HackerTrans
TopNewTrendsCommentsPastAskShowJobs

authnopuz

no profile record

Submissions

Amazon Paused Rollout of Microsoft Office for a Year After Hacks

bloomberg.com
4 points·by authnopuz·2 anni fa·0 comments

comments

authnopuz
·2 mesi fa·discuss
Good but not necessarily better that was is already pay-as-you-go available today. ref. https://www.flyingpenguin.com/the-boy-that-cried-mythos-veri...

This AISLE benchmark is interesting in this matter: https://aisle.com/blog/ai-cybersecurity-after-mythos-the-jag...

And the recently discovered Copy Fail by Xint code is another proof that the gating is overblown: https://xint.io/blog/copy-fail-linux-distributions
authnopuz
·4 mesi fa·discuss
One of the Co-Authors here

There are two elements here. Agent can start a full authorization request with AS through authorization code grant flow, even requiring a step-up or some rich authorization details, therefore whatever OTP by SMS or Magic link is an AS - Subject/Client "problem".

For Agent that cannot start a full authorization request (too costly, to complex, subject directly unreachable at the moment), we have a mention to OpenID Connect CIBA into it. With it, the Agent will start a back channel authorization request with the AS and the AS will use a method of authentication / confirmation with the subject in front channel, for example sending a SMS or sending a link to click. Again the resolution will remain an AS - Subject/Client "problem".
authnopuz
·8 mesi fa·discuss
And to be fair, Liu Cixin's book is a 4 bodies problem :)
authnopuz
·8 mesi fa·discuss
Nightfall by Asimov was a 7 bodies problem - https://en.wikipedia.org/wiki/Nightfall_(Asimov_novelette_an...
authnopuz
·10 mesi fa·discuss
hug of death? I fear the temperature will get very high in his laundry room
authnopuz
·10 mesi fa·discuss
https://archive.is/HA7y4
authnopuz
·anno scorso·discuss
The authentication section is very bizarre, the Agent should go through an OAuth(2?) process to finally access server through an API Key? That sounds more painful than bringing a better state of security...
authnopuz
·anno scorso·discuss
Man, we all have been bluffed by this scene
authnopuz
·anno scorso·discuss
Another good source of NHI definitions, concepts, and threats https://nhimg.org/the-ultimate-guide-to-non-human-identities
authnopuz
·2 anni fa·discuss
If you consider the newest rfc9068: https://datatracker.ietf.org/doc/html/rfc9068 for JWT profiled Access Token, the list of discrepancies is even longer.
authnopuz
·2 anni fa·discuss
Hear. This one! So many of customers have been stabbed in the back with this one