Lightnews — Scholar-powered news

Rob Winch @rwinch.github.io · 8d

#SpringSecurity 7 added MFA support docs.spring.io/spring-secur...

tldr Add following to require both password and one time token

`@EnableGlobalMultiFactorAuthentication(authorities = {
GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY,
GrantedAuthorities.FACTOR_OTT_AUTHORITY })`

Adaptive Authentication :: Spring Security

docs.spring.io

4 8

Rob Winch @rwinch.github.io · 27d

Exciting News! Spring Authorization Server is moving to #SpringSecurity 7.0

spring.io/blog/2025/09...

Spring Authorization Server moving to Spring Security 7.0

Level up your Java code and explore what Spring can do for you.

spring.io

8 18

Rob Winch @rwinch.github.io · 29d

Ever wanted to be able to change how the built in #SpringSecurity hasRole hasAuthority, etc methods work but continue to use the existing DSL? Enter AuthorizationManagerFactory.... docs.spring.io/spring-secur...

Thanks x.com/sjohnr for your PR github.com/spring-proje...

Authorization Architecture :: Spring Security

docs.spring.io

3 13

Reposted by Rob Winch

Daniel Garnier-Moiroux @garnier.wf · Aug 4

Neat episode of a Bootiful Podcast from @starbuxman.joshlong.com with @rwinch.github.io , the lead of @spring.io Security. Great insights on how the design and product decisions are made in an OSS project, and the timeframes for these.

podcasts.apple.com/gb/podcast/s...

Spring Security lead Rob Winch on Spring Security 7.0, SpringOne 2025, and more

Podcast Episode · A Bootiful Podcast · 31/07/2025 · 44m

podcasts.apple.com

2 12

Rob Winch @rwinch.github.io · Jun 17

Just pushed support for Spring Security OAuth + Interface REST Client integration docs.spring.io/spring-secur...

#SpringFramework #SpringSecurity

HTTP Interface Integration :: Spring Security

docs.spring.io

1 7

Rob Winch @rwinch.github.io · Jun 17

I'll be presenting "Secure All The Things With Spring Security" with @starbuxman.joshlong.com at #SpringOne #VMwareExplore

I hope to see you there!

event.vmware.com/flow/vmware/...

Content Catalog | Las Vegas | VMware Explore

event.vmware.com

4 15

Rob Winch @rwinch.github.io · May 22

Thanks for reaching out and sorry for the delay. Can you please reach out via github.com/spring-proje...

GitHub - spring-projects/security-advisories: Report a Spring CVE

Report a Spring CVE. Contribute to spring-projects/security-advisories development by creating an account on GitHub.

github.com

Reposted by Rob Winch

Tommy Ludwig @tommyludwig.bsky.social · Apr 25

Anyone have any realistic use of Java's Scoped Values they can share? Yes, I know it's still a preview feature, but I can hope there are some eager people out there.

1 3 4

Rob Winch @rwinch.github.io · Apr 18

Interesting post infosec.exchange/@briankrebs/...

- AI bots are used to commit financial aid fraud at universities
- rise in bots enrolling prevents some students from registering for classes
- teachers worry when the bots drop (after bot gets aid) it might cause them to lose their job

1

Rob Winch @rwinch.github.io · Apr 16

I'm glad to see that funding for the CVE program has been extended www.bleepingcomputer.com/news/securit...

I'm interested to see what happens with the foundation going forward.

tldr - CVE Program funding was going to expire, foundation was setup to preserve it, CVE Program funding was extended

3 9

Rob Winch @rwinch.github.io · Mar 21

My current setup has been with ⌘+arrow to move to half of screen, ⌘+Enter for full screen, ⌥+⌘+arrow to move displays, ⌃+⌥+⌘+arrow to move spaces. This collides with navigating a text file

Rob Winch @rwinch.github.io · Mar 21

Trying MacOS again Key binding suggestions for moving window left/right/top/bottom half screen, full screen, to next/previous display, & to next/previous "spaces" (desktops or in linux it was workspace)? Ideally bindings use arrows, are similar to each other, and don't collide with default bindings

1

Rob Winch @rwinch.github.io · Mar 3

It's frustrating when authenticating to website (e.g. website.com) to be redirected to an external domain (e.g. website.idp.com) & expect website.com's credentials. Shame on both the website & the IdPs that follow this practice which primes users to be phished.

3

Rob Winch @rwinch.github.io · Feb 5

I'm not speaking @devnexus.bsky.social this year, but I'm going as an attendee. If you will be there, I'd love to meet up. Hope to see you there!

6

Rob Winch @rwinch.github.io · Jan 13

Linux user trying to figure out macos - How can I have the menu bar & doc on all displays AND have "Displays have separate Spaces" unchecked?

NOTE: I do not want separate spaces per display because then I have to switch a space per display. I prefer switch space updates all monitors at once.

2

Reposted by Rob Winch

Marcus Hutchins @malwaretech.com · Jan 9

Why You Probably Don't Need A VPN To Stay Secure On Public Wi-Fi

You've probably heard advice about how hackers can steal all your sensitive information if you don't use a VPN on public Wi-Fi, but is that actually true? In...

www.youtube.com

17 31 170

Rob Winch @rwinch.github.io · Jan 6

I'm very excited that @spring.io is switching from a Contributor License Agreement to a Developer Certificate of Origin!

We're looking forward to seeing more & simplified contributions from you! If you have any questions, reach out to us in our issue trackers.

spring.io/blog/2025/01...

Hello DCO, Goodbye CLA: Simplifying Contributions to Spring

Level up your Java code and explore what Spring can do for you.

spring.io

1 21 45

Rob Winch @rwinch.github.io · Dec 5

Fantastic news to see the @antora.org collector has hit GA!

Antora Project @antora.org · Dec 5

@spring.io you may be interested in upgrading to the final release. We've tested it extensively and are confident the upgrade should go smoothly.

Antora Project @antora.org · Nov 26

More than 2 years after the initial alpha, Antora Collector 1.0.0 is finally available! A key reason the release was held up was to release with full docs.

This extension allows you to run external commands and import additional files into the content aggregate.

docs.antora.org/collector-ex...

2

Rob Winch @rwinch.github.io · Dec 5

Good advice for protecting against / recovering Hijacked Gmail (& other) Accounts

www.forbes.com/sites/daveyw...

- Setup recovery phone & email to your account
- For Gmail, if attacker changes your recovery phone number, then you have7 days to use that original number to regain control

Gmail Takeover Hack Attack—Google Warns You Have Just 7 Days To Act

As Gmail users complain hackers have compromised accounts, changing passwords and passkeys in the process, Google advises they have 7 days to regain control—here’s how.

www.forbes.com

Reposted by Rob Winch

Jenna McLaughlin @jennamclaughlin.bsky.social · Dec 4

President Biden's deputy natsec advisor for cyber and emerging tech Anne Neuberger told reporters that Chinese hackers got into (at least) 8 U.S. telcos in a broad spying campaign that affected "dozens of countries" since it began.

The latest on All Things Considered: www.npr.org/2024/12/04/n...

www.npr.org

5 62 150

Rob Winch @rwinch.github.io · Dec 5

That's not me. I renamed my account from robwinch.bsk.social to rwinch.github.io and do not have another account.

1

Rob Winch @rwinch.github.io · Dec 4

Note that the Blue Sky documentation states that atprto-did must return content-type text/plain but it worked for me despite GitHub pages returning application/octet-stream

This is good for me since it doesn't appear that I can change the content-type on GitHub pages docs.github.com/en/pages/get...

.well-known/atproto-did at main · rwinch/.well-known

Contribute to rwinch/.well-known development by creating an account on GitHub.

github.com

2

Rob Winch @rwinch.github.io · Dec 4

Verification can be done using a .well-known URL bsky.social/about/blog/4...

To do that I created a .well-known project that publishes the atproto-did file with the verification to GitHub pages github.com/rwinch/.well...

GitHub - rwinch/.well-known

Contribute to rwinch/.well-known development by creating an account on GitHub.

github.com

2 1 3

Rob Winch @rwinch.github.io · Dec 4

I changed my username to rwinch.github.io so that I had a verified domain with a username that I'm well known by.

How did I do it?

How to verify your Bluesky account - Bluesky

Here's how to verify your Bluesky account by setting your website as your username.

bsky.social

3 7 36

Rob Winch @rwinch.github.io · Dec 4

Chinese is hacking US telco so stop using SMS

- Use 3rd party apps that do end to end encryption (eg WhatsApp)
- RCS iPhone <-> Android is not encrypted
- Use phone that auto updates in timely fashion
- Use MFA

www.forbes.com/sites/zakdof...

HT @starbuxman.joshlong.com

FBI Warns iPhone And Android Users—Stop Sending Texts

US officials urge citizens to use encrypted messaging and calls wherever they can—here’s what you need to know.

www.forbes.com

3 4