The Latest News On The API Economy
Searching: No Search Term , Filtered By Category: "Hacking", Category: "Humor"
Security researchers have discovered a vulnerability in the Swagger ecosystem that could result in the exploitation of Web API endpoints when those endpoints or any SDKs designed to access them are generated from a Swagger-based API description. Malicious remote code execution is the main concern.
Facebook has rewarded a 10 year-old boy from Finland with a $10,000 bounty for discovering an authentication-related vulnerability in the Instagram API that could have enabled a hacker to delete comments of any user on the popular social photo sharing service even without an Instagram account.
The way the Square API delivers JSON output makes it possible for an attacker to engage in a cross-site scripting (XSS) under certain circumstances. The vulnerability was discovered by security researcher Ajay Chavda and reported to Square on August 7, 2015 through its bounty program on hackerone.
Let’s face it, it sucks that in 2016 we still have to talk about gender bias in the workplace. Even in the programming world we find a substantial degree of sexism. For those in the ‘know’ this won’t be surprising: gender bias in the tech community is a well-documented phenomenon.
Virtual conference hack.summit() returns for its second year on February 22 - 25, 2016. The conference brings technology leaders together in a virtual space so that participants around the world can learn direct from the most innovative creators in the API, mobile, data, cloud and IoT realms.
Secret API Keys add a layer of security to APIs and who can access what functions, but a simple flaw in the common implementation in GitHub leaves many API Keys exposed to external developers. This tutorial by Moshe Shaham explains this error, as well as how to leverage it to find API keys.
As more security vulnerabilities in IT software are discovered and exploited by malicious endeavours, Cisco has released its openVuln API that automates the sharing of security vulnerability information in a move aimed at nurturing an open security automation standard across the industry.
The latest Star Wars premiere is here. Extend your Star Wars high with a visit to the Star Wars Graph, built upon the Star Wars API (SWAPI). SWAPI pulls data from Wookieepedia (the Star Wars encyclopedia) and includes vast amounts of Star Wars-related data (e.g. characters, movies, starships, etc.).
Target is on the data breach hot seat again, just two weeks after settling its massive 2013 data breach. This time, an API vulnerability tied to the Target app wishlist functionality led a security firm to easily retrieve personal information from app users. The API requires no authentication.
Koding has announced its global virtual hackathon to be held December 12-13. The event is expected to draw more than 100,000 participants competing for $150,000 in prizes.
A software engineer is urging Facebook to implement additional security measures to help prevent hackers from using one of Facebook’s APIs to harvest users’ personal data.
We've added 6 APIs to the directory today in Hacking, Library, Hardware, and Cryptocurrency categories, among others. Also added: Ajax sample code for the Walk Score API.
The USDA and Microsoft have partnered to host the Innovation Challenge for Food Resilience. The challenge features access to APIs created through the partnership.
In the wake of the notorious "Fappening" hack of celebrities’ private photos in 2014, the FBI stormed the Chicago home of one suspect and seized multiple electronic devices.
The World Bank will host a hackathon to encourage youth participation in national governance. 4Bulgaria aims to create a mobile app that reports governance irregularities.