Lmst

Trouble in Port Coquitlam neighbourhood after care provider, resident moves in
The City of Port Coquitlam told Global News that the house isn't authorized to be used for this service and neighbours have been concerned about what's happening.
#neighborhood #concern #authorization #PortCoquitlam #Health #Politics
https://globalnews.ca/news/11642383/port-coquitlam-neighbourhood-trouble-care-provider-resident/

A technical disclosure this week detailed a conditional server-side authorization issue affecting Instagram’s mobile web interface.

Under specific backend states and header conditions, private media metadata and CDN links were reportedly returned without authentication.

The issue was patched silently, but the lack of formal root-cause acknowledgment has sparked discussion within the security community.

This case underscores how partial-impact vulnerabilities can be harder to detect - and potentially more concerning - than global failures.

How do you approach disclosure confidence when fixes arrive without explanation?

Source: https://cybersecuritynews.com/instagram-vulnerability-private-posts/#google_vignette

Join the discussion and follow @technadu for practitioner-focused security coverage.

#AppSec #Authorization #BugBounty #PrivacyEngineering #Infosec #TechNadu

New Instagram Vulnerability Exposes Private Posts to Anyone

A common anti-pattern I see in #authorization is trying to shoe-horn everything to fit a few generic permission types (eg CRUD). This almost always leads to awkward compromises and often to violating the principle of least privilege, because each generic permission ends up granting access to a confusing smorgasbord of operations.

I'd recommend starting with a one-to-one mapping between permissions and exposed #API actions - "increaseTheFrobinator" or whatever. Then carefully aggregate those into more general permission classes if necessary, guided by user needs rather than technical neatness.

I've made SurillyaID available to the public! You can now use SurillyaID as an alternative / primary (whatever you want) login system using OIDC or OAuth 2!

Developer Portal: https://developer.surillya.com

Peertube Tutorial: https://video.surillya.com/w/fsbWVJU7E1SgawAj9XG2f2

YouTube tutorial: https://youtu.be/YQVn3aCgqLQ

#developer #php #oidc #openid #surillyaid #login #authorization #developers #webdev #html #website

A screenshot showing the SurillyaID developer dashboard

Fisheries Department grants authorization for port expansion in Contrecoeur, Que.
Fisheries and Oceans Canada has granted authorization to the Montreal Port Authority to expand a container port terminal northeast of the city in the habitat of an endangered fish species.
#expansion #authorization #port #Contrecoeur #Que
https://www.cbc.ca/news/canada/montreal/authorization-port-expansion-contrecoeur-9.7038679?cmp=rss

Modern Identity Management in the era of Serverless and Microservices

https://videos.ijug.eu/w/ksXzydwQkYp68iDgCCmhdH

RunAs Radio Show 1015 - Zero Trust in 2026 with Michele Bustamante and host Richard Campbell

https://runasradio.com/Shows/Show/1015

#podcast #devcommunity #security #ciso #authentication #authorization #zerotrust

Tôi muốn có thư viện ủy quyền an toàn kiểu dữ liệu với ít cú pháp rườm rà, vì vậy tôi tự tạo ra **zap-studio/permit**: Quản lý logic ủy quyền tập trung, hỗ trợ TypeScript 100%, tích hợp Zod/Valibot/ArkType, dùng được trên Express, Fastify, Next.js và nhiều nền tảng khác. Giải pháp để giao diện sạch, hạn chế lỗi và dễ kiểm thử! #JavaScript #TypeScript #Authorization #DevTools #PhátTriểnPhầnMềm

https://www.reddit.com/r/SideProject/comments/1pngtaa/i_wanted_a_typesafe_authorization_library_with/

The time has come! 🕒

My new project is taking shape with #CleanArchitecture, modules, and a stable core. #ZarazJade is now part of a larger workspace.

Starting now, I'll share the progress of the first MVP: the #Authorization layer. 🚀

#DevDiary #BuildInPublic #iOS #transport

Interesting read about #authentication and #authorization in #localfirst #p2p software.

I still have a few more alternatives to review, but the library @localfirst/auth could be a good option.

https://herbcaudill.com/words/20240602-local-first-auth

USENIX Enigma 2023 - Adventures in #Authentication and #Authorization

#netflix #zerotrust

https://www.youtube.com/watch?v=gfE9nzbiMww

RBACX — универсальный RBAC/ABAC-движок авторизации для Python

RBACX — авторизация без боли в Python-проектах Когда доступ «размазан» по вьюхам и миддлварам, ревью и тесты превращаются в квест - появляется мотивация все это унифицировать. Я написал RBACX — лёгкий движок, где правила описываются декларативно (JSON/YAML), а проверка прав — это один понятный вызов. В статье показываю, как собрать из него аккуратный PDP для микросервисов и монолитов. Я последние два года пишу бэкенд в стартапе MindUp — это мой первый пост на Хабре, и первая библиотека. Буду рад вопросам и критике. Если тема авторизации болит так же, как у меня, загляните!

https://habr.com/ru/articles/950080/

#python #rbacx #RBAC #ABAC #fastapi #authorization #django #flask #litestar #accesscontrol