med-mastodon.com is one of the many independent Mastodon servers you can use to participate in the fediverse.
Medical community on Mastodon

Administered by:

Server stats:

354
active users

#authorization

0 posts0 participants0 posts today
Alvin Ashcraft 🐿️<p>OAuth 2.0 Access Tokens and the Principle of Least Privilege | by Andrea Chiarelli.</p><p><a href="https://auth0.com/blog/oauth2-access-tokens-and-principle-of-least-privilege/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">auth0.com/blog/oauth2-access-t</span><span class="invisible">okens-and-principle-of-least-privilege/</span></a> </p><p><a href="https://hachyderm.io/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authorization</span></a> <a href="https://hachyderm.io/tags/oauth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>oauth</span></a> <a href="https://hachyderm.io/tags/auth0" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>auth0</span></a></p>
Bill<p>Here's a new-to-me password spray tool that looks a hell of a lot more functional that Burp Intruder.</p><p><a href="https://github.com/blacklanternsecurity/TREVORspray" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/blacklanternsecurit</span><span class="invisible">y/TREVORspray</span></a></p><p><a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentest</span></a> <a href="https://infosec.exchange/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authorization</span></a></p>
Serge from Babka<p>Another approach would be if Alice could generate multiple Passkeys and hand them out to individuals she trusts, and then retaining the ability to revoke them. Sadly many sites don't yet support Passkeys, and this model still lets someone like Mal revoke Alice's access, so that's not great.</p><p>Bitwarden has a feature whereby Alice can share a password with Eve but not let her see it or export it. This could work pretty well, except that if the site requires 2FA from a SMS text message (vs TOTP or a token) or if Eve has the knowhow to intercept the password.</p><p>I still think that what we ultimately want is attenuated scopes because then we can track all actions by the delegated party.</p><p>I do wonder if this need is niche or if the current solution of "good faith password sharing" works well enough often enough that it's not risen to the level of concern for developers.</p><p>2/2</p><p><a href="https://babka.social/tags/Authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authentication</span></a> <a href="https://babka.social/tags/Authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authorization</span></a> <a href="https://babka.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://babka.social/tags/Passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passwords</span></a> <a href="https://babka.social/tags/Passwordless" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passwordless</span></a> <a href="https://babka.social/tags/Programming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Programming</span></a></p>
Serge from Babka<p>I've been thinking about delegated authority on websites lately.</p><p>It would be convenient if I could delegate certain functions to people, for example allowing someone like my accountant to have access to some of my financial records.</p><p>Some organizations make this easy, allowing me to have multiple accounts.</p><p>Other services don't offer this, nor do they offer any kind of OAuth type of delegated authorization or capabilities model.</p><p>I've been thinking about ways around this.</p><p>One very wacky way would be if Alice could have a a "special browser" that would tie into some service she runs. Bob would log in with his credentials and then behind the scenes the application logs in as Alice.</p><p>This would be very complicated to implement though.</p><p>1/</p><p><a href="https://babka.social/tags/Authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authentication</span></a> <a href="https://babka.social/tags/Authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authorization</span></a> <a href="https://babka.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://babka.social/tags/Passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passwords</span></a> <a href="https://babka.social/tags/Passwordless" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passwordless</span></a> <a href="https://babka.social/tags/Programming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Programming</span></a></p>
Alvin Ashcraft 🐿️<p>Please Don't Write Your Own MCP Authorization Code | by Den Delimarsky.</p><p><a href="https://den.dev/blog/mcp-prm-auth/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">den.dev/blog/mcp-prm-auth/</span><span class="invisible"></span></a> </p><p><a href="https://hachyderm.io/tags/ai" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ai</span></a> <a href="https://hachyderm.io/tags/mcp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mcp</span></a> <a href="https://hachyderm.io/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authorization</span></a> <a href="https://hachyderm.io/tags/modelcontextprotocol" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>modelcontextprotocol</span></a> <a href="https://hachyderm.io/tags/aiagents" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>aiagents</span></a></p>
beSpacific<p>Trump’s effort, combined thrust of his other <a href="https://newsie.social/tags/constitutional" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>constitutional</span></a> transgressions, uniquely dangerous. No indication he gave any thought to seeking <a href="https://newsie.social/tags/congressional" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>congressional</span></a> <a href="https://newsie.social/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authorization</span></a>. As self-concerned, immature a commander-in-chief as country has had, he likely acted, as always, out of crass self-interest. <a href="https://newsie.social/tags/Israel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Israel</span></a> surprisingly successful <a href="https://newsie.social/tags/bombardment" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bombardment</span></a> of last week put him in position to be a winner by finishing off the job—very possibly the only thing that was in his <a href="https://newsie.social/tags/lizard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>lizard</span></a> <a href="https://newsie.social/tags/brain" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>brain</span></a>. <a href="https://harrylitman.substack.com/p/trumps-strike-on-iran-and-the-constitution" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">harrylitman.substack.com/p/tru</span><span class="invisible">mps-strike-on-iran-and-the-constitution</span></a></p>
beSpacific<p><a href="https://newsie.social/tags/Trump" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Trump</span></a> faces <a href="https://newsie.social/tags/bipartisan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bipartisan</span></a> blowback in <a href="https://newsie.social/tags/Congress" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Congress</span></a> on <a href="https://newsie.social/tags/Iran" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Iran</span></a> strikes Why it matters: While most <a href="https://newsie.social/tags/congressional" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>congressional</span></a> <a href="https://newsie.social/tags/Republicans" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Republicans</span></a> some pro-Israel <a href="https://newsie.social/tags/Democrats" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Democrats</span></a> are praising President Trump's strikes on <a href="https://newsie.social/tags/Iranian" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Iranian</span></a> <a href="https://newsie.social/tags/nuclear" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nuclear</span></a> facilities, pockets of <a href="https://newsie.social/tags/opposition" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opposition</span></a> are already emerging over whether he needed congressional <a href="https://newsie.social/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authorization</span></a> for such a <a href="https://newsie.social/tags/provocative" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>provocative</span></a> use of <a href="https://newsie.social/tags/military" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>military</span></a> <a href="https://newsie.social/tags/force" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>force</span></a>. Yes, he did need Congressional <a href="https://newsie.social/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authorization</span></a>..why is there even a question. <a href="https://newsie.social/tags/warpowers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>warpowers</span></a> <a href="https://newsie.social/tags/foreign" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>foreign</span></a> <a href="https://newsie.social/tags/policy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>policy</span></a> <a href="https://newsie.social/tags/retaliation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>retaliation</span></a> <a href="https://newsie.social/tags/democracy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>democracy</span></a> <a href="https://newsie.social/tags/war" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>war</span></a></p>
Shubham Tiwari<p>🚀 Mastering API Handling in React &amp; Vanilla JS – One Step at a Time!</p><p>This week, I deep-dived into handling APIs in React and Vanilla JavaScript – not just fetching data, but doing it efficiently and securely which includes: Fetch, CRUD, Query Params, Auth, and AbortController Explained</p><p><a href="https://mastodon.social/tags/ReactJS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ReactJS</span></a> <a href="https://mastodon.social/tags/JavaScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JavaScript</span></a> <a href="https://mastodon.social/tags/WebDevelopment" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebDevelopment</span></a> <a href="https://mastodon.social/tags/Frontend" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Frontend</span></a> <a href="https://mastodon.social/tags/APIs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>APIs</span></a> <a href="https://mastodon.social/tags/AbortController" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AbortController</span></a> <a href="https://mastodon.social/tags/Authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authentication</span></a> <a href="https://mastodon.social/tags/Authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authorization</span></a> <a href="https://mastodon.social/tags/AsyncAwait" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AsyncAwait</span></a> <a href="https://mastodon.social/tags/LinkedInLearning" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LinkedInLearning</span></a> <a href="https://mastodon.social/tags/100DaysOfCode" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>100DaysOfCode</span></a></p><p><a href="https://dev.to/shubhamtiwari909/handling-apis-in-frontend-a-complete-guide-fmo" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dev.to/shubhamtiwari909/handli</span><span class="invisible">ng-apis-in-frontend-a-complete-guide-fmo</span></a></p>
beSpacific<p>Vial military.com - Guard troops unpaid and in limbo: Over 4,000 <a href="https://newsie.social/tags/California" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>California</span></a> <a href="https://newsie.social/tags/NationalGuard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NationalGuard</span></a> <a href="https://newsie.social/tags/soldiers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>soldiers</span></a> deployed to <a href="https://newsie.social/tags/LosAngeles" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LosAngeles</span></a> remain unpaid due to delays in official activation orders, leaving their pay, benefits, and legal status uncertain. <a href="https://newsie.social/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authorization</span></a> <a href="https://newsie.social/tags/orders" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>orders</span></a> <a href="https://newsie.social/tags/pentagon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentagon</span></a> <a href="https://newsie.social/tags/DHS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DHS</span></a> <a href="https://newsie.social/tags/immigration" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>immigration</span></a> <a href="https://newsie.social/tags/civilliberties" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>civilliberties</span></a> <a href="https://newsie.social/tags/logistics" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>logistics</span></a> <a href="https://newsie.social/tags/hegseth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hegseth</span></a> Poor planning &amp; conditions: Troops report chaotic logistics w some sleeping outdoors on cots, facing inconsistent access to <a href="https://newsie.social/tags/food" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>food</span></a>, <a href="https://newsie.social/tags/fuel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fuel</span></a>, hastily organized <a href="https://newsie.social/tags/mission" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mission</span></a> <a href="https://newsie.social/tags/trump" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>trump</span></a></p>
Who Let The Dogs Out 🐾<p><a href="https://mastodon.ml/tags/android" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>android</span></a> <a href="https://mastodon.ml/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> <a href="https://mastodon.ml/tags/foss" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>foss</span></a> <a href="https://mastodon.ml/tags/authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentication</span></a> <a href="https://mastodon.ml/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authorization</span></a> <a href="https://mastodon.ml/tags/sso" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sso</span></a> <a href="https://mastodon.ml/tags/iam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iam</span></a></p><p>GitHub - casbin/awesome-auth: 📊 Software and Libraries for Authentication &amp; Authorization &amp; SSO &amp; IAM</p><p><a href="https://github.com/casbin/awesome-auth" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/casbin/awesome-auth</span><span class="invisible"></span></a></p>
Cybernews<p>Hackers can craft a request, send it to the Asus router, and execute functions without authorization.</p><p><a href="https://infosec.exchange/tags/hack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hack</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/Asus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Asus</span></a> <a href="https://infosec.exchange/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authorization</span></a> </p><p><a href="https://cnews.link/asus-routers-affected-by-critical-vulnerability-1/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cnews.link/asus-routers-affect</span><span class="invisible">ed-by-critical-vulnerability-1/</span></a></p>
Alvin Ashcraft 🐿️<p>An Introduction to MCP and Authorization | Auth0.</p><p><a href="https://auth0.com/blog/an-introduction-to-mcp-and-authorization/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">auth0.com/blog/an-introduction</span><span class="invisible">-to-mcp-and-authorization/</span></a> </p><p><a href="https://hachyderm.io/tags/ai" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ai</span></a> <a href="https://hachyderm.io/tags/mcp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mcp</span></a> <a href="https://hachyderm.io/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authorization</span></a> <a href="https://hachyderm.io/tags/aimodels" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>aimodels</span></a></p>
Rod2ik 🇪🇺 🇨🇵 🇪🇸 🇺🇦 🇨🇦 🇩🇰 🇬🇱<p>Le <a href="https://mastodon.social/tags/Royaume" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Royaume</span></a>-Uni <a href="https://mastodon.social/tags/UK" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UK</span></a> impose une taxe d’entrée aux <a href="https://mastodon.social/tags/Europ%C3%A9ens" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Européens</span></a>, une <a href="https://mastodon.social/tags/ETA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ETA</span></a> <a href="https://mastodon.social/tags/Electronic" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Electronic</span></a> <a href="https://mastodon.social/tags/Travel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Travel</span></a> <a href="https://mastodon.social/tags/Authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authorization</span></a> , ou <a href="https://mastodon.social/tags/Autorisation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Autorisation</span></a> <a href="https://mastodon.social/tags/Electronique" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Electronique</span></a> de <a href="https://mastodon.social/tags/Voyage" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Voyage</span></a></p><p>Ça mériterait bien un petit <a href="https://mastodon.social/tags/Liberation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Liberation</span></a> <a href="https://mastodon.social/tags/Day" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Day</span></a> et des <a href="https://mastodon.social/tags/taxes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>taxes</span></a> <a href="https://mastodon.social/tags/r%C3%A9ciproques" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>réciproques</span></a> pour les <a href="https://mastodon.social/tags/citoyens" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>citoyens</span></a> <a href="https://mastodon.social/tags/britanniques" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>britanniques</span></a>.. (sorry guys..)</p><p><a href="https://www.ouest-france.fr/europe/royaume-uni/le-royaume-uni-impose-une-taxe-dentree-aux-europeens-88acf66e-0fd7-11f0-a359-3785f88c9270" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">ouest-france.fr/europe/royaume</span><span class="invisible">-uni/le-royaume-uni-impose-une-taxe-dentree-aux-europeens-88acf66e-0fd7-11f0-a359-3785f88c9270</span></a></p>
Europe Says<p><a href="https://www.europesays.com/1905498/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">europesays.com/1905498/</span><span class="invisible"></span></a> Brookfield Wealth Solutions Subsidiary Receives Authorization in the United Kingdom <a href="https://pubeurope.com/tags/Authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authorization</span></a> <a href="https://pubeurope.com/tags/brookfield" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>brookfield</span></a> <a href="https://pubeurope.com/tags/GreatBritain" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GreatBritain</span></a> <a href="https://pubeurope.com/tags/in" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>in</span></a> <a href="https://pubeurope.com/tags/kingdom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kingdom</span></a> <a href="https://pubeurope.com/tags/receives" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>receives</span></a> <a href="https://pubeurope.com/tags/solutions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>solutions</span></a> <a href="https://pubeurope.com/tags/subsidiary" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>subsidiary</span></a> <a href="https://pubeurope.com/tags/the" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>the</span></a> <a href="https://pubeurope.com/tags/United" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>United</span></a> <a href="https://pubeurope.com/tags/UnitedKingdom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UnitedKingdom</span></a> <a href="https://pubeurope.com/tags/wealth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wealth</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://cyberplace.social/@GossiTheDog" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>GossiTheDog</span></a></span> the sheer fact that <a href="https://infosec.space/tags/MSPs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MSPs</span></a> &amp; <a href="https://infosec.space/tags/CSPs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CSPs</span></a> can access clients' setups without proper <a href="https://infosec.space/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authorization</span></a> [including <a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KYC</span></a> / <a href="https://infosec.space/tags/KYB" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KYB</span></a>, <a href="https://infosec.space/tags/AuthCode" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AuthCode</span></a>|s and proper authorization via contract] is already sickening.</p><ul><li><a href="https://cyberplace.social/@GossiTheDog/114104955818018205" rel="nofollow noopener" target="_blank">This</a> literally <em>begs to be abused</em> via <a href="https://infosec.space/tags/SocialEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SocialEngineering</span></a> / <a href="https://infosec.space/tags/SocialHacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SocialHacking</span></a> of <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> personnel or just blatant <em>"<a href="https://infosec.space/tags/PrivilegueEscalation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PrivilegueEscalation</span></a>"</em> through falsefully claiming to be a <a href="https://infosec.space/tags/MSP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MSP</span></a> / <a href="https://infosec.space/tags/CSP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CSP</span></a> contracted by the targeted company.</li></ul><p>Such fundamental <a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITsec</span></a> fuckups are reasons alone not to use <a href="https://infosec.space/tags/Azure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Azure</span></a> or any <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> products &amp; services <em>at all</em>...</p><ul><li>I mean, it doesn't require <a href="https://infosec.space/tags/Mitnick" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mitnick</span></a>-level skills to pull this off, since it doesn't necessitate <a href="https://infosec.space/tags/Lapsus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Lapsus</span></a>-Style <a href="https://infosec.space/tags/SIMswap" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIMswap</span></a> or other means to gain access...</li></ul>
damienbod<p>New Microsoft docs: Configure JWT bearer authentication in ASP.NET Core</p><p><a href="https://learn.microsoft.com/aspnet/core/security/authentication/configure-jwt-bearer-authentication" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">learn.microsoft.com/aspnet/cor</span><span class="invisible">e/security/authentication/configure-jwt-bearer-authentication</span></a></p><p><a href="https://mastodon.social/tags/jwt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jwt</span></a> <a href="https://mastodon.social/tags/aspnetcore" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>aspnetcore</span></a> <a href="https://mastodon.social/tags/dotnet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dotnet</span></a> <a href="https://mastodon.social/tags/oidc" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>oidc</span></a> <a href="https://mastodon.social/tags/bearer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bearer</span></a> <a href="https://mastodon.social/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authorization</span></a> <a href="https://mastodon.social/tags/access" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>access</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a></p><p>Thanks Mike Kistler Rick Anderson Stephen Halter</p>
Bill<p>Wow, dumpster fire much, WordPress? They can't BUY some good news. In case we forgot with all of the other drama, the plugin ecosystem is a trash heap too.</p><p><a href="https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/w3-total-cache/w3-total-cache-281-authenticated-subscriber-missing-authorization-to-server-side-request-forgery" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">wordfence.com/threat-intel/vul</span><span class="invisible">nerabilities/wordpress-plugins/w3-total-cache/w3-total-cache-281-authenticated-subscriber-missing-authorization-to-server-side-request-forgery</span></a></p><p><a href="https://infosec.exchange/tags/wordpress" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wordpress</span></a> <a href="https://infosec.exchange/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authorization</span></a></p>
Linda, hanging on by a thread<p>In 2022, hospitals and other <a href="https://med-mastodon.com/tags/healthcare" class="mention hashtag" rel="tag">#<span>healthcare</span></a> facilities spent an eye-watering $20 billion trying to get <a href="https://med-mastodon.com/tags/authorization" class="mention hashtag" rel="tag">#<span>authorization</span></a> for claims that were denied. TWENTY BILLION DOLLARS. And over half are eventually paid anyway. What a colossal waste of money. Our system could cost so much less if we didn’t have to fight for-profit <a href="https://med-mastodon.com/tags/insurance" class="mention hashtag" rel="tag">#<span>insurance</span></a>.</p><p><a href="https://www.medscape.com/viewarticle/why-insurers-keep-denying-claims-and-what-do-2024a1000ndb?ecd=wnl_tp10_daily_250102_MSCPEDIT_etid7100755&amp;uac=159926DX&amp;impID=7100755" target="_blank" rel="nofollow noopener" translate="no"><span class="invisible">https://www.</span><span class="ellipsis">medscape.com/viewarticle/why-i</span><span class="invisible">nsurers-keep-denying-claims-and-what-do-2024a1000ndb?ecd=wnl_tp10_daily_250102_MSCPEDIT_etid7100755&amp;uac=159926DX&amp;impID=7100755</span></a></p>