Ō̴̡̨͍͕̠̹̘͖͓̭̝̰̖͉̬̫͍̝̰̟͖͖̞͇̟̻̫͇̠̯̋̋̂ͅͅA̷̡̧͎̫̬͖̠͍̼̗̠͊̉̏̓̈́̂̀̈́͆͘͜uth @oktadev oauth.wtf oauth.net 🎥 livestreaming youtube.com/aaronpk aaronpk.tv 💛 #indieweb 🐘🦋
Portland, Oregon
Joined April 2008
- Tweets 11,388
- Following 1,223
- Followers 6,415
- Likes 9,609
We're in an apartment so there's some building wide filtering for the hallway. Keeping all outside doors/windows closed, and running an AC. No special filters tho.
1
Fun Friday night project: set up a PM2.5 sensor inside and hooked it up to my home automation hub, and now have a display on the wall showing the terrible terrible inside and outside AQI
4
2
26
It's an iPad with Magic Mirror running in kiosk mode magicmirror.builders
2
I just might do that haha. The shirt i'm wearing today says "I find your lack of security disturbing"
2
tbh it's like the "security" involved in writing checks, it's best if you don't think too much about it
1
1
The browser doesn't have access to the MAC. Google *could* (and probably is) checking the IP address, but it's all heuristics because your IP address may change at any time, e.g. cell phones have very unstable IPs, hop in a plane and land with an IP from another country, etc.
💯
There aren't really any other tools browsers can use for this right now. The process of logging in looks like basically: you type your password in google, google gives you back a cookie, your browser makes a request with that cookie and the server knows who it's for.
1
Interestingly that doesn't even matter for this since it wasn't the "normal" phishing style attack. Don't open files you download is the only safe thing, or open them on a machine that isn't logged in to anything. That obvs isn't practical, so it's a lot harder in practice.
1
No, the cookies are how the browser is logged in to google. No passwords needed, 2fa doesn't matter. I'm thinking I might need to make a video on this.
2
2