Connect with us

Technology

3,000+ apps found spilling Twitter API keys • The Register

Voice Of EU

Published

on

Want to build your own army? Engineers at CloudSEK have published a report on how to do just that in terms of bots and Twitter, thanks to API keys leaking from applications.

Researchers at the company say they’ve uncovered 3,207 apps leaking Twitter API keys, which can be used to gain access to or even entirely take over Twitter accounts.

Twitter helpfully exposes an API to allow developers access to the microblogging platform. With it, developers can use features such as reading and sending tweets and direct messages, following and unfollowing users and so on. It has proven controversial on occasion and most recently Elon Musk’s legal team complained about API rate limits. Basically, Musk’s claim was that he couldn’t ascertain how many Twitter accounts were run by bots or are otherwise inauthentic.

That same API has proven a boon to developers whose jobs are made easier by the functionality, although they are also an occasional irritation to users (when, for example, certain games add recent scores to users’ Twitter timelines.)

Who would need a bot army?

The API is, however, not really the problem. The issue is the authentication keys given to developers for API access and how those keys are stored. And yes, according to the security house, the keys are sometimes stored in an accessible fashion within the code. The example of developing a mobile application was given, where the API was used for testing and the credentials then saved within the app. Then, as the app moved to production, the keys were not removed. Miscreants could simply download the app, decompile it and get hold of the API keys.

“Thus, from here bulk API keys and tokens can be harvested to prepare the Twitter bot army,” said the researchers.

And as for what one could do with such an army? Scenarios posited by CloudSEK included spreading misinformation, firing off malware attacks from supposedly trusted accounts, spamming and the inevitable phishing.

Of the 3,207 leaky apps, 57 had premium or enterprise subscriptions to the Twitter API (costing $149/month according to researchers) and some of the leaked credentials belonged to verified Twitter accounts. 230 were leaking enough credentials to permit a full account takeover.

What can be done? The answer is simply good practice. While perhaps not very fashionable in the modern development world, CloudSEK recommends proper versioning replete with code reviews and approval. Keys should be rotated and hiding them in variables is recommended.

“Adequate care,” researchers wrote, “should be taken to ensure that files containing environment variables in the source code are not included.”

While leaving secrets in the code might seem like an amusing anecdote for our weekly Who, Me? column (where Register readers confess to messes they made in the pursuit of IT excellence), the report is evidence that shoddy coding practices are alive and well and can have potentially disastrous consequences for the organizations and accounts affected. ®

Source link

Technology

Tinder is the most hated app in Ireland

Voice Of EU

Published

on

Ireland is one of 19 countries worldwide that strongly dislikes Tinder. One in five Tweets by Irish people about all apps are negative.

According to Electronics Hub’s analysis of the most hated apps in the world, Tinder is the most loathed app in Ireland.

Irish people are not alone in their hatred for the dating app. Tinder was the most hated app in 19 countries in total, with Canadians, Americans, Nigerians, Kenyans and our neighbours in the UK also singling it out as their least favourite.

Electronics Hub determined the most hated apps in each country by analysing Twitter data. It processed more than 3m geotagged tweets related to 87 social media, dating, mobile games, entertainment, cryptocurrency and money transfer apps.

Researchers calculated the percentage of tweets about each app that were negative using a sentiment analysis tool which identifies whether a tweet has positive, negative or neutral sentiment.

Infographic of the most hated apps in the world by country.

Click to enlarge and see the most hated apps in the world by country. Infographic: Electronics Hub

Ireland was found to be one of the most negative countries when it came to attitudes towards apps. One in five Tweets posted by Irish people about apps were negative, Electronics Hub found.

Despite Irish people’s professed loathing for Tinder, the dating platform tried to play a role in keeping daters safe in the pandemic. It hooked up with the HSE to promote vaccines by adding badges to users’ profiles.

Tinder was only the second-most hated app in the world, with Roblox taking first place. More than 20 countries said the child-targeted gaming app was their most hated app. Other unpopular apps include Snapchat, Disney and Reddit.

Neighbouring countries tend to dislike similar apps, with the Scandinavians professing a dislike for Reddit and South Americans hating e-commerce apps.

Dating apps, meanwhile, are disliked the world over. In Iraq, 71.4pc of all tweets about Tinder are negative, which is the highest out of any country. A state-by-state breakdown of the most hated apps in North America also found Tinder took the top spot in 21 states.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Source link

Continue Reading

Technology

‘A sweatshop in the UK’: how the cost of living crisis triggered walkouts at Amazon | Industrial action

Voice Of EU

Published

on

Amazon workers say they are working in a “sweatshop” as safety concerns and worries about the cost of living crisis have triggered walkouts at warehouses around the country.

The Observer has spoken to four staff involved in the walkouts, who work at three Amazon warehouses, including Tilbury in Essex, where protests began on 4 August. All say they will struggle to survive this winter with pay rise offers between 35p and 50p an hour – far less than the rate of inflation, which is currently at 9.4%.

The workers, who spoke anonymously for fear of reprisals from Amazon, said they were speaking out to highlight how the firm’s ultra-cheap, ultra-convenient, super-fast delivery model works.

Amazon employs more than 70,000 people in the UK, adding 25,000 staff in 2021 alone. Many work at the company’s 21 fulfilment centres, where some workers say they are asked to carry out long, physical shifts, with difficult targets, for low pay.

Starting pay in Amazon warehouses will shortly be increasing to between £10.50 and £11.45 per hour, depending on location. An Amazon spokesperson said this was a 29% increase in the minimum hourly wage paid to staff since 2018. They said it is also augmented by a comprehensive benefits package worth thousands of pounds a year, and a company pension plan.

But staff say it is too low for the type of work being done and given the current economic crisis, especially at a company that just posted $121bn (£100bn) in revenues in the second quarter of 2022 alone.

“When we heard the news, it was shocking,” said one worker at Amazon’s warehouse in Tilbury. “It’s ridiculous. Inflation is [forecast to reach] 13%, and our salary increases barely 3%.” The worker rents a house with her husband for £1,350 a month without bills. “My salary is £1,600. … I’m lucky I’m married, otherwise I’d be homeless.”

Some staff are seeking a pay rise of £2 an hour from the tech giant.

Hundreds of Amazon employees stop working over disputed pay rise – video

Another worker at Amazon’s warehouse in Tilbury said they were “petrified” about how they would survive this winter. “We had a scenario recently where someone was living in [an] Amazon [warehouse],” he said. “If I’m honest, I can probably see that happening again.

“I can see people staying in the canteen all the time because they can’t afford to go home.”

The worker is protesting against the poor pay offer, as well as conditions that lock staff in cages for entire shifts at the warehouses, from where they pick items to be delivered to customers. (Amazon says the workstations are to protect workers from moving robotics.)

“It’s a Chinese sweatshop in the UK,” said the second worker at Tilbury. “It’s how they set up their model.”

The worker has struggled with his mental health while working for the company. “I’ve realised how bad Amazon is for my mental health,” he said. “The anxiety of going into work, knowing you’ve got to do the same stuff day in, day out, is horrible.”

That concern is echoed by a worker at an Amazon facility near Bristol, who has worked there with his wife for three years. “It was good initially,” the worker said. “There was a lot of safety consciousness, and the targets were pretty reasonable. But now they’re just pushing it higher and higher, and exploiting people.”

Around 100 Amazon staff at Bristol staged a sit-in at the company canteen on 10 August – action for which they say they were docked pay by management at the site. “The vast majority of people went back to work at that point, because at the end of the day, as much as they want to fight for it, they have to think about themselves financially.”

The Bristol warehouse worker says that managers used to stop employees from lifting heavy items from bins on high shelves in the warehouse without a ladder. “If you overstretched yourself for 10 hours, you’d end up with a bad neck and a bad back,” he said.

That has subsequently changed as staff said they felt pressured to meet ever-escalating demand. Staff pushing carts around the warehouse used to be limited to using one cart at a time for safety reasons; now it is claimed managers turn a blind eye to staff pulling two carts at once. “They don’t say nothing because all they care about is getting the work done as fast as possible,” he said. “Safety just goes out the window.”

He says he has personally lifted items weighing up to 25kg by himself, despite rules saying anything heavier than 15kg should be lifted by two people.

A worker at an Amazon facility in the north-west of England said that managers at his warehouse similarly ignored rules around not running on site and lifting down heavy items from high areas in an attempt to meet targets, which at his site require two items to be picked every minute.

Amazon declined to respond to specific claims.

Martha Dark, director at Foxglove, a non-profit organisation working to highlight issues within tech companies that supports Amazon workers, said: “None of the workers we’re supporting wanted to protest.

“They’re desperate and can’t survive on these wages. Meanwhile, Amazon threatens to dock pay and send workers to HR for revealing the truth about life in the warehouse.”

She added: “Amazon needs to respect workers’ rights to organise, stop penalising people who are fighting to survive and provide a real pay rise now.”

Two workers said they plan to leave the company because of the conditions and pay. However, some hope to stay put – to change things.

“If a lot of us who are experienced leave Amazon at this point they’ll get a new group of people in who they can mould into this depressing way of work,” said the Bristol worker. “That’s the problem.”

This article was amended on 14 August 2022. Inflation is at 9.4%, not 13% as stated in an earlier version; the latter is a forecast rate.

Source link

Continue Reading

Technology

AI could save future firefighters from deadly explosions • The Register

Voice Of EU

Published

on

AI could help save firefighters’ lives by predicting fire flashovers before they occur, according to new research published this week. 

Flashovers occur when combustible material in a room suddenly starts igniting all at once, leading to a huge surge of heat and flammable gases that can break walls and burst windows. Around 800 firefighters have been killed and more than 320,000 injured on the job in the US over a 10-year period, from 2008 to 2018, and it is estimated that 13 per cent of those accidents are the result of flashover events.

Firefighters have to rely on their experience to predict if a flashover is about to happen, such as judging from levels of smoke and heat, but it’s not easy considering how quickly they can creep up. Computer scientists have tried to develop methods capable of detecting flashovers in real time for the last two decades, but it’s a difficult task to model something so erratic.

Researchers from the US government’s National Institute of Standards and Technology (NIST), Google, as well as the Hong Kong Polytechnic University and the China University of Petroleum, built a system using graph neural networks (GNN) to learn relationships between different sources of data, represented as nodes and edges, from simulated fires.

“GNNs are frequently used for estimated time of arrival, or ETA, in traffic where you can be analyzing 10 to 50 different roads.” Eugene Yujun Fu, the study’s co-first author and a research assistant professor at the Hong Kong Polytechnic University, said in a statement.

“It’s very complicated to properly make use of that kind of information simultaneously, so that’s where we got the idea to use GNNs. Except for our application, we’re looking at rooms instead of roads and are predicting flashover events instead of ETA in traffic.”

The team simulated all sorts of data, from building layouts, surface materials, fire conditions, ventilation configurations, location of smoke detectors, and temperature profiles of rooms to model 41,000 fake fires in 17 different building types. A total of 25,000 fire cases were used to train the model, and the remaining 16,000 were used to finetune and test it.

The GNN’s performance was assessed by whether it was able to predict whether a flashover event would occur within the next 30 seconds. Initial results showed the model had an accuracy of 92.1 percent at best. 

The system, dubbed FlashNet, is more advanced than the team’s previous machine learning model P-Flash.

“Our previous model only had to consider four or five rooms in one layout, but when the layout switches and you have 13 or 14 rooms, it can be a nightmare for the model,” said Wai Cheong Tam, co-first author of paper and a mechanical engineer at NIST. “For real-world application, we believe the key is to move to a generalized model that works for many different buildings.”

FlashNet may seem promising, but it is yet to be tested with data from real fire rescues. That would require the model to analyze data from thermostats, carbon monoxide and smoke detectors, in smart homes, Tam explained to The Register. How firefighters could then be alerted to the model’s predictions is unclear.

“The focus of the research was to rely on building data that is or could easily be provided from available building sensors. One way to translate the research into reality is to integrate the model into a smart fire alarm control panel that would gather the temperature data from installed heat detectors and includes a computer module that can process the data and make the real-time predictions.”

“From the fire alarm control panel or other suitable piece of equipment, the prediction would be sent to the incident commander, or individual firefighters if deemed suitable. The exact mechanism of providing such predictive analytics is not decided and would require input from the fire service to develop a consensus,” Tam concluded. ®

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!