#email #authentication #spf #specimen #spoof
As I try to find a job, I got email from apparent recruiter and I feel something is odd. So I want to authenticate the email.
The address is like no-reply@example.com
Headers show it was received from
smtp.email.us-phoenix.ocs.oraclecloud.com
With IP address: 192.184.11.189
From what I read in RFC, I think the A, MX, and SPF records are a no match, but I'm no pro nor expert. I value input. Got records on PNG below
I'M TROUBLED BY THE FOLLOWING:
The email was sent using oraclecloud servers, and when I checked the SPF records using the MXTOOLBOX.COM
I see what I think would be other authorized domains
v=spf1 exists:%{i}._i.%{d}._d.espf.agari-dns.net include:%{d}.ff.spf-protect.agari-dns.net include:_spf.salesforce.com include:spf.somedomain.com include:spf-d.somedomain.com include:spf-c.somedomain.com include:spf.protection.outlook.com -all
Spike in credential theft. Probably comes as no surprise to anyone. Use MFA!
https://www.infosecurity-magazine.com/news/hackers-target-employee-credentials/
Pivot-Lite by Fors is a #free two-operator #virtual #FM #synth that uses similar approach as Elektron Digitone groovebox. It requires #registration for the #download but no #online #authentication, which is great.
I'm getting tired of audio #software developers requiring additional authentication software to run the software I buy with my own money. Companies like Steinberg require 5 different apps to run one of their instruments. Here is a developer for once that says no authorisation needed.
The @w3c Linked Web Storage specification aims to create #WebApps with loosely coupled components like data #storage and #authentication, unlike today's tightly integrated systems.
The "Linked Web Storage Use Cases" document is published as a Draft Note. It presents user stories, use cases, and necessary requirements.
▶️ https://www.w3.org/TR/lws-ucs/
You’re welcome to contribute! https://github.com/w3c/lws-ucs/
How to Setup SSH Login with Public Key #Authentication (4 Step Quick-Start Guide)
This article describes how to setup SSH login with public key authentication across your servers and clients for secure access.
If you're using SSH to connect to remote servers, public key authentication is a security best practice. Unlike password-based logins, key-based authentication is not vulnerable to brute-force attacks.
Using a key to ...
Continued 👉 https://blog.radwebhosting.com/how-to-setup-ssh-login-with-public-key-authentication/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social #publickey #sshcommands
Blogged: Implement ASP.NET Core OpenID Connect with Keycloak to implement Level of Authentication (LoA) requirements
#aspnetcore #dotnet #aspire #keycloak #identity #authentication #loa #iam #identity
Thought it is high time to finally set #2FA on my #DeviantArt account... Turned out it's premium feature for paid accounts :neocatBlushHide:
Successful #evaluation for ESS: From May 26 to 18, 2025, a group of international scientists visited Karlsruhe to evaluate, among other things, the Topic Engineering Secure Systems (ESS). The guests came from ETH Zurich, the University of Wisconsin-Madison, and the University of Leuven, among others. ESS is one of three (sub)topics in the Program Engineering #Digital Futures (EDF) in the @helmholtz Research Field “Information.” We at SECUSO are involved in ESS as part of the Human and Societal Factors (HSF) research group. HSF presented the work of the research group in four demonstrators from the areas of #security #awareness, user #authentication, legal design patterns, and securing democracies. Further information can be found in the special issue on Topic Engineering Secure Systems: https://kastel-labs.de/wp-content/uploads/2025/06/KI06-2502-085_Kastel-25_Special-Issue_fuer-web.pdf
#funny #meme #authentication #security #it #programming #development #fun #memes #joke #jokes #dev #cybersecurity #hacking
-> That warning e-mail itself asks whether you find it suspicious, or whether you yourself attempted to log in. It is the latter. But that button leads to nothing. It doesn't throw the e-mail away either. Only an extra screen with explanation and a 'cancel' button (which also does nothing, because it links to the previous screen).
Well. Clearly a bug. 2/2
#google #security #authentication #2FA
#LetterOfTheWeek
Make #online process for #CPF #nominations more user-friendly
"After multiple failed attempts.. As a #senior w #mobilityissues, I hv yet to complete an online nomination successfully. #Facial #authentication shld be more adaptable to #realworld conditions. Basic form data shld be saved as draft to avoid te need to re-enter everything in case of errors. #Singapore’s push twds #digitalisation is commendable but experiences like tis risk leaving some behind"
https://www.straitstimes.com/opinion/forum/forum-make-online-process-for-cpf-nominations-more-user-friendly
How to Setup SSH Login with Public Key #Authentication (4 Step Quick-Start Guide)
This article describes how to setup SSH login with public key authentication across your servers and clients for secure access.
If you're using SSH to connect to remote servers, public key authentication is a security best practice. Unlike password-based logins, key-based authentication is not vulnerable to brute-force attacks.
Using a key to ...
Continued 👉 https://blog.radwebhosting.com/how-to-setup-ssh-login-with-public-key-authentication/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.raddemo.host #sshcommands #publickey
Путеводитель по Ktor JWT auth на стороне сервера
Документация Ktor по server-jwt неполна. Если необходимо сделать что-то за рамками «Hello world», придется лезть в исходники и городить костыли. Какой-то консистентности и предсказуемости ждать не стоит, возможно, не обошлось без заговорщиков . Статья покроет необходимую базу для работы с JWT и убережет от множества подводных камней.
https://habr.com/ru/articles/921076/
#ktor #backend #kotlin #jwt_auth #говнокод #авторизация #аутентификация #костыли #authorization #authentication
Rename `oauth-xx` org to `ruby-oauth`?
Intent of current name was to be a home for oauth tools across many languages, but it never materialized that way. The vestigial -xx is awkward for many reasons, and I think discoverability would improve with a ruby-* org name, and perhaps it could even bring in other oauth-related tools. I have a few thoughts about this, so 🧵
I'm very interested in others thoughts #Ruby #RubyFriends #OAuth #Authentication
🎉 #Matrix #v1.15 is out! Now with 15% more #authentication and room summaries because who needs meaningful #updates when you can have version numbers? 😂 Enjoy the thrill of yet another #conference where you can pitch your groundbreaking ideas on how to send text messages. 💡📱
https://matrix.org/blog/2025/06/26/matrix-v1.15-release/ #Release #Fun #HackerNews #ngated
How to Setup SSH Login with Public Key #Authentication (4 Step Quick-Start Guide)
This article describes how to setup SSH login with public key authentication across your servers and clients for secure access.
If you're using SSH to connect to remote servers, public key authentication is a security best practice. Unlike password-based logins, key-based authentication is not vulnerable to brute-force attacks.
Using a key to ...
Continued 👉 https://blog.radwebhosting.com/how-to-setup-ssh-login-with-public-key-authentication/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.raddemo.host #sshcommands #publickey
Just released: #swad 0.12 🥂
swad is the "Simple Web Authentication Daemon". It basically offers adding form + #cookie #authentication to your reverse proxy (designed for and tested with #nginx "auth_request"). I created it mainly to defend against #malicious_bots, so among other credential checker modules for "real" logins, it offers a proof-of-work mechanism for guest logins doing the same #crypto #challenge known from #Anubis.
swad is written in pure #C with minimal dependencies (#zlib, #OpenSSL or compatible, and optionally #PAM), and designed to work on any #POSIX system. It compiles to a small binary (200 - 300 kiB depending on compiler and target platform).
This release brings (among a few bugfixes) improvements to make swad fit for "heavy load" scenarios: There's a new option to balance the load across multiple service worker threads, so all cores can be fully utilized if necessary, and it now keeps lots of transient objects in pools for reuse, which helps to avoid memory fragmentation and ultimately results in lower overall memory consumption.
Read more about it, download the .tar.xz, build and install it .... here:
🚀 Mastering API Handling in React & Vanilla JS – One Step at a Time!
This week, I deep-dived into handling APIs in React and Vanilla JavaScript – not just fetching data, but doing it efficiently and securely which includes: Fetch, CRUD, Query Params, Auth, and AbortController Explained
#ReactJS #JavaScript #WebDevelopment #Frontend #APIs #AbortController #Authentication #Authorization #AsyncAwait #LinkedInLearning #100DaysOfCode
https://dev.to/shubhamtiwari909/handling-apis-in-frontend-a-complete-guide-fmo
#Facebook is adding #passkey support to its #mobileapp, allowing users to log in using their device’s #authentication method: aims to enhance security and protect against phishing attacks. https://www.theverge.com/news/689410/facebook-passkey-support-phishing-attacks?eicker.news #tech #media #news
