Black Hat 2020: Linux Spyware Stack Ties Together 5 Chinese APTs

The groups, all tied to the Winnti supply-chain specialist gang, were seen using the same Linux rootkit and backdoor combo. Continue reading Black Hat 2020: Linux Spyware Stack Ties Together 5 Chinese APTs

Is it recommended to send an authentication request to the Resource Owner (by the Authorization Server) if it already has an active session?

In OAuth 2.0 Authorization Code Flow (Grant Type), is it recommended (or is it maybe even a best practice) to send an authentication request (e.g. a login-request form) to the Resource Owner (by the Authorization Server), eve… Continue reading Is it recommended to send an authentication request to the Resource Owner (by the Authorization Server) if it already has an active session?

Why are ASP.NET form authentication cookies deleted only on client side if client side can’t be trusted?

ASP.NET documentation says:

FormsAuthentication.SignOut()

Removes the forms-authentication ticket from the browser

Why is the cookie not invalidated at the server as well? It would be easy to implement. After al… Continue reading Why are ASP.NET form authentication cookies deleted only on client side if client side can’t be trusted?