This week, we look at API vulnerabilities in Kubernetes and 3Fun, upcoming API Specification Conference, and slides from EIN 2019 conference presentation.
Vulnerabilities: Kubernetes
Kubernetes has fixed the API vulnerability CVE-2019-11247.
Articles
This week, we take a look into API vulnerabilities found in Tinder and Axway SecureTransport. In other news, FTC and Equifax have reached a settlement related to the 2017 breach, and the slides for an API security talk have been posted.
Vulnerability: Tinder
Sanskar Jethi has found that Tinder enforces its premium features (such as unblurred images of those who like you) to be available for premium membership only in the app, not in the API. Their API actually delivers regular, unblurred images to everyone.
Millions of repositories are hosted on GitHub, and lots of projects hosted there make their way into your project as dependencies. Developers can just look for modules that cover their use-case and import it into their project, which is actually great! The not-so-great part about importing third-party code is that developers usually just ignore the security aspects of it altogether.
According to GitHub, its security scan for vulnerabilities in Ruby and JavaScript unearthed more than four million bugs, which sparked a significant clean-up effort by project owners. As demonstrated by Equifax’s massive data breach, vulnerable open-source software libraries may contain significant security repercussions. GitHub has made some improvements in terms of notifying the user about the security issues in their code, but the users are required to opt into their security alerts.
Microsoft recently published a blog post announcing a new competition for data scientists. It calls for participants to use machine learning to predict, given the current state of a device, when (or if) it is likely to get infected with malware.
"The competition provides academics and researchers with varied backgrounds a fresh opportunity to work on a real-world problem using a fresh set of data from Microsoft," the blog post states. "Results from the contest will help us identify opportunities to further improve Microsoft’s layered defenses, focusing on preventative protection. Not all machines are equally likely to get malware; competitors will help build models for identifying devices that have a higher risk of getting malware so that preemptive action can be taken."
Want to know what is SNI and how it works? Well, you’ve come to the right place (not sure about the right time though). Quite often, this great technology goes under the radar, and that’s somewhat understandable. So, here we are doing what we always do – unscrambling the “technical” stuff.
Let’s get under the hood of the technology that is Server Name Indication.
The considerable number of articles cover Machine Learning for cybersecurity and the ability to protect us from cyber attacks. Still, it’s important to scrutinize how actually Artificial Intelligence (AI), Machine Learning (ML), and Deep Learning (DL) can help in cybersecurity right now and what this hype is all about.
First of all, I have to disappoint you. Unfortunately, Machine Learning will never be a silver bullet for cybersecurity compared to image recognition or natural language processing, two areas where Machine Learning is thriving. There will always be a man trying to find weaknesses in systems or ML algorithms and to bypass security mechanisms. What’s worse, now hackers are able to use Machine Learning to carry out all their nefarious endeavors.
There is no denying the fact that we are more connected than ever today and this connectivity only seems to increase by the day. The world today has shrunk within a small handheld mobile device, hasn’t it? Smarter technology is bringing not only the world but the future closer.
Alongside, this trend has exponentially increased the rate of data generation. Servers are not the only high-volume data-sources anymore. Mobile devices and internet of things (IoT) are churning out a copious amount of information each second. As the number of smartphones and connected devices grows, this inflow of data multiplies too. It should be noted that this data is multiplying with each second and getting more and more massive in size.
