The Latest News On The API Economy
Searching: No Search Term , Filtered By Category: "Security", Category: "Domains", Category: "Hosting"
AWS has introduced Secure Packager and Encoder Key Exchange (SPEKE). SPEKE is an API specification that aims to standardize integration of DRMs with encoders, transcoders, and encryptors. Prior to SPEKE, such communication was done on a one-off basis, with a custom API between DRM and encryptor.
Facebook has been under fire to combat election interference on its platform for years. The company has addressed the issue before governments, in new features, and through new policies. This week, as EU elections loom, Facebook announced its most comprehensive plan yet. Will it work? Is it enough?
Apple this week updated all of its core operating systems with critical security patches The company repaired vulnerabilities in iOS, macOS, tvOS, iCloud, iTunes, and Safari for iPhones, iPads, Macs, consoles, and Windows machines. Developers and consumers should update as soon as possible.
On the heels of recent research that indicates rampant secret leaks in public repositories, GitLab has included a new check feature in its 11.9 release. The new check, secret detection, scans repository contents for API keys and other data that should be treated as secret by the user.
Learn how Freemius, a WordPress plugin business services company that provides management tools to developers, dealt with a security vulnerability in its SDK. The company describes the struggles it had working with people in the industry as it tried to manage how best to roll out its fix.
A research team at North Carolina State University has published findings regarding API token and cryptographic key leaks. The team scanned public GitHub repositories for almost six months and covered 13% of public repositories. Thousands of leaks occur daily, many go unremedied.
Researchers found a flaw in Chromium-based browsers that left devices open to attack. A bug in WebView made it possible for hackers to install malware and/or instant apps that could then hook into the owner's browsing and log-in data. The problem impacts all versions of Android since 4.4 KitKat.
A recent survey shows 27% of Americans choose not to publish something online for fear of harassment. Some of tech's most innovative companies are scrambling to combat toxic and abusive online speech. A new Jigsaw/Google Chrome extension, Tune, allows users to limit their viewed toxic comments.
Facebook has come under fire for what the Electronic Frontier Foundation (EFF) and others are calling a gross abuse of data collected to facilitate two-factor authentication (2FA). The problem: Facebook is using phone numbers it collects for 2FA for other purposes that are not clear to users.
Nineteen APIs have been added to the ProgrammableWeb directory in categories including Cryptocurrency, Dictionary, Holidays, and Non-Profit. Featured today is the Google Trusted Types API to aid in preventing cross-site scripting attacks. Here's a rundown of the latest additions.
Last week, a remote code execution vulnerability was discovered in Drupal's core code. After uncovering and starting its mitigation efforts, Drupal reported mass exploits in the wild. The company published fixes in the most recent versions and suggests that developers upgrade to the latest version.
PayJoy, a provider of pay-as-you-go smartphone financing, announced today global availability of its patented Lock API. The API allows PayJoy's lending partners to secure financing with compatible smartphones and allows finance companies to turn the lock on and off programmatically.
Google is adjusting its annual security push in order to protect end users and improve the experience of using Android devices. That's why Google has set a new schedule for developers in which it asks them to build their apps for Android 9 Pie starting in August. A firm deadline is set for November.
Roughly a year after Elastic Beam launched a machine-learning driven API security solution, Ping Identity stepped-in, acquired the startup, and folded it into its portfolio as the Ping Intelligence Business Unit. With dust from that marriage having settled, Ping's Jason Bonds gives us an update.
Abusive sites are exploiting the FileSystem API to detect whether a user is browsing in incognito mode in Chrome. Normal browsing supports the FileSystem API and Incognito mode does not support the API. Google has proposed supporting the FileSystem API in incognito mode while maintaining privacy.
LandMark White, Australia's largest independent property valuation and property consultancy firm, is reported to have exposed the home loan details of up to 100,000 customers in a recent security breach that the company is blaming on an insecure API.
WHOIS API, Inc., a domain information solution provider, announces the launch of its updated Domain Availability API. It replaces the first-generation Domain Availability API which offered a domain availability checker on the market. The API works for thousands of TLDs, both gTLDs and ccTLDs.
Eleven APIs have been added to the ProgrammableWeb directory in categories including Sports, Data Mining, and Networking. Highlights include the Threat Stack API for cloud security operations monitoring, and the Entity Digital Sports Cricket API. Here's a rundown of the latest additions.
Many developers have adopted an API-first mentality when it comes to releasing new products and services. Logically, security providers should take an API-first strategy when designing threat protection solutions. Salt Security has launched an API Protection Platform with that mindset.
Threat Stack has released a new API that allows users to create security rules, send events to the platform, audit logs and more, all from within their existing DevOps tools. The company hopes that the API will enable DevOps teams to reduce the number of tools they must manage.