Aaron Parecki is a Senior Security Architect at Okta, an editor of several specifications at IETF and W3C, and maintains oauth.net. Aaron has spoken at conferences around the world about OAuth, data ownership, and quantified self, and his work has been featured in Wired, Fast Company and more.
unfold_lessunfold_more How to Hack OAuth
- You will learn what problems OAuth solves, and what it does not solve.
- You'll learn the parts of OAuth that provide hackers an opportunity to attack the flow.
- You'll have a better understanding of some real-world OAuth hacks that happened in the past.
OAuth is the foundation of most of modern online security, used everywhere from signing in to mobile apps, to protecting your bank accounts. Despite its ubiquity, it is still often difficult to implement safely and securely, especially in today's landscape, which is dramatically different from the world of online security as it existed when OAuth was initially created. This talk will explore several real-world OAuth hacks that affected major providers like Twitter, Facebook and Google. I'll share the details of how each specific attack happened, as well as what they could have done to prevent it. Some of these attacks exploited technical flaws in the system, and some exploited the easier to hack, squishier component in the middle: people.
unfold_lessunfold_more Smarter Home Automation without the Cloud
- You'll learn how to create a home automation system that runs entirely without cloud services
- You'll learn some tips for adding additional context-aware inputs to your home automation setup
Most off-the shelf home automation systems rely on cloud services, and are limited to simple rules like "turn on this light when there is motion". It's extremely limiting, and usually results in failures in more complicated settings like when multiple people live at a house, or if you don't have a regular 9-5 schedule. These cloud-enabled devices also fail when your internet connection is down. In this talk we'll look at how to set up a home automation system that runs entirely locally, and takes into account additional context-aware inputs so that you don't accidentally turn on the lights in the middle of the night.