News More bad news for Gunky

Discussion in 'The Howard Stern Show' started by PSU Shower Room, Sep 22, 2015.

  1. PSU Shower Room

    PSU Shower Room Well-Known Member

    Reputations:
    43,188
    Joined:
    Jul 4, 2012
    Messages:
    4,049
    Likes Received:
    9,877
    Looks like Whalecock, Gunk's new business partner is cheap like him.

    They don't want to shell out the marbles to properly develop & test their app.

    Gunky's content isn't even out yet and the company is hit with a scandal.


    Off to a great start.

    http://www.wired.com/2015/09/common...kardashian-jenner-sites-use-information-leak/

    The Kardashian and Jenner sisters released theirown personalized apps last week, promising to share more moments of their lives with fans who pay the $2.99 monthly subscription. But a curious developer discovered they are sharing much more than that: Their apps leaked subscriber information for almost a million people.

    Unlike many high-profile data breaches, the Kardashian/Jenner subscriber info wasn’t stolen by a hacker who broke into a database. Rather, the apps relied upon a poorly constructed API to relay data, allowing anyone logged into the fan apps or websites to do everything from retrieve subscriber information to delete photos and videos. The sites were, in effect, broadcasting this private data to anyone who knew where to look.

    The breach appears to be the result of hasty developers failing to properly audit code ahead of a big launch. But the situation is a symptom of a larger problem: APIs are difficult to secure, and even the biggest tech companies struggle to control third-party access to their private APIs.

    Hacking Into Private APIs Isn’t Hard to Do
    Alaxic Smith, a 19-year-old startup co-founder, found the vulnerable API within a day of the apps’ release. In a now-deleted post on Medium, Smith explained how he discovered the insecure API while examining the JavaScript behind Kylie Jenner’s website:

    After I started digging a little bit deeper, I found a JavaScript file namedkylie.min.75c4ceae105ad8689f88270895e77cb0_gz.js. Just for fun, I decided to un-minify this file to see what kind of data they were collecting from users and other metrics they may be tracking. I saw several calls to an API, which of course made sense. I popped one of those [API] endpoints into my browser, and got an error just like I expected.

    After logging into Jenner’s site with his own credentials, Smith found the API returned a list of all her subscribers. The public had access to the full names and email addresses of 891,340 subscribers across the four celebrity-gazing apps until the developers behind the API locked it down. According to TechCrunch, the company behind the apps, Whalerock Industries, says it restricted API access within “a few hours” of Smith publishing his findings. The company also said passwords and credit card information remained hidden.

    The most common kind of APIs are public—companies such as Twitter and Facebook release them to provide third-party developers a way of extending their own services and utilizing the big companies’ data. Companies also often build private APIs intended only for internal use to enable their apps to communicate with their primary databases. However, those private APIs often are discovered by outside developers, which can lead to embarrassing consequences.

    Private API Hacks Are Bound to Happen, But You Can Prepare
    Many tech heavyweights, including Telsa, Airbnb, Uber, and Tinder, have seen private APIs reverse engineered. This usually leads to small headaches, like seeing scores of developers build Tinder bots thatautomatically “swipe right” on every profile. But sometimes supposedly private APIs expose sensitive user information and data.

    Take Snapchat, which has long battled “unlawful” third-party apps that leverage its private API. In the summer of 2013, security researchers warned Snapchat that its API was leaking private user information, including millions of phone numbers, through its “Find Friends” feature. When the company ignored the warnings, a small group of security researchers anonymously published a database of 4.6 million usernames and phone numbers. Initially, Snapchat’s CEO refused to apologize for the breach, claiming “we thought we had done enough.” But mounting bad press prompted the company to back down and require users to verify their phone numbers before using “Find Friends.” This curtailed hackers’ ability to query its system and access user information anonymously—but it took Snapchat nine days.

    “It’s pretty much impossible to stop someone from using your API,” says David Kelso, CEO of Beyond Pricing, who has reverse engineered multiple “home-sharing” startup’s APIs to build a dynamic pricing service for AirBNB listings. “By the time someone decides they want to use your API, there’s little you can do to stop it.”

    Developers can use numerous tools to sniff out how companies use APIs for their apps and websites. Even when companies use vetted authentication systems, such as OAuth, it’s fairly easy for an engineer to use applications like mitmproxy, which spoof credentials and use man-in-the-middle attacks to intercept API calls—even if they are encrypted.

    The Kardashian/Jenner breach didn’t require anything nearly so sophisticated. As Smith explained, the API calls were easy to suss out from the sites’ JavaScript files. But the leak emphasizes the need for companies to assume their APIs are public—that way, they can build in access controls like the one Snapchat added after its leak, which prevent or significantly restrict hackers from accessing users’ private information.
     
    codeine, Wigward, stash and 2 others like this.
  2. Divorce Chicken

    Divorce Chicken white punk on dope VIP

    Reputations:
    139,571
    Joined:
    Jan 24, 2012
    Messages:
    14,208
    Likes Received:
    31,322
    Those testing dollars are going to Howie's big new contract.
     
    codeine, Rockside7 and smichal like this.
  3. Rockside7

    Rockside7 VIP Extreme Gold

    Reputations:
    156,567
    Joined:
    Jan 13, 2014
    Messages:
    7,794
    Likes Received:
    18,340


    I wouldn't doubt it.

    He always demands an obscene amount to do anything.
     
    Bye You!, codeine and Divorce Chicken like this.
  4. Nemo

    Nemo Beer Can Thick Gold

    Reputations:
    339,542
    Joined:
    Sep 7, 2010
    Messages:
    94,550
    Likes Received:
    58,665
    sue sue sue
    :yay:
     
  5. greenchiclets

    greenchiclets Well-Known Member

    Reputations:
    28,386
    Joined:
    Dec 13, 2011
    Messages:
    3,657
    Likes Received:
    6,316
    What a fucking whore. Those Kardashians are too.
     
    rabbigottfried likes this.
  6. UpInSmoke123

    UpInSmoke123 Well-Known Member

    Reputations:
    18,068
    Joined:
    Jan 13, 2014
    Messages:
    1,511
    Likes Received:
    3,741
    "Wh-Wh-Wh-What's this, Robin? API? APQ? Pershonal data leaks? Look, the fact of the matter is I don't know from computers. I'm jusht a guy who shows up when I'm shupposed to and does the besht show I can. And I think I've done pretty well in this business, alright? I left a message w/ Jeff Shick from IBM, and he says it's no big deal, but he helped me change my lotus notes pashword to be safe. I don't know. Can we get John Hein in here to explain this fakakta API nonsense? No? Bobo, you're on the air!"
     
  7. Divorce Chicken

    Divorce Chicken white punk on dope VIP

    Reputations:
    139,571
    Joined:
    Jan 24, 2012
    Messages:
    14,208
    Likes Received:
    31,322
    :bethsucks:
     
    Rockside7 likes this.
  8. reno

    reno VIP Extreme Gold

    Reputations:
    324,484
    Joined:
    Jan 10, 2012
    Messages:
    13,719
    Likes Received:
    40,611
    I know one thing, he ain't gonna get my money on his new venture. Fool me once shame on you. Fool me twice shame on me.
     
    Bye You!, codeine, queerface and 4 others like this.
  9. Honkey Donkey

    Honkey Donkey Well-Known Member

    Reputations:
    134,115
    Joined:
    Dec 9, 2014
    Messages:
    9,668
    Likes Received:
    19,648
    The Wig is having quite the week isn't he ?
    :haha:
     
  10. unclefreddy

    unclefreddy Well-Known Member

    Reputations:
    12,951
    Joined:
    Jun 4, 2012
    Messages:
    1,907
    Likes Received:
    2,782
    Get the fuck out of here, Kardashians have 1 million subscribers paying $2.99 per month - that's insane.
     
    TheSurvivingJesusTwin likes this.
  11. TheSurvivingJesusTwin

    TheSurvivingJesusTwin Half as ubiquitous

    Reputations:
    18,550
    Joined:
    Jul 29, 2015
    Messages:
    1,490
    Likes Received:
    3,026
    looks like they know how to get things done. someone wrote down 'test the app' then put it out of their mind.
     
  12. Horse Marbles

    Horse Marbles Well-Known Member

    Reputations:
    2,447
    Joined:
    Jun 27, 2012
    Messages:
    229
    Likes Received:
    490
    What is so sad is that your words could 100% be an actual quote from Howie. Lotus Notes ffs. I wonder if he can run Lotus Notes on the new iPhone 6s's he just bought for himself and Secretariat? Fucking moron probably uses only two apps on the thing.... Grindr and Scruff.
     
  13. Honkey Donkey

    Honkey Donkey Well-Known Member

    Reputations:
    134,115
    Joined:
    Dec 9, 2014
    Messages:
    9,668
    Likes Received:
    19,648
    LOL @ Secretariat :hilarious:
     
    TheSurvivingJesusTwin likes this.
  14. Benjamen

    Benjamen Well-Known Member

    Reputations:
    255,087
    Joined:
    Sep 13, 2010
    Messages:
    8,290
    Likes Received:
    51,908
    He's currently chewing his therapist's couch cushions to pieces.
     
  15. peterfonda

    peterfonda Well-Known Member

    Reputations:
    9,996
    Joined:
    Dec 2, 2012
    Messages:
    6,697
    Likes Received:
    5,417
    Fucking A. I bought his books, no way am I giving him another red cent.
     
  16. Vinegarette

    Vinegarette Don't Believe What You Hear

    Reputations:
    38,942
    Joined:
    Feb 10, 2014
    Messages:
    1,833
    Likes Received:
    6,611
    This reminds me of the Sony scandal a few years back.

    They made Michael Jackson top of the charts on one of his last albums, but only because they bought all the copies themselves (hey -- it was their own money coming right back to themselves so it made no real difference to Sony) to make it look like he was truly a relevant pop star.

    The millions of albums they bought for themselves were later discovered as a shill manipulation of the sales charts, and under actual audit MJ only sold 20-30,000 albums to real fans. The millions needed for being top of the charts for a few weeks was Sony self-masturbation.

    Sounds like what Gunky does with those Yoda books too.
     
  17. Honkey Donkey

    Honkey Donkey Well-Known Member

    Reputations:
    134,115
    Joined:
    Dec 9, 2014
    Messages:
    9,668
    Likes Received:
    19,648
    I hope the second Yoda book bombs and Disney sues the Wig and Whorse
     
  18. kingship

    kingship Well-Known Member

    Reputations:
    59,602
    Joined:
    Jan 20, 2014
    Messages:
    2,458
    Likes Received:
    6,776
    As if Gunky actually PAID for those phones. Didn't happen.
     
  19. GaryPuppet

    GaryPuppet Well-Known Member

    Reputations:
    246,199
    Joined:
    Jan 15, 2012
    Messages:
    25,357
    Likes Received:
    48,945
    Is Whale Rock one company or 2 Robin?
     
  20. Honkey Donkey

    Honkey Donkey Well-Known Member

    Reputations:
    134,115
    Joined:
    Dec 9, 2014
    Messages:
    9,668
    Likes Received:
    19,648
    The fuckin Wig can't even get the finger print reader to work on his phone . He just got it because he thinks it's the cool thing to do. My parents are in their 70s and can use the finger print reader . The Wig is a retard when it comes to tech stuff .
     
    Boozebag likes this.