The Latest News On The API Economy
Searching: No Search Term , Filtered By Category: "Hacking", Category: "Humor"
Tesla's backbone API suffered a 20 hour outage earlier this week that left the company's keyless driving feature and mobile app monitoring unavailable. While the outage represented more of an inconvenience than a devastation, the vulnerability highlighted the dangers of an API-driven auto market.
This weekend hackers will gather for the Febreze Home Hackathon at the RobotX Space event in Santa Clara. The challenge is to “envision a home system that blends music with scent, or an interconnected room that uses feeling, sight and smell”, by leveraging access to APIs for the Febreze Home device.
If you think you can get Amazon's Alexa to naturally carry-on a 20 minute conversation with a human, then $500K in prize money could be awaiting you and the team of developers that help you to develop such a socialbot using the Alexa Skills Kit. The winners will be identified in late 2017.
Yelp spent two years developing a bug-bounty program with Hackerone, which led to over 100 resolved reports. Now, Yelp is taking the program to the broader public to engage a wider set of security researchers. The program offers bounties starting at $100 and can pay up to $15,000.
Bluetooth beacons offer a range of uses for sending radio signals over the air to connected smartphone applications. In this tutorial, developer Kuba Gretzky explains how he bypassed the beacons in restaurants to collect authorisation keys and earn himself free beer on a points-based app.
Pokémon GO has been hugely popular and generated millions of sessions around the world as people search for the digital creatures. But, it turns out that a fair chunk of recent API traffic has been coming from gaming bots that are making spatial queries to the API from outside of the game client.
In 2015, the NFL started collecting a massive amount of data from players on the field leveraging wearable technology. Given how often and quickly players move around on the field, the data piled up quickly and the NFL was left with a veritable treasure trove of data they called Next Gen Stats
Apple has announced that the company plans on launching its first-ever bug bounty program in September. The program will initially be invite only and the company will pay up to $200,000 USD to researchers who discover and report iOS and iCloud bugs and security vulnerabilities.
Visa has opened the submission process for the next edition of The Everywhere Initiative. The next phase is open to startups in Australia and New Zealand that will respond to one of three challenges that use Visa APIs to improve commerce experiences. Visa will accept responses through August 26th.
As Pokemon Go continues is rise in popularity, many developers have reverse engineered the game to publish unauthorized APIs. Niantic has now issued a cease and desist letter to a popular Pokemon Go API developer in an attempt to quash the unauthorized practice. Will threatened legal action work?
Security researcher Avicoder reported that he uncovered a vulnerability in Twitter's Docker installation housing its Vine source code. The researcher downloaded the entire Vine source code in one of the 80+ server images pulled. Twitter secured the install within 5 minutes, and paid compensation.
Security researchers have discovered a vulnerability in the Swagger ecosystem that could result in the exploitation of Web API endpoints when those endpoints or any SDKs designed to access them are generated from a Swagger-based API description. Malicious remote code execution is the main concern.
Facebook has rewarded a 10 year-old boy from Finland with a $10,000 bounty for discovering an authentication-related vulnerability in the Instagram API that could have enabled a hacker to delete comments of any user on the popular social photo sharing service even without an Instagram account.
The way the Square API delivers JSON output makes it possible for an attacker to engage in a cross-site scripting (XSS) under certain circumstances. The vulnerability was discovered by security researcher Ajay Chavda and reported to Square on August 7, 2015 through its bounty program on hackerone.
Let’s face it, it sucks that in 2016 we still have to talk about gender bias in the workplace. Even in the programming world we find a substantial degree of sexism. For those in the ‘know’ this won’t be surprising: gender bias in the tech community is a well-documented phenomenon.
Virtual conference hack.summit() returns for its second year on February 22 - 25, 2016. The conference brings technology leaders together in a virtual space so that participants around the world can learn direct from the most innovative creators in the API, mobile, data, cloud and IoT realms.
Secret API Keys add a layer of security to APIs and who can access what functions, but a simple flaw in the common implementation in GitHub leaves many API Keys exposed to external developers. This tutorial by Moshe Shaham explains this error, as well as how to leverage it to find API keys.
As more security vulnerabilities in IT software are discovered and exploited by malicious endeavours, Cisco has released its openVuln API that automates the sharing of security vulnerability information in a move aimed at nurturing an open security automation standard across the industry.
The latest Star Wars premiere is here. Extend your Star Wars high with a visit to the Star Wars Graph, built upon the Star Wars API (SWAPI). SWAPI pulls data from Wookieepedia (the Star Wars encyclopedia) and includes vast amounts of Star Wars-related data (e.g. characters, movies, starships, etc.).
Target is on the data breach hot seat again, just two weeks after settling its massive 2013 data breach. This time, an API vulnerability tied to the Target app wishlist functionality led a security firm to easily retrieve personal information from app users. The API requires no authentication.