Okta

Looking for Okta Logos?

You can find all the media assets you need as part of our press room.

Download Media Assets

Oktane17: Identity for You

Read More

An Experience Developers Love, Enterprises Trust: Okta for Customer Identity

Read More

Identity and Device Management for The Extended Enterprise

Read More

Connecting People, Technology and Communities: Introducing the Okta for Good Fund

Read More

Context + Access: How Identity-Driven Security Can Prevent Breaches in Your Business

Read More
#LifeAtOkta
Technology
Partners
Company + Product
Customers + Partners
Industry Insight

InfoSec

Hey Chef, What's the Length of your Encrypted Password?

TL;DR

This post takes a quick look at Chef Data-Bags and SaltStack Pillar (GPG.Renderer) and identifies methods to determine if encrypted information leaks details about the plaintext, such as password length, that could aid an attacker.

Introduction

Does your organization, or one you are testing/auditing, use Chef Data...

Down the SAML Code

Working for an identity company like Okta forces you to constantly be aware of new, old and obscure authentication methods — and also encourages you to dive deep into the underlying protocol to discover whether engineers have correctly implemented the technology. Okta’s Research & Exploitation Team does exactly that, by...

By Matias Brutti in InfoSec

A Peek at 0patch

TL;DR There has been some recent buzz around hot-patching with 0patch and the longevity it could add to end-of-life, unsupported software via crowd sourced community patches. This post provides a primer on hot patching and explores some of the vulnerabilities and attacker usages of 0patch. Overall, while...

New Vectors, New Keys – Updated EBOWLA

Six months ago, Okta’s Infosec team built on the work of Riordan and Schneier to create an open source, environmentally-targeted keying solution, EBOWLA , for the security community to research, tear apart and learn from. Today, we’re pleased to share an update on the project we presented...

By Josh Pitts and Travis Morrow in InfoSec

Deploying JAMF Server Software: Just Check the Box

Overview

We came across a default setting in JAMF Software Server (JSS), which we believe can put companies leveraging the solution at risk. Organizations should make sure they have enabled a very simple configuration setting, e.g. checking a box. We alerted JAMF Software and it has been...

By Josh Pitts in InfoSec