May 7, 2021
View all 2 Followers
View all 574 Related Articles
Related Articles (574)
Recent reports show that the Kubernetes API is vulnerable to the billion laughs attack. The attack is a specific type of DoS attack targeting parsers. The vulnerability in the Kubernetes environment occurs within parsing YAML manifests. The apiserver does not validate or limit such manifests.
Secret API Keys add a layer of security to APIs and who can access what functions, but a simple flaw in the common implementation in GitHub leaves many API Keys exposed to external developers. This tutorial by Moshe Shaham explains this error, as well as how to leverage it to find API keys.
Phone geolocation company LocationSmart allowed users to look up the real-time location of any supplied mobile phone number without the need of a password or authentication. API security leaks such as this are all too common but what is worrisome is how LocationSmart got this data to start with.