Hi all! I'm at @foss_north today, enjoying the super interesting talks about open source, development tools, and general nerdery.  I live to meet people and talk tech so please say hi if you see me. I'm wearing a white cap with a cute little monster on it. :)

Oh and I'm also speaking this afternoon about #authz as a dev workflow, so feel free to come through and learn something about that if you like.  

#foss #fossnorth #fossnorth2025

👋 Very stoked to announce that I will be speaking at #OWASP #Snowfroc this Friday at 11:00 in the Great Hall. The talk is entitled "Patterns of failure in modern #authorization" and it's mostly about why #authz is getting harder (instead of easier). I'll be citing some academic research but also looking at some interesting examples of authz failure at some fairly large, well-known brands. Hope to see you there! 🎤

p.s. I've never been to #Denver so looking forward to checking the city out a bit too. If you have suggestions for things to do (read: eat), let me know! 😄

Excited to be speaking at @fossasia
🚀 This year, I'm diving deep into Identity and Access Management (#IAM) for #OSS.

All are welcome and I encourage all knowledge levels to attend: Don't be intimidated by "advanced security"! I'm breaking down complex concepts into easy-to-understand explanations, with a historical perspective to give context.

1️⃣Explore #AuthN #AuthZ 🔐
2️⃣ @keycloak Primer 🌐
3️⃣Best Practices for #OSS 🛡️

#FOSSAsia2025

🎉 Last week of Hacktoberfest! 🎉 The OpenFGA community has several issues labeled for Hacktoberfest—perfect for newcomers and veterans alike. From quick doc fixes to tackling bugs, all contributions are welcome.
Jump in, contribute, and grab some Hacktoberfest swag while there's still time! Let's wrap up October with a strong open source push. 🛠️

🛠️ https://github.com/openfga

➡️ Learn about Hacktoberfest: https://hacktoberfest.com

#Hacktoberfest #OpenSource #OpenFGA #GoodFirstIssue #Authz

網路捷徑檔案安全機制繞過漏洞遭到利用超過一年，攻擊者用於散布數種竊資軟體 | iThome

A critical flaw in Docker Engine, tracked as CVE-2024-41110, allows attackers to bypass authorization plugins under specific conditions. This vulnerability, with a CVSS score of 10.0, indicates maximum severity. It involves exploiting an API request with a Content-Length set to 0, tricking the Docker daemon into forwarding the request without the body to the AuthZ plugin, potentially leading to incorrect approval of the request. This issue was initially discovered in 2018 and fixed in Docker Engine v18.09.1 in January 2019, but it wasn't applied to subsequent versions until recently. Versions affected include those up to v19.03.15, v20.10.27, v23.0.14, v24.0.9, v25.0.5, v26.0.2, v26.1.4, v27.0.3, and v27.1.0, assuming AuthZ is used for access control decisions. Users relying on AuthZ plugins are at risk unless they update to versions 23.0.14 and 27.1.0 released on July 23, 2024. Docker Desktop versions up to 4.32.0 are also affected, though the chance of exploitation is low due to the need for local access to the host and the absence of AuthZ plugins in default configurations. Docker advises updating to the latest version to mitigate potential threats.

https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/

#cybersecurity #docker #vulnerability #cve #authz #dockerengine #dockerdesktop #api #plugins #threat #update

[Перевод] Использование Verified Permissions для реализации точной авторизации в высоконагруженных приложениях

Техники оптимизации функции авторизации в современных веб-приложениях. В статье рассматриваются эффективные подходы к управлению точной авторизацией с использованием Amazon Verified Permissions ( читай Cedar Engine ). Вы узнаете о техниках пакетной авторизации и кэширования ответов, которые помогут значительно повысить производительность и отзывчивость приложений. Читать

https://habr.com/ru/companies/bercut/articles/829576/

#авторизация #bercut #беркут #authz #authorization #Policyascode #вебприложения #web_application

💡 TIL that authorizing individuals (not groups) in #argocd via #OIDC needs to be enabled by extending the OIDC scopes to "email".

The default in the helm charts is "groups".

Default: https://artifacthub.io/packages/helm/argo/argo-cd/7.1.3?modal=values&path=configs.rbac.scopes

Source: https://github.com/argoproj/argo-cd/issues/2424

#authZ