to. Now the people who wrote those stacks and who understand them are…
That's a great example, thank you for sharing it.
I actually have never seen it's kubernetes security platform. If it's using RQL for that I would take that as a redflag that it won't support much customization or logic that would allow you to tailor it to your…
Prisma cloud (the cloud monitoring part) is not a great product. It lags pretty far behind cloud provider capabilities. I also got the email that orca probably sent to everyone in their CRM about this, and while I…
You're responsible for managing the server in beanstalk, but it's not far off. I suppose it's just an earlier generation of the same idea. WHat I mean is, beanstalk runs on EC2 instances that you are responsible to make…
"You Can't Run Entire Applications". I mean, what are we really calling serverless. Many serverless platforms, like fargate allow you to bring a container image, and whatever happens in that container image is non of…
Bit, bite? I see what you did there
This was a great read, thank you for sharing. I deal with identity and federation problems all day at work because I am one of those annoying enterprise customers. We’re just getting our external openid connect…
Where in Canada is socializing banned?
I love how you're using workers there. I've been on workers for years (only for static content mind you) and it's super cool.
Hashicorp vault? You probably have more secrets than SSH to protect. If you’re on AWS also consider high value add built ins like EC2 instance connect or ssm session manager so you can manage host access via IAM.
I saw ssh keys and was ready to get on my moral high horse about ssh certs, only to read the article to be talked down. Nice guide!
This is neat, thank you for sharing. I'm using the publii default theme on my website and it ranks quite high. It said to get an even higher ranking I should consider denser content, which makes sense given I just moved…
Thank you for your replies and insight, it's really appreciated. The way I see it with SPA and tokens in JS accessible space is that you're exposing your users to the possibility of token theft and user impersonation if…
Storing tokens in cookies would be against the spec wouldn’t it? I’m not putting rfc6749 on some sort of pedestal, but it clearly states that the tokens are in the response body and not set in cookies. Do you have any…
That is indeed the case.
Untrue, any valid access key pair set can call “GetSignInToken” and access the aws console.
Maybe I’m just an unimpressed security professional but I’ve still not seen evidence I’d call a breach. At least not a significant one if you want to argue sublantics. Workers at organizations get compromised all the…
The screenshots on the linked tweet make it look like okta dog foods their own product for access to various services and someone has access to one of their admin accounts. Which is bad, but that could mean “we phished…
AWS Backup does exist.
Implicit grant is depecrated, in the forthcoming OAuth 2.1 [1] standard this is solidified. We start using the language "public client" and "private client", where a public client is an OAuth client like a mobile app or…
I'm glad adblockers are back. I'm not sure if it ever truly left, but the moment there was a bit of resistance I was happy to jump ship to FF.
That is definitely not lost on me. Life imitates art.
Job Role/Further details are risky to discuss because this forum is read by my colleagues and likely the nerdier execs. I could leave it at I am someone very senior and actively involved in trying to tackle our problem,…
I think it represented poorly. It's more than just code in one system. It's systems built upon systems built upon systems. It encompasses our network, our software deployment stack, our proprietary extensions to…
I work in an huge enterprise. We have incredibly customized software and stacks that have not changed much for 30 years, because they did not need to. Now the people who wrote those stacks and who understand them are…
That's a great example, thank you for sharing it.
I actually have never seen it's kubernetes security platform. If it's using RQL for that I would take that as a redflag that it won't support much customization or logic that would allow you to tailor it to your…
Prisma cloud (the cloud monitoring part) is not a great product. It lags pretty far behind cloud provider capabilities. I also got the email that orca probably sent to everyone in their CRM about this, and while I…
You're responsible for managing the server in beanstalk, but it's not far off. I suppose it's just an earlier generation of the same idea. WHat I mean is, beanstalk runs on EC2 instances that you are responsible to make…
"You Can't Run Entire Applications". I mean, what are we really calling serverless. Many serverless platforms, like fargate allow you to bring a container image, and whatever happens in that container image is non of…
Bit, bite? I see what you did there
This was a great read, thank you for sharing. I deal with identity and federation problems all day at work because I am one of those annoying enterprise customers. We’re just getting our external openid connect…
Where in Canada is socializing banned?
I love how you're using workers there. I've been on workers for years (only for static content mind you) and it's super cool.
Hashicorp vault? You probably have more secrets than SSH to protect. If you’re on AWS also consider high value add built ins like EC2 instance connect or ssm session manager so you can manage host access via IAM.
I saw ssh keys and was ready to get on my moral high horse about ssh certs, only to read the article to be talked down. Nice guide!
This is neat, thank you for sharing. I'm using the publii default theme on my website and it ranks quite high. It said to get an even higher ranking I should consider denser content, which makes sense given I just moved…
Thank you for your replies and insight, it's really appreciated. The way I see it with SPA and tokens in JS accessible space is that you're exposing your users to the possibility of token theft and user impersonation if…
Storing tokens in cookies would be against the spec wouldn’t it? I’m not putting rfc6749 on some sort of pedestal, but it clearly states that the tokens are in the response body and not set in cookies. Do you have any…