Yesterday a user told me they couldn't log in to my parliamentary monitoring site. On investigating, I found that Microsoft email security was logging in on behalf of my user by executing a POST. This broke the single-use sign-on link. Executing POSTs is usually considered unacceptable, and in this way Microsoft again transgresses an important norm. Here's how to deal with the specific POST problem & what might be done about these transgressions in general:
https://berthub.eu/articles/posts/shifting-cyber-norms-microsoft-post/
bert hubert πΊπ¦πͺπΊ /
npub157β¦5sp9g
2025-01-23 11:50:33
Author Public Key
npub1579yezsv64rkghcezalde636kasdazzpnehtl99wt4g9d62ac0aqu5sp9gPublished at
2025-01-23 11:50:33Event JSON
{
"id": "b839d64ea470b06594d5e01261f425ad129f74a8ace201f9e7109113f4ac10a3",
"pubkey": "a78a4c8a0cd547645f19177edcea3ab760de88419e6ebf94ae5d5056e95dc3fa",
"created_at": 1737633033,
"kind": 1,
"tags": [
[
"proxy",
"https://fosstodon.org/@bert_hubert/113877518487834032",
"web"
],
[
"proxy",
"https://fosstodon.org/users/bert_hubert/statuses/113877518487834032",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://fosstodon.org/users/bert_hubert/statuses/113877518487834032",
"pink.momostr"
],
[
"-"
]
],
"content": "Yesterday a user told me they couldn't log in to my parliamentary monitoring site. On investigating, I found that Microsoft email security was logging in on behalf of my user by executing a POST. This broke the single-use sign-on link. Executing POSTs is usually considered unacceptable, and in this way Microsoft again transgresses an important norm. Here's how to deal with the specific POST problem \u0026 what might be done about these transgressions in general: \nhttps://berthub.eu/articles/posts/shifting-cyber-norms-microsoft-post/",
"sig": "bfb18a6d3412ef2c3bf2311993ab7314225e91490816124cda940c46955bca37438e217d2d2de90b739cba9da064365046b32a27734c4da6af97a47e9cc8e52b"
}