The Latest News On The API Economy
Searching: No Search Term , Filtered By Category: "Hacking", Category: "Humor"
Yelp spent two years developing a bug-bounty program with Hackerone, which led to over 100 resolved reports. Now, Yelp is taking the program to the broader public to engage a wider set of security researchers. The program offers bounties starting at $100 and can pay up to $15,000.
Bluetooth beacons offer a range of uses for sending radio signals over the air to connected smartphone applications. In this tutorial, developer Kuba Gretzky explains how he bypassed the beacons in restaurants to collect authorisation keys and earn himself free beer on a points-based app.
Pokémon GO has been hugely popular and generated millions of sessions around the world as people search for the digital creatures. But, it turns out that a fair chunk of recent API traffic has been coming from gaming bots that are making spatial queries to the API from outside of the game client.
In 2015, the NFL started collecting a massive amount of data from players on the field leveraging wearable technology. Given how often and quickly players move around on the field, the data piled up quickly and the NFL was left with a veritable treasure trove of data they called Next Gen Stats
Apple has announced that the company plans on launching its first-ever bug bounty program in September. The program will initially be invite only and the company will pay up to $200,000 USD to researchers who discover and report iOS and iCloud bugs and security vulnerabilities.
Visa has opened the submission process for the next edition of The Everywhere Initiative. The next phase is open to startups in Australia and New Zealand that will respond to one of three challenges that use Visa APIs to improve commerce experiences. Visa will accept responses through August 26th.
As Pokemon Go continues is rise in popularity, many developers have reverse engineered the game to publish unauthorized APIs. Niantic has now issued a cease and desist letter to a popular Pokemon Go API developer in an attempt to quash the unauthorized practice. Will threatened legal action work?
Security researcher Avicoder reported that he uncovered a vulnerability in Twitter's Docker installation housing its Vine source code. The researcher downloaded the entire Vine source code in one of the 80+ server images pulled. Twitter secured the install within 5 minutes, and paid compensation.
Security researchers have discovered a vulnerability in the Swagger ecosystem that could result in the exploitation of Web API endpoints when those endpoints or any SDKs designed to access them are generated from a Swagger-based API description. Malicious remote code execution is the main concern.
Facebook has rewarded a 10 year-old boy from Finland with a $10,000 bounty for discovering an authentication-related vulnerability in the Instagram API that could have enabled a hacker to delete comments of any user on the popular social photo sharing service even without an Instagram account.
The way the Square API delivers JSON output makes it possible for an attacker to engage in a cross-site scripting (XSS) under certain circumstances. The vulnerability was discovered by security researcher Ajay Chavda and reported to Square on August 7, 2015 through its bounty program on hackerone.
Let’s face it, it sucks that in 2016 we still have to talk about gender bias in the workplace. Even in the programming world we find a substantial degree of sexism. For those in the ‘know’ this won’t be surprising: gender bias in the tech community is a well-documented phenomenon.
Virtual conference hack.summit() returns for its second year on February 22 - 25, 2016. The conference brings technology leaders together in a virtual space so that participants around the world can learn direct from the most innovative creators in the API, mobile, data, cloud and IoT realms.
Secret API Keys add a layer of security to APIs and who can access what functions, but a simple flaw in the common implementation in GitHub leaves many API Keys exposed to external developers. This tutorial by Moshe Shaham explains this error, as well as how to leverage it to find API keys.
As more security vulnerabilities in IT software are discovered and exploited by malicious endeavours, Cisco has released its openVuln API that automates the sharing of security vulnerability information in a move aimed at nurturing an open security automation standard across the industry.
The latest Star Wars premiere is here. Extend your Star Wars high with a visit to the Star Wars Graph, built upon the Star Wars API (SWAPI). SWAPI pulls data from Wookieepedia (the Star Wars encyclopedia) and includes vast amounts of Star Wars-related data (e.g. characters, movies, starships, etc.).
Target is on the data breach hot seat again, just two weeks after settling its massive 2013 data breach. This time, an API vulnerability tied to the Target app wishlist functionality led a security firm to easily retrieve personal information from app users. The API requires no authentication.
Koding has announced its global virtual hackathon to be held December 12-13. The event is expected to draw more than 100,000 participants competing for $150,000 in prizes.