|
Jeff Hodges / =JeffH
@
equalsJeffH
SFBay Area, CA, US
|
|
Vocational: Web (in)Security, Protocol Design, Online Identity. Avocational: Fatherhood and other endurance sports.
|
|
|
676
Tweetovi
|
186
Pratim
|
509
Osobe koje vas prate
|
| Tweetovi |
| Jeff Hodges / =JeffH proslijedio/la je tweet | ||
|
Alexei Czeskis
@aczeskis
|
30. sij |
|
If you want to do research on FIDO/WebAuthn, here is a cool new open-source platform for you. twitter.com/elie/status/12…
|
||
|
|
||
|
Jeff Hodges / =JeffH
@equalsJeffH
|
30. sij |
|
@threadreaderapp unroll
|
||
|
|
||
| Jeff Hodges / =JeffH proslijedio/la je tweet | ||
|
|
mark risher
@mrisher
|
30. sij |
|
Google loves security keys, and today announced an open source implementation to help spur further innovation from the security research community 1/ security.googleblog.com/2020/01/say-he….
|
||
|
|
||
|
Jeff Hodges / =JeffH
@equalsJeffH
|
20. pro |
|
PSA: Diff and summary of changes in WebAuthn L2 WD-02 relative to L2 FPWD (WD-01): lists.w3.org/Archives/Publi…
#webauthn #fidoalliance #w3c
|
||
|
|
||
| Jeff Hodges / =JeffH proslijedio/la je tweet | ||
|
Ricky Mondello
@rmondello
|
10. pro |
|
Happy WebAuthn for Safari on iOS day! iOS 13.3 is out! From the release notes (which you should quote instead of quoting me):
- Adds support for NFC, USB, and Lightning FIDO2-compliant security keys in Safari
|
||
|
|
||
| Jeff Hodges / =JeffH proslijedio/la je tweet | ||
|
|
OpenID
@openid
|
11. stu |
|
Implementer’s Draft of OpenID Connect for Identity Assurance Specification Approved openid.net/2019/11/11/imp… #OpenID #Connect #IdentityAssurance
|
||
|
|
||
|
Jeff Hodges / =JeffH
@equalsJeffH
|
6. stu |
|
big congrats to @nsatragno re #WebAuthn Virtual Authenticator w3c.github.io/webauthn/#sctn… in #Chrome via #webdriver w3.org/TR/webdriver/ ! She also authored #opensource Chrome extension github.com/google/virtual… materializing UI to create/manage virtual authnrs in the DevTools UI !
|
||
|
|
||
|
Jeff Hodges / =JeffH
@equalsJeffH
|
26. lis |
|
WT(cluster)F? (3) -- all this would be funnier if it didn't involve actual upcoming wind-event power shutoffs due to wildfire potential...
|
||
|
|
||
|
Jeff Hodges / =JeffH
@equalsJeffH
|
26. lis |
|
WT(cluster)F? (2) -- comcast redirects me here: block-prod.xais.apg.comcast.net/warn.html?url=…
for HTTP site, but trying HTTPS yields (in FF) SSL_ERROR_RX_RECORD_TOO_LONG and similar for other browsers. Also note that comcast's error page is itself insecure HTTP
|
||
|
|
||
|
Jeff Hodges / =JeffH
@equalsJeffH
|
26. lis |
|
WT(cluster)F? comcast is blocking (for me anyway) "pgecurrents.com" (ie the site Sam Mateo county's alert system is pointing folks to for pwr-outage info) as a malicious site...but pgecurrents is PGE's PR site, actual power outage info site is: pge.com/en_US/safety/e…
|
||
|
|
||
| Jeff Hodges / =JeffH proslijedio/la je tweet | ||
|
Parisa Tabriz
@laparisa
|
25. lis |
|
We're growing our @googlechrome OS/Chromebook security & privacy team!👩💻👨💻
If you know awesome product managers (careers.google.com/jobs/results/1…), engineers, or UXers that want to help us build a safer computing experience for all, get in touch with me or @afkuscher
|
||
|
|
||
|
Jeff Hodges / =JeffH
@equalsJeffH
|
21. lis |
|
@threadreaderapp unroll
|
||
|
|
||
|
Jeff Hodges / =JeffH
@equalsJeffH
|
21. lis |
|
this's been re-tweeted a ton already, but it's a really good & valuable (breadth & depth) article so I've gotta do this...
;-P twitter.com/Stammy/status/…
|
||
|
|
||
|
Jeff Hodges / =JeffH
@equalsJeffH
|
26. kol |
|
@threadreaderapp unroll
|
||
|
|
||
|
Jeff Hodges / =JeffH
@equalsJeffH
|
16. lip |
|
Great news... twitter.com/TruBluDevil/st…
|
||
|
|
||
| Jeff Hodges / =JeffH proslijedio/la je tweet | ||
|
Chrome Developers
@ChromiumDev
|
12. lip |
|
🚨 No, Chrome isn’t killing ad blockers – we’re making them safer: security.googleblog.com/2019/06/improv…
Content blockers are built on extension features that share too much data with the extension. Let's change that!
|
||
|
|
||
| Jeff Hodges / =JeffH proslijedio/la je tweet | ||
|
Justin Schuh 🤬
@justinschuh
|
12. lip |
|
I know that major API changes are always a pain for developers and they would rather not have to deal with them, but please keep in mind stats like "42% of malicious extensions use the Web Request API" when you're considering what we're trying to improve here.
|
||
|
|
||
| Jeff Hodges / =JeffH proslijedio/la je tweet | ||
|
Justin Schuh 🤬
@justinschuh
|
12. lip |
|
The second post is a deeper technical dive into the Web Request and Declarative Net Request APIs, explaining the advantages and tradeoffs of the new API versus the old one. blog.chromium.org/2019/06/web-re…
|
||
|
|
||
| Jeff Hodges / =JeffH proslijedio/la je tweet | ||
|
Justin Schuh 🤬
@justinschuh
|
12. lip |
|
We have two new posts out today addressing the confusion and misinformation surrounding what Chrome is doing with extensions. This first one gives context on the broader security, privacy and abuse considerations we're addressing. security.googleblog.com/2019/06/improv…
|
||
|
|
||
|
Jeff Hodges / =JeffH
@equalsJeffH
|
12. lip |
|
@threadreaderapp unroll
|
||
|
|
||