The Latest News On The API Economy
Searching: No Search Term , Filtered By Category: "Hacking", Category: "Humor"
Some enterprising developers have found a way to get around the hidden API restrictions that Google embedded into the Android 9 Pie and Android 10 SDKs. These methods are not condoned or even acknowledged by Google, so proceed around the limits and restrictions at your own risk.
Recent reports show that the Kubernetes API is vulnerable to the billion laughs attack. The attack is a specific type of DoS attack targeting parsers. The vulnerability in the Kubernetes environment occurs within parsing YAML manifests. The apiserver does not validate or limit such manifests.
There is nothing funny about Application Programming Interfaces, or APIs, usually, but we've rounded up a few to chuckle over. Developers wanting to add some big laughs to their applications can start with this list of the top ten APIs from ProgrammableWeb's Humor category.
GateHub recently reported that around 100 XRP wallets were hacked. Over 23 million Ripple coins were directed to multiple exchanges where the hacker was able to presumably use the coins. GateHub has published remediation instructions and understands that the hack started with a valid API token.
Researchers found a flaw in Chromium-based browsers that left devices open to attack. A bug in WebView made it possible for hackers to install malware and/or instant apps that could then hook into the owner's browsing and log-in data. The problem impacts all versions of Android since 4.4 KitKat.
Ten APIs have been added to the ProgrammableWeb directory in categories including File Sharing, Humor, and Travel. Highlights include an API for detecting sentiment and sarcasm in text, and an API for determining language about travel from search queries. Here's a rundown of the latest additions.
This article is part of a series about Most Clicked, Shared and Talked About APIs that were added to our directory during 2018. Security and Privacy APIs are covered here. The APIs were chosen by our researchers, by popularity according to website traffic, and also by mentions on social media.
Facebook discovered a security attack that potentially compromised 50 million user accounts in late September. While Facebook has now reported that the actual affect was minimal, the company has released a tool that helps app developers understand whether their users were affected or not.
Tesla's backbone API suffered a 20 hour outage earlier this week that left the company's keyless driving feature and mobile app monitoring unavailable. While the outage represented more of an inconvenience than a devastation, the vulnerability highlighted the dangers of an API-driven auto market.
This weekend hackers will gather for the Febreze Home Hackathon at the RobotX Space event in Santa Clara. The challenge is to “envision a home system that blends music with scent, or an interconnected room that uses feeling, sight and smell”, by leveraging access to APIs for the Febreze Home device.
If you think you can get Amazon's Alexa to naturally carry-on a 20 minute conversation with a human, then $500K in prize money could be awaiting you and the team of developers that help you to develop such a socialbot using the Alexa Skills Kit. The winners will be identified in late 2017.
Yelp spent two years developing a bug-bounty program with Hackerone, which led to over 100 resolved reports. Now, Yelp is taking the program to the broader public to engage a wider set of security researchers. The program offers bounties starting at $100 and can pay up to $15,000.
Bluetooth beacons offer a range of uses for sending radio signals over the air to connected smartphone applications. In this tutorial, developer Kuba Gretzky explains how he bypassed the beacons in restaurants to collect authorisation keys and earn himself free beer on a points-based app.
Pokémon GO has been hugely popular and generated millions of sessions around the world as people search for the digital creatures. But, it turns out that a fair chunk of recent API traffic has been coming from gaming bots that are making spatial queries to the API from outside of the game client.
In 2015, the NFL started collecting a massive amount of data from players on the field leveraging wearable technology. Given how often and quickly players move around on the field, the data piled up quickly and the NFL was left with a veritable treasure trove of data they called Next Gen Stats
Apple has announced that the company plans on launching its first-ever bug bounty program in September. The program will initially be invite only and the company will pay up to $200,000 USD to researchers who discover and report iOS and iCloud bugs and security vulnerabilities.
Visa has opened the submission process for the next edition of The Everywhere Initiative. The next phase is open to startups in Australia and New Zealand that will respond to one of three challenges that use Visa APIs to improve commerce experiences. Visa will accept responses through August 26th.
As Pokemon Go continues is rise in popularity, many developers have reverse engineered the game to publish unauthorized APIs. Niantic has now issued a cease and desist letter to a popular Pokemon Go API developer in an attempt to quash the unauthorized practice. Will threatened legal action work?
Security researcher Avicoder reported that he uncovered a vulnerability in Twitter's Docker installation housing its Vine source code. The researcher downloaded the entire Vine source code in one of the 80+ server images pulled. Twitter secured the install within 5 minutes, and paid compensation.
Security researchers have discovered a vulnerability in the Swagger ecosystem that could result in the exploitation of Web API endpoints when those endpoints or any SDKs designed to access them are generated from a Swagger-based API description. Malicious remote code execution is the main concern.