1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Rabbit reveals data breach was caused by employee leaking API key

    From TechnologyDaily@1337:1/100 to All on Fri Aug 2 19:30:05 2024
    Rabbit reveals data breach was caused by employee leaking API keys

    Date:
    Fri, 02 Aug 2024 19:26:01 +0000

    Description:
    rabbit says security systems 'working as intended', believes no damage has been done to its data or systems.

    FULL STORY ======================================================================

    The company behind rabbit r1 , a sort of vague AI assistant device, has thwarted a self-proclaimed hacktivist group that was passed API keys by a rogue employee.

    Having a company name starting with a lowercase letter may be deeply embarrassing, but dont hold that against its security team ( except when you should ).

    In a blog post , rabbit revealed all offending API keys had been revoked, and claims by the group to have access to source code are unfounded. API issues

    Discussing the results of a third-party code review from Obscurity Labs , rabbit explained, Obscurity Labs findings show that, among other findings, no source code for our AI agent was exposed, no sensitive or valuable
    information was available to an attacker, and authentication tokens that are collected when you log in do not contain the actual username and password being typed.

    In the simplest of terms, alphanumeric API keys allow for the functionality
    of a piece of software to be called within another by a developer. The
    issuing of keys by an API provider helps restrict access, as well as monitor the extent of access being given.

    While were all for employees going rogue and keeping life interesting , we must regretfully award nul points in this instance, because just as API keys can be bred like rabbits, they can also, clearly, be culled like Watership Down .

    The trouble is that the companys marketing department ought to take notes, as I have no idea what a rabbit r1 even is. It takes a learn more link and scrolling three-quarters down the page to reveal that it's a kind of virtual assistant - or pocket companion, as the company insists on calling it.

    Other features, including something called teach mode that they do not explain, are undergoing beta testing, which is the kind of Icarus-tier optimism from deluded tech men (its always men, but I did flick through the keynote and it is actually men here) that we love.

    The rabbit mascot is cute, but, for $199, I need more than that. This is just what business smartphones are now, and the reviewer for TechRadar couldnt
    help pointing out that the rabbit r1 is not good for much, and that they were constantly reaching for [their] phone anyway.

    Overall, I think it's good that rabbit has competent security engineers and public relations writers who can explain the ins and outs of that security in a simple, digestible way. More from TechRadar Pro UK government cancels 1bn
    AI investment plan Almost all tech jobs face major changes with AI Cisco, Google, and Microsoft call for reskilling The importance of API security in the age of generative AI



    ======================================================================
    Link to news story: https://www.techradar.com/pro/rabbit-reveals-data-breach-was-caused-by-employe e-leaking-api-keys


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)