mastodontech.de ist einer von vielen unabhängigen Mastodon-Servern, mit dem du dich im Fediverse beteiligen kannst.
Offen für alle (über 16) und bereitgestellt von Markus'Blog

Serverstatistik:

1,5 Tsd.
aktive Profile

#authorization

0 Beiträge0 Beteiligte0 Beiträge heute
|7eter l-|. l3oling 🧰<p>Ann: Launched Open Collective for Ruby OAuth gems (oauth, oauth2, &amp; others)</p><p>I've been the primary maintainer of OAuth tools in Ruby since 2017. In this move toward supporting myself with open source work I need your help!<br><a href="https://opencollective.com/ruby-oauth" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">opencollective.com/ruby-oauth</span><span class="invisible"></span></a> <a href="https://ruby.social/tags/Ruby" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ruby</span></a> <a href="https://ruby.social/tags/OAuth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OAuth</span></a> <a href="https://ruby.social/tags/Authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authorization</span></a> <a href="https://ruby.social/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://ruby.social/tags/OIDC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OIDC</span></a></p>
Alvin Ashcraft 🐿️<p>Please Don't Write Your Own MCP Authorization Code | by Den Delimarsky.</p><p><a href="https://den.dev/blog/mcp-prm-auth/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">den.dev/blog/mcp-prm-auth/</span><span class="invisible"></span></a> </p><p><a href="https://hachyderm.io/tags/ai" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ai</span></a> <a href="https://hachyderm.io/tags/mcp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mcp</span></a> <a href="https://hachyderm.io/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authorization</span></a> <a href="https://hachyderm.io/tags/modelcontextprotocol" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>modelcontextprotocol</span></a> <a href="https://hachyderm.io/tags/aiagents" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>aiagents</span></a></p>
beSpacific<p>Trump’s effort, combined thrust of his other <a href="https://newsie.social/tags/constitutional" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>constitutional</span></a> transgressions, uniquely dangerous. No indication he gave any thought to seeking <a href="https://newsie.social/tags/congressional" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>congressional</span></a> <a href="https://newsie.social/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authorization</span></a>. As self-concerned, immature a commander-in-chief as country has had, he likely acted, as always, out of crass self-interest. <a href="https://newsie.social/tags/Israel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Israel</span></a> surprisingly successful <a href="https://newsie.social/tags/bombardment" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bombardment</span></a> of last week put him in position to be a winner by finishing off the job—very possibly the only thing that was in his <a href="https://newsie.social/tags/lizard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>lizard</span></a> <a href="https://newsie.social/tags/brain" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>brain</span></a>. <a href="https://harrylitman.substack.com/p/trumps-strike-on-iran-and-the-constitution" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">harrylitman.substack.com/p/tru</span><span class="invisible">mps-strike-on-iran-and-the-constitution</span></a></p>
beSpacific<p><a href="https://newsie.social/tags/Trump" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Trump</span></a> faces <a href="https://newsie.social/tags/bipartisan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bipartisan</span></a> blowback in <a href="https://newsie.social/tags/Congress" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Congress</span></a> on <a href="https://newsie.social/tags/Iran" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Iran</span></a> strikes Why it matters: While most <a href="https://newsie.social/tags/congressional" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>congressional</span></a> <a href="https://newsie.social/tags/Republicans" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Republicans</span></a> some pro-Israel <a href="https://newsie.social/tags/Democrats" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Democrats</span></a> are praising President Trump's strikes on <a href="https://newsie.social/tags/Iranian" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Iranian</span></a> <a href="https://newsie.social/tags/nuclear" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nuclear</span></a> facilities, pockets of <a href="https://newsie.social/tags/opposition" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opposition</span></a> are already emerging over whether he needed congressional <a href="https://newsie.social/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authorization</span></a> for such a <a href="https://newsie.social/tags/provocative" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>provocative</span></a> use of <a href="https://newsie.social/tags/military" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>military</span></a> <a href="https://newsie.social/tags/force" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>force</span></a>. Yes, he did need Congressional <a href="https://newsie.social/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authorization</span></a>..why is there even a question. <a href="https://newsie.social/tags/warpowers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>warpowers</span></a> <a href="https://newsie.social/tags/foreign" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>foreign</span></a> <a href="https://newsie.social/tags/policy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>policy</span></a> <a href="https://newsie.social/tags/retaliation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>retaliation</span></a> <a href="https://newsie.social/tags/democracy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>democracy</span></a> <a href="https://newsie.social/tags/war" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>war</span></a></p>
Shubham Tiwari<p>🚀 Mastering API Handling in React &amp; Vanilla JS – One Step at a Time!</p><p>This week, I deep-dived into handling APIs in React and Vanilla JavaScript – not just fetching data, but doing it efficiently and securely which includes: Fetch, CRUD, Query Params, Auth, and AbortController Explained</p><p><a href="https://mastodon.social/tags/ReactJS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ReactJS</span></a> <a href="https://mastodon.social/tags/JavaScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JavaScript</span></a> <a href="https://mastodon.social/tags/WebDevelopment" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebDevelopment</span></a> <a href="https://mastodon.social/tags/Frontend" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Frontend</span></a> <a href="https://mastodon.social/tags/APIs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>APIs</span></a> <a href="https://mastodon.social/tags/AbortController" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AbortController</span></a> <a href="https://mastodon.social/tags/Authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authentication</span></a> <a href="https://mastodon.social/tags/Authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authorization</span></a> <a href="https://mastodon.social/tags/AsyncAwait" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AsyncAwait</span></a> <a href="https://mastodon.social/tags/LinkedInLearning" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LinkedInLearning</span></a> <a href="https://mastodon.social/tags/100DaysOfCode" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>100DaysOfCode</span></a></p><p><a href="https://dev.to/shubhamtiwari909/handling-apis-in-frontend-a-complete-guide-fmo" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dev.to/shubhamtiwari909/handli</span><span class="invisible">ng-apis-in-frontend-a-complete-guide-fmo</span></a></p>
🤘 The Metal Dog 🤘<p><a href="https://mastodon.themetaldog.net/tags/TheMetalDogArticleList" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TheMetalDogArticleList</span></a><br><a href="https://mastodon.themetaldog.net/tags/Blabbermouth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Blabbermouth</span></a><br>NANCY WILSON Says TRUMP's Military Parade Used HEART's 'Barracuda' 'Without Permission Or Authorization'</p><p><a href="https://blabbermouth.net/news/nancy-wilson-says-trumps-military-parade-used-hearts-barracuda-without-permission-or-authorization" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blabbermouth.net/news/nancy-wi</span><span class="invisible">lson-says-trumps-military-parade-used-hearts-barracuda-without-permission-or-authorization</span></a></p><p><a href="https://mastodon.themetaldog.net/tags/NancyWilson" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NancyWilson</span></a> <a href="https://mastodon.themetaldog.net/tags/Trump" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Trump</span></a> <a href="https://mastodon.themetaldog.net/tags/HEART" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HEART</span></a> <a href="https://mastodon.themetaldog.net/tags/Barracuda" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Barracuda</span></a> <a href="https://mastodon.themetaldog.net/tags/MilitaryParade" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MilitaryParade</span></a> <a href="https://mastodon.themetaldog.net/tags/WashingtonDC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WashingtonDC</span></a> <a href="https://mastodon.themetaldog.net/tags/USArmy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>USArmy</span></a> <a href="https://mastodon.themetaldog.net/tags/DonaldTrump" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DonaldTrump</span></a> <a href="https://mastodon.themetaldog.net/tags/MusicLicensing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MusicLicensing</span></a> <a href="https://mastodon.themetaldog.net/tags/Authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authorization</span></a></p>
beSpacific<p>Vial military.com - Guard troops unpaid and in limbo: Over 4,000 <a href="https://newsie.social/tags/California" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>California</span></a> <a href="https://newsie.social/tags/NationalGuard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NationalGuard</span></a> <a href="https://newsie.social/tags/soldiers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>soldiers</span></a> deployed to <a href="https://newsie.social/tags/LosAngeles" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LosAngeles</span></a> remain unpaid due to delays in official activation orders, leaving their pay, benefits, and legal status uncertain. <a href="https://newsie.social/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authorization</span></a> <a href="https://newsie.social/tags/orders" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>orders</span></a> <a href="https://newsie.social/tags/pentagon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentagon</span></a> <a href="https://newsie.social/tags/DHS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DHS</span></a> <a href="https://newsie.social/tags/immigration" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>immigration</span></a> <a href="https://newsie.social/tags/civilliberties" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>civilliberties</span></a> <a href="https://newsie.social/tags/logistics" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>logistics</span></a> <a href="https://newsie.social/tags/hegseth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hegseth</span></a> Poor planning &amp; conditions: Troops report chaotic logistics w some sleeping outdoors on cots, facing inconsistent access to <a href="https://newsie.social/tags/food" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>food</span></a>, <a href="https://newsie.social/tags/fuel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fuel</span></a>, hastily organized <a href="https://newsie.social/tags/mission" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mission</span></a> <a href="https://newsie.social/tags/trump" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>trump</span></a></p>
Bytes Europe<p>Health clinics make house calls on immigrant patients afraid to leave home <a href="https://www.byteseu.com/1041014/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">byteseu.com/1041014/</span><span class="invisible"></span></a> <a href="https://pubeurope.com/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authorization</span></a> <a href="https://pubeurope.com/tags/BukolaOlusanya" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BukolaOlusanya</span></a> <a href="https://pubeurope.com/tags/clinic" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>clinic</span></a> <a href="https://pubeurope.com/tags/CommunityHealthCenter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CommunityHealthCenter</span></a> <a href="https://pubeurope.com/tags/country" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>country</span></a> <a href="https://pubeurope.com/tags/fear" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fear</span></a> <a href="https://pubeurope.com/tags/Health" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Health</span></a> <a href="https://pubeurope.com/tags/Home" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Home</span></a> <a href="https://pubeurope.com/tags/HouseCall" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HouseCall</span></a> <a href="https://pubeurope.com/tags/ImmigrantCommunity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ImmigrantCommunity</span></a> <a href="https://pubeurope.com/tags/LosAngelesTimes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LosAngelesTimes</span></a> <a href="https://pubeurope.com/tags/patient" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>patient</span></a> <a href="https://pubeurope.com/tags/people" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>people</span></a> <a href="https://pubeurope.com/tags/ServiceImmigrant" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ServiceImmigrant</span></a> <a href="https://pubeurope.com/tags/St" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>St</span></a>.John <a href="https://pubeurope.com/tags/U" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>U</span></a>.S.Immigration</p>

👋 Very stoked to announce that I will be speaking at #OWASP #Snowfroc this Friday at 11:00 in the Great Hall. The talk is entitled "Patterns of failure in modern #authorization" and it's mostly about why #authz is getting harder (instead of easier). I'll be citing some academic research but also looking at some interesting examples of authz failure at some fairly large, well-known brands. Hope to see you there! 🎤

p.s. I've never been to #Denver so looking forward to checking the city out a bit too. If you have suggestions for things to do (read: eat), let me know! 😄

Antwortete im Thread

@GossiTheDog the sheer fact that #MSPs & #CSPs can access clients' setups without proper #authorization [including #KYC / #KYB, #AuthCode|s and proper authorization via contract] is already sickening.

Such fundamental #ITsec fuckups are reasons alone not to use #Azure or any #Microsoft products & services at all...

  • I mean, it doesn't require #Mitnick-level skills to pull this off, since it doesn't necessitate #Lapsus-Style #SIMswap or other means to gain access...
CyberplaceKevin Beaumont (@GossiTheDog@cyberplace.social)Angehängt: 3 Bilder This is the partner.microsoft.com portal, it allows CSPs - Cloud Solution Providers - to gain access to their customer's environments. CVE-2024-49035 was around improper privilege management, i.e. being able to access things you shouldn't. It being in CISA KEV says it was being exploited in the wild. That portal allows a huge footprint of access by design.

A big source of confusion & security issues & tech debt, comes from devs not understanding the difference between #Authorization and #Authentication.

Amplified by libraries bodging them together. Or naming it "auth".

But worse is when official protocols start mixing them up:

> Authorization Server – the place where, in a pure OAuth 2.0 authorization flow, end-users authorize third-party applications to act on their behalf; or, in an OpenID Connect flow, where end-users authenticate.