Tootfinder

Opt-in global Mastodon full text search. Join the index!

@kubikpixel@chaos.social
2025-07-14 05:20:24

JWTs Are Not Session Tokens , Stop Using Them Like One
When JSON Web Tokens (JWTs) hit the mainstream, they were hailed as the solution to everything wrong with session management. Stateless! Compact! Tamper-proof! Suddenly, everyone started stuffing them into every web app like ketchup on bad code.
🧑‍💻 archive.fo/01UkP

@tante@tldr.nettime.org
2025-08-29 11:33:46

So someone just got access to a bunch of Salesforce accounts by getting their access tokens.
Salesforce is the company that claims that already 20% of their code is written by "AI", isn't it?
cloud.google.com/blog…

Widespread Data Theft Targets Salesforce Instances via Salesloft Drift | Google Cloud Blog
UNC6395 stole data from Salesforce instances by exploiting compromised OAuth tokens from the Salesloft Drift app.