The [REDACTED] Hacker - Episode 001 Trailer - Apple's Secret API
Apple has a secret API to spy on you and the reports coming in are not pretty...
đđŒ Watch the trailer for The [REDACTED] Hacker - Episode 001
(with a Person of Interest twist đ)
According to Gizmodo:
A new test of how Apple gathers usage data from iPhones has found that the company collects personally identifiable information while explicitly promising not to.
The privacy policy governing Appleâs device analytics says "none of the collected information identifies you personally".
But an analysis of the data sent to Apple shows it includes a permanent, unchangeable ID number called a Directory Services Identifier, or DSID, according to researchers from the software company Mysk.
Apple collects that same ID number along with information for your Apple ID, which means the DSID is directly tied to your full name, phone number, birth date, email address and more, according to Myskâs tests.
The iPhone Analytics setting makes an explicit promise: Turn it off, and Apple says that it will "disable the sharing of Device Analytics altogether".
However, two app developers and security researchers at the software company Mysk, took a look at the data collected by a number of Apple iPhone apps including the App Store, Apple Music, Apple TV, Books, and Stocks.
They found the analytics control and other privacy settings had no obvious effect on Appleâs data collection. The tracking remained the same whether iPhone Analytics was switched on or off.
According to Appleâs analytics policy, "Personal data is either not logged at all, is subject to privacy-preserving techniques such as differential privacy, or is removed from any reports before theyâre sent to Apple"
But Myskâs tests show that the DSID, which is directly tied to your name, is sent to Apple in the same packet as all the other analytics information.
âŹâŹâŹâŹâŹ đŁ API SECURITY đŁ âŹâŹâŹâŹâŹ
APIs are everywhere and API Security has never been more important than it is right now. API abuses have risen in the past few years and it is difficult to go even a week without reading about another API that has been attacked. By securing your APIs using API Security solutions and API Management best practices, you can mitigate attacks and protect your organization, your customers, your data, and your reputation from API Hackers.
âŹâŹâŹâŹâŹ đą WHAT IS OWASP? đą âŹâŹâŹâŹâŹ
OWASP stands for "Open Web Application Security Project" and they are an international non-profit organization dedicated to web application security.
It is important to apply API Security best practices to your cybersecurity strategy.
âŹâŹâŹâŹâŹ âȘ SHIFT LEFT âȘ âŹâŹâŹâŹâŹ
"Shift Left" is referring to shifting your security focus to the beginning of the API Lifecycle process and integrating it into the design and development of an API that works to help protect it in every other step of the API Lifecycle all the way to the retirement of an API.
âŹâŹâŹâŹâŹ â© SHIELD RIGHT â© âŹâŹâŹâŹâŹ
"Shield Right" is talking about the emphasis on continuing to protect your APIs at runtime and beyond. This provides a defense against unknown attacks using AI/ML and defined algorithms and policies.
âŹâŹâŹâŹâŹ đŽ WHAT IS API Penetration Testing? đŽ âŹâŹâŹâŹâŹ
API penetration testing (or API Pentesting) is an ethical hacking process to assess the security of the API design. API tests involve attempting to exploit identified issues and reporting them to strengthen the API to prevent unauthorized access or a data breach.
âŹâŹâŹâŹâŹ đĄ OWASP API SECURITY đĄ âŹâŹâŹâŹâŹ
What is the OWASP Top 10 for API Security?
â Broken Object Level Authorization
â Broken User Authentication
â Excessive Data Exposure
â Lack of Resources & Rate Limiting
â Broken Function Level Authorization
â Mass Assignment
â Security Misconfiguration
â Injection
â Improper Assets Management
â Insufficient Logging & Monitoring
âŹâŹâŹâŹâŹ đ API Hacker Resources đ âŹâŹâŹâŹâŹ
đ Postman
đ Charles Proxy
đ MobSF
đ Frida
đ MITM
đ OSINT Tools
âŹâŹâŹâŹâŹ â€ïž LEVEL-UP â€ïž âŹâŹâŹâŹâŹ
đŹ Watch âȘ Check out more API videos! https://youtube.com/apishorts ( bring your own đż )
đ Subscribe âȘ Get notified when new content is available!
đđ» Thumbs Up! âȘ Love APIs? đ Like our video and share it!
đŹ Comment âȘ Let us know what you think of this episode!
âŹâŹâŹâŹâŹ đ LET'S CONNECT đ âŹâŹâŹâŹâŹ
â LinkedIn đđŒ https://api2.day/linkedin
â Twitter đđŒ https://api2.day/twitter
â YouTube đđŒ https://api2.day/youtube
â Medium đđŒ https://api2.day/medium
â Dev.to đđŒ https://api2.day/devto
â Software AG đđŒ https://api2.day/sag-brenton
âŹâŹâŹâŹâŹ ⥠SUPERCHARGE ⥠âŹâŹâŹâŹâŹ
⥠Digital Strategist đđŒ https://api2.day/brenton
⥠Software AG Blog đđŒ https://api2.day/sag-blog
⥠API Knowledge Portal đđŒ https://api2.day/knowledge
âŹâŹâŹâŹâŹ đŹ DIGITAL TOOLS đŹ âŹâŹâŹâŹâŹ
Apple Final Cut Pro đđŒ https://api2.day/fcp
Adobe After Effects đđŒ https://api2.day/ae
SORT BY-
Toppkommentarer
-
Senaste kommentarerna