Home / Tag Archives: api

Tag Archives: api

When you go to a security conference, and its mobile app leaks your data

Enlarge / Screenshots of the RSA Conference application from the Google Play Store. The app's Web interface leaked attendee data when supplied with a token obtained by registering the app. (credit: Google Play Store ) A mobile application built by a third party for the RSA security conference in San Francisco this week was found to have a few security issues of its own—including hard-coded security keys and passwords that allowed a researcher to extract the conference's attendee list. The conference organizers acknowledged the vulnerability on Twitter, but they say that only the first and last names of 114 attendees were exposed. pic.twitter.com/QzTjOvMhSi — RSA Conference (@RSAConference) April 20, 2018 The vulnerability was discovered (at least publicly) by a security engineer who tweeted discoveries during an examination of the RSA conference mobile app, which was developed by Eventbase Technology.  Within four hours of the disclosure, Eventbase had fixed the data leak—an API call that allowed anyone to download data with attendee information. If you attended #RSAC2018 and see your first name there - sorry! pic.twitter.com/YrgZo6jHDu — svbl (@svblxyz) April 20, 2018 Accessing the attendee list required registering an account for the application, logging in, and then grabbing a token from an XML file stored by the application. Since registration for the application only required an email address, anyone who could dump the files from their Android device could obtain the token and then insert it into a Web-based application interface call to download attendee names. While the SQLite database downloaded was encrypted, another API call provided that key. Read 2 remaining paragraphs | Comments

Read More »

Stripe debuts Radar anti-fraud AI tools for big businesses, says it has halted $4B in fraud to date

Cybersecurity continues to be a growing focus and problem in the digital world, and now Stripe is launching a new paid product that it hopes will help its customers better battle one of the bigger side-effects of data breaches: online payment fraud. Today, Stripe is announcing Radar for Fraud Teams , an expansion of its free AI-based Radar service that runs alongside Stripe’s core payments API to help identify and block fraudulent transactions. And there are further efforts that Stripe is planning in coming months. Michael Manapat, Stripe’s engineering manager for Radar and machine learning, said the company is going to soon launch a private beta of a “dynamic authentication” that will bring in two-factor authentication. This is on top of Stripe’s first forays into using biometric factors in payments, made via partners like Apple and Google. With these and others, fingerprints and other physical attributes have become increasingly popular ways to identify mobile and other users. The initial iteration of Radar launched in October 2016 , and since then, Manapat tells me that it has prevented $4 billion in fraud for its “hundreds of thousands” of customers. Considering the wider scope of how much e-commerce is affected by fraud — one study  estimates $57.8 billion in e-commerce fraud across eight major verticals in a one-year period between 2016 and 2017 — this is a decent dent, but there is a lot more work to be done. And Stripe’s position of knowing four out of every five payment card numbers globally (on account of the ubiquity of its payments API) gives it a strong position to be able to tackle it. The new paid product comes alongside an update to the core, free product that Stripe is dubbing Radar 2.0, which Stripe claims will have more advanced machine learning built into it and can therefore up its fraud detection by some 25 percent over the previous version. New features for the whole product (free and paid) will include being able to detect when a proxy VPN is being used (which fraudsters might use to appear like they are in one country when they are actually in another) and ingesting billions of data points to train its model, which is now being updated on a daily basis automatically — itself an improvement on the slower and more manual system that Manapat said Stripe has been using for the past couple of years. Meanwhile, the paid product is an interesting development. At the time of the original launch, Stripe co-founder John Collison hinted that the company would be considering a paid product down the line. Stripe has said multiple times that it’s in no rush to go public — and statement that a spokesperson reiterated this week — but it’s notable that a paid tier is a sign of how Stripe is slowly building up more monetization and revenue generation. Stripe is valued at around $9.2 billion as of its last big round in 2016.

Read More »

Yahoo Mail launches new wave of updates with faster loads, photo themes, RSVPs, improved OOO

While many are on the lookout for new, big revamp of Gmail , its smaller competitor Yahoo Mail today jumped in first with its own set of updates, covering both new personalisation features and faster performance times. The changes come about 10 months after Yahoo Mail rolled out its own major redesign , and are an extension of some of the themes that the company introduced back then. Change and iteration is the theme of the day, it seems: today, Yahoo Mail’s parent Oath (which is also TechCrunch’s owner), also announced a new president and COO, K. Guru Gowrappan, who joins from Alibaba and had in his distant past once also worked at Yahoo, Quixey and Zynga. (Additionally, Oath’s former senior director of publisher products, Simon Khalaf, has also parted ways with the company.) Yahoo Mail has a long road ahead of it to grow its user base, though. Putting to one side the fact that many people have stopped using email, opting instead for messaging apps and more integrated communications platforms like Slack, Yahoo Mail itself has had its own competitive and security issues. Most pointedly, the service suffered one of the biggest user data breaches in the history of the internet, affecting more than 1 billion people and impacting the price that Verizon ultimately paid by some $350 million when it acquired Yahoo last year. That, plus the lack of updates Yahoo Mail made over many years previously, and the swift rise of the very popular Gmail from Google and very office-friendly services like Microsoft’s, have all served to keep Yahoo Mail’s growth in strong check. I asked for an update on active monthly users but have yet to get it. However, last year, the company said it had 225 million active users. As a point of comparison, Gmail today has well over 1 billion (based on a figure Google confirmed back in 2016). My educated guess is that the gulf between the two has only grown over time. Still, you can say that Yahoo has been thinking ahead of the curve in some respects: last year, the company introduced a Pro version that you pay for in exchange for no advertising. Given the wave of criticism that is now hitting Facebook — and by extension all ad-based “free” services — over just what kind of information is being gathered, bartered and used relating to us, it will be interesting to see how much more the idea of paid services in lieu of ad-based free catches on. We have asked a Yahoo Mail spokesperson for any updated numbers that can be shared on the number of subscribers

Read More »

Ford launches on-demand medical transportation service

Ford is launching an on-demand transportation service for non-emergency medical needs. The idea is to better help patients get to their doctor appointments. Ford is initially launching this in partnership with Beaumont Health in Michigan to serve more than 200 facilities. Called GoRide, the fleet has 15 transit vans to accommodate people with varying needs. By the end of the year, Ford plans to have 60 vans, all driven by trained professionals, as part of GoRide’s services. The GoRide fleet can accommodate people with wheelchairs, thanks to flexible seats that can flip up and a wheelchair lift. “There’s no excuse for the fact that so many people have trouble simply making it to their medical appointments,” Ford Mobility Business Group VP Marion Harris said in a press release. “By merging our expertise in vehicles, technology and human-centered design, we’ve created a high-touch, patient-focused service that truly understands and is tailored to patients and their needs. Our service is focused on multiple social determinants of health, and delivers the quality of care and on-time certainty that medical facilities need in order to increase throughput and reduce wait times.” In March, Lyft committed to cut the problem of health care transportation in half by 2020. Lyft provides API access to partners like Allscripts, Blue Cross Blue Shield and Ascension to integrate the ride-hailing service into its health platforms and electronic health records services. Meanwhile, people seem to be moving toward on-demand platforms for trips to the emergency room, as well. Last December, a study reported ambulance use has gone down about 7 percent nationwide since the rise of Uber. Though, neither Uber or Lyft are particularly accessible to people with mobility disabilities.

Read More »

Google Cloud releases Dialogflow Enterprise Edition for building chat apps

Building conversational interfaces is a hot new area for developers. Chatbots can be a way to reduce friction in websites and apps and to give customers quick answers to commonly asked questions in a conversational framework. Today, Google announced it was making Dialogflow Enterprise Edition generally available. It had previously been in Beta. This technology came to them via the API.AI acquisition in 2016 . Google wisely decided to change the name of the tool along the way, giving it a moniker that more closely matched what it actually does. The company reports that hundreds of thousands are developers are using the tool already to build conversational interfaces. This isn’t just an all-Google tool though. It works across voice interface platforms including Google Assistant, Amazon Alexa and Facebook Messenger, giving developers a tool to develop their chat apps once and use them across several devices without having to change the underlying code in a significant way. What’s more, with today’s release the company is providing increased functionality and making it easier to transition to the enterprise edition at the same time. “Starting today, you can combine batch operations that would have required multiple API calls into a single API call, reducing lines of code and shortening development time. Dialogflow API V2 is also now the default for all new agents, integrating with Google Cloud Speech-to-Text, enabling agent management via API, supporting gRPC, and providing an easy transition to Enterprise Edition with no code migration,” Dan Aharon Google’s product manager for Cloud AI wrote in a company blog post announcing the tool

Read More »

Twitter is down UPDATE: It’s back

Reports of Twitter being down are coming in from across the global. The homepage and mobile app is currently down. The desktop API still works so users can connect to the service through apps like Tweetdeck and Tweetbot. According to downdetector.com, users are experience an outage across the world. The issue appeared at 9:50 AM EDT. Twitter has yet to comment on the outage. Update: As of 10:35 the service appears to be coming back online around the world. Developing…

Read More »

Cambridge Analytica’s ex-CEO backs out of giving evidence to UK parliament

Alexander Nix, the former CEO of the political consultancy firm at the center of a storm about mishandled Facebook users data, has backed out of re-appearing in front of the UK parliament for a second time. Nix had been scheduled to take questions from the DCMS committee that’s probing online misinformation tomorrow afternoon. In a press notice today, the committee said: “The former CEO of Cambridge Analytica, Alexander Nix, is now refusing to appear before the Digital, Culture, Media and Sport Committee at a public session  tomorrow , Wednesday 18 th  April, at 2.15pm. He cites the Information Commissioner’s Office’s ongoing investigation as a reason not to appear.” Nix has already given  evidence to the committee — in February — but last month it recalled him, saying it has fresh questions for him in light of revelations that millions of Facebook users had their data passed to CA in violation of  Facebook’s  policies. It has also said it’s keen to press him on some of his previous answers, as a result of evidence it has heard since — including detailed testimony from CA whistleblower Chris Wylie late last month. In a statement today about Nix’s refusal to appear, committee chair Damian Collins said it might issue a formal summons. “We do not accept Mr Nix’s reason for not appearing in a public session before the Committee. We have taken advice and he is not been charged with any criminal offence and there is no active legal proceedings and we plan to raise this with the Information Commissioner when we meet her this week. There is therefore no legal reason why Mr Nix cannot appear,” he said. “The Committee is minded to issue a formal summons for him to appear on a named day in the very near future. We’ll make a further statement about this next week.” When Nix attending the hearing on February 27 he claimed Cambridge Analytica does not “work with Facebook data”, also telling the committee: “We do not have Facebook data”, though he said the company uses the social media platform to advertise, and also “as a means to gather data, adding: “We roll out surveys on Facebook that the public can engage with if they elect to.” Since then Facebook has said information on as many as 87 million users of its platform could have been passed to CA, via a quiz app that was able to exploit its friends API to pull data on Facebook users’ friends.

Read More »

New wearable hardware interface, Tap Systems, opens SDK to developers

Tap Systems , the developer of the Tap wearable keyboard and mouse, is releasing a developer SDK for interested programmers. The software kit will let developers design applications that can integrate with the Tap wearable which answers the once unanswerable question: what’s the result of one hand tapping? Resting on the finges of one hand, the Tap wearable provides a new way for users to interact with hardware. Finger taps are the input that the device uses to determine movement and keystrokes. Using Tap, the company says anyone can send messages, play games, point, click and scroll on almost any surface. “Since Tap’s inception we’ve been contacted by everyone from mobile game and language input developers, to folks developing for accessibility use and even enterprise,” said Dovid Schick, the chief executive and founder of Tap Systems, in a statement. The company sees applications for its technology in anything from mobile gaming, to virtual and augmented reality and language input developers who have struggled to translate character-based languages to existing user interfaces. The toolkit includes SDKs for iOS and Android, and a plug-in for Unity — along with sample applications and documentation. There’s also an API for BLE enabled platforms. Tap System’s released toolset includes SDKs for both iOS and Android, a plug-in for Unity, as well as example applications and documentation. The company has also released an API to enable any BLE enabled platform to interface directly with the Tap wearable. The wearable costs $179, but the software development kit is royalty-free, open-source and available under the company’s terms of use. gallery ids="1620672,1620670,1620676,1620675,1620674" It’s a big step for the Pasadena, Calif.-based company that first brought its product to market late last year.

Read More »

Liberis raises £57.5M to offer finance for small businesses paid back via customer card transactions

Liberis , the London-based fintech that provides finance for small businesses, has raised £57.5 million in new funding to help support the company’s growth. The alternative finance provider makes loans against a company’s future credit and debit card sales. The majority of the new capital being raised by Liberis is debt, which in turn will enable it to issue more loans. The facility is being provided by British Business Investments (the commercial arm of the tax payer-funded British Business Bank), Paragon Bank, and BCI Ltd. In addition, Blenheim Chalcot has made an equity investment into Liberis. The so-called “digital venture builder” also previously backed Clearscore, the credit scoring startup recently acquired by Experian . Providing a new financing option as a replacement for a traditional bank loan or extended overdraft — which is increasingly hard for small businesses to come by — Liberis provides funding from £1,000 to £500,000 based on a company’s projected credit and debit card sales. However, the clever part is that the loan is paid back via a pre-agreed percentage of the business’ digital transactions, making it especially attractive to seasonal businesses that have very uneven sales throughout different times of the year. There isn’t a time limit placed on when a loan has to be repaid, either. Instead, the repayment schedule is directly tied to the size and pace of a small business’ card transactions. In a call with Rob Straathof, CEO of Liberis, he conceded that this means the fintech startup is taking on more of the risk, but says the company is seeing the vast majority of loans paid back within the projected timeframe. To help manage risk and make the required sales projections, Liberis uses various data points, including transactions pulled in from a number payment platform partners such as Worldpay, and Sagepay. Similarly, it also integrates with take-out marketplace Just Eat, which gives the startup the ability to offer financing to small restaurants. The advent of Open Banking, which lets bank account holders share their transaction data via an API, will also enable Liberis to extend its reach.

Read More »

Walmart partners with Postmates on grocery delivery

Walmart is expanding its grocery delivering business with the help from new partner, Postmates, the retailer announced this morning. Postmates will initially begin Walmart Online Grocery Delivery in Charlotte, North Carolina with plans to reach other markets in the months ahead. Postmates joins Walmart’s existing delivery partners Uber and Deliv, who have been helping Walmart test deliveries in select markets, including Dallas, Denver, Orlando, Phoenix, Tampa and San Jose. The addition of a new delivery partner is not unexpected – the company recently detailed its plans to expand its grocery delivery business across the U.S. in 2018, going from just 6 metros to 100 during that time. That will see Walmart offering delivery in 800 of its stores, and able to service over 40 percent of U.S. households. To date, Walmart has been working with partners instead of rolling out its own delivery service  because it wants to be able to quickly scale up its grocery delivery operation, given the looming threat of Amazon and its own rapid expansion of Whole Foods grocery deliveries through Prime Now. In fact, today Amazon announced Whole Foods grocery delivery has reached yet another major metro – Los Angeles and Orange County. Amazon has been moving fast to integrate Whole Foods into its Prime business, with everything from deeper discounts and coupons for Prime members to the option to have Whole Foods purchases delivered. And it has taken advantage of Whole Foods stores for its Amazon Lockers, selling its own electronics, and more. Walmart hadn’t initially been focused on grocery delivery, touting that pickup was a more affordable option for its customer base due to the high costs of delivery. But it couldn’t let Amazon dominate the grocery delivery market either. However, Walmart’s Curbside Pickup is much more widely available and will be for some time. The service is now live at 1,200 Walmart stores, and expected to roll out to 1,000 more in 2018

Read More »

Google launches an improved speech-to-text service for developers

Only a few weeks after launching a major overhaul of its Cloud Text-to-Speech API, Google today also announced an update to that service’s Speech-to-Text voice recognition service. The new and improved Cloud Speech-to-Text API promises significantly improved voice recognition performance. The new API promises a reduction in word errors around 54 percent across all of Google’s tests, but in some areas the results are actually far better than that. Part of this improvement is a major new feature in the Speech-to-Text API that now allows developers to select between different machine learning models based on this use case. The new API currently offers four of these models. There is one for short queries and voice commands, for example, as well as one for understanding audio from phone calls and another one for handling audio from videos. The fourth model is the new default, which Google recommends for all other scenarios. In addition to these new speech recognition models, Google is also updating the service with a new punctuation model. As the Google team admits, its transcriptions have long suffered from rather unorthodox punctuation. Punctuating transcribed speech is notoriously hard though (just ask anybody who has ever tried to transcribe a speech by the current U.S. president…). Google promises that its new model results in far more readable transcriptions that feature fewer run-on sentences and more commas, periods and question marks. With this update, Google now also lets developers tag their transcribed audio or video with some basic metadata. There is no immediate benefit to the developer here, but Google says that it will use the aggregate information from all of its users to decide on which new features to prioritize next. Google is making a small change to how it charges for this service.

Read More »

Bots on Twitter share two-thirds of links to popular websites: Pew

It’s official: Bots are doing a lot of PR grunt work on Twitter — especially when it comes to promoting porn websites. That perhaps unsurprising conclusion about what automated Twitter accounts are link sharing comes courtesy of a new study by the Pew Research Center which set out to quantify one aspect of bot-based activity in the Twittersphere. Specifically the researchers wanted to know what proportion of tweeted links to popular websites are posted by automated accounts, rather than by human users? The answer they came up with is that around two-thirds of tweeted links to popular websites are posted by bots rather than humans. The researchers say they were interested in trying to understand a bit more about how information spreads on Twitter. Though for this study they didn’t try to delve directly into more tricky (and sticky) questions about bots — like whether the information being spread by these robots is actually disinformation . Pew’s researchers also didn’t try to determine whether the automated link PR activity actually led to significant levels of human engagement with the content in question. (Something that can be difficult for external researchers to determine because Twitter does not provide full access to how it shapes the visibility of tweets on its platform, nor data on how individual users are making use of controls and settings that can influence what they see or don’t on its platform). So, safe to say, many bot-related questions remain to be robustly investigated. But here at least is another tidbit of intel about what automated accounts are up to vis-a-vis major media websites — although, as always, these results are qualified as ‘suspected bots’ as a consequence of how difficult it is to definitively identify whether an online entity is human or not. (Pew used Indiana University’s Botometer  machine learning tool for identifying suspected bots; relying on a score of 0.43 or higher to declare likely automation — based on a series of their own validation exercises.) Pew’s top-line conclusion is that suspected automated accounts played a prominent role in tweeting out links to content across the Twitter ecosystem — with an estimated 66% of all tweeted links to the most popular websites likely posted by automated accounts, rather than human users.

Read More »

Life in Rongcheng offers inside preview of China’s social credit system, which mixes credit scores with monitoring data of citizens, launches…

Simina Mistreanu / Foreign Policy : Life in Rongcheng offers inside preview of China's social credit system, which mixes credit scores with monitoring data of citizens, launches nationally in 2020   —  RONGCHENG, CHINA — Rongcheng was built for the future.  Its broad streets and suburban communities were constructed with an eye …

Read More »