Have you noticed an increase in the number of reports about malware and compromised web servers? Recently, a computer exploit known as Gumblar has been making news for its ability to launch exploits via drive-by download. Gumblar silently installs itself on a computer if a user simply visits a compromised web site, where it proceeds to steal FTP logins and replace legitimate Google search results with redirects to sites of the attacker's choosing. Despite the threat of Gumblar and malware exploits like it, users of recent releases of the Firefox or Chrome browser have an extra layer of protection provided by their use of Google's Safe Browsing API.
Mozilla Firefox 60, an upcoming version of the popular web browser that is expected to be released in May, will disable the W3C Proximity and Ambient Light APIs over fears that they could be abused by hackers and advertisers to, among other things, access browser data without user knowledge.
This is the first part of ProgrammableWeb’s series on Understanding the Realities of API Security based on testimony by ProgrammableWeb’s editor-in-chief David Berlind to the ONC’s API Security and Privacy Task Force. This part looks at the actual security concerns surrounding APIs.