Waitman Gobble shared a comment of this post/conversation

Jan Wildeboer 😷:krulorange: via SpaceLifeForm

Tue, 14 Jan 2025 16:04:25 -0400 from mastodon

#Oops. "Login with Google" can be abused if you buy a domain name that formerly had accounts, e.g. from a failed startup.

"At the time of writing, there is no fix."

https://trufflesecurity.com/blog/millions-at-risk-due-to-google-s-oauth-flaw

Chris

Tue, 14 Jan 2025 16:11:53 -0400 from mastodon

@Jan Wildeboer 😷:krulorange: same for buying old domains where the email has been used too register an account without SSO, and can still be used to reset the password, what’s new?
aside of the fact that lots of services do not allow your sso provider to be changed

Stefan Münz

Tue, 14 Jan 2025 16:40:01 -0400 from mastodon

@Jan Wildeboer 😷:krulorange: I have nearly all of my "login with..." accounts converted into native service logins again, since it's a hell if you decide to give up an account that is used for dozens of OAuth logins. A well working password manager gives you the same comfort as "login with bigbrother" logins, but lets you stay independant. The cases reported here confirm me to recommend giving up these kind of logins.

SpaceLifeForm

Tue, 14 Jan 2025 16:53:13 -0400 from mastodon

@Jan Wildeboer 😷:krulorange:

Like an email address that is neglected, that should never expire, the same applies to domain names.

DNS is flawed design.

#DNS #Expiration

Waitman Gobble

Tue, 14 Jan 2025 21:58:40 -0400 last edited: Tue, 14 Jan 2025 22:00:27 -0400 from Get Ready To Rumbly

I don't care for zone transfers and master/slave heirarchy but it is an improvement over the hosts file :)

I run all masters with postgresql streaming to sync updates in seconds. Back in olden times when i used master/slave with zone transfers it was just nuts. Over complicated and slow and much more network congestion.

I don't know what they were thinking with bind 10, it was like mad scientist mode