Adam Shostack :donor: :rebelverified:<p>Playing with phanpy.social, it seems that authorizing new apps to access mastodon doesn't require a two factor auth code.</p><p>While I haven't fully threat modeled it (you're already logged into the browser, so someone with browser access may not represent a shift in trust boundary, it feels off.</p><p><a href="https://infosec.exchange/tags/mastodon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mastodon</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/accidentalpentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>accidentalpentest</span></a> <a href="https://infosec.exchange/tags/sbd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sbd</span></a> <a href="https://infosec.exchange/tags/threatmodel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatmodel</span></a></p>
shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.
Administered by:
Server stats:
245active users
shakedown.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.3
#accidentalpentest
0 posts · 0 participants · 0 posts today
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload