Reddit’s API Price Hikes (Plus CrowdStrike’s AI and Chrome’s Big Bounty) | 2MTB June 2nd, 2023
In Today’s Tech News:
- Reddit’s API Price Hikes
- CrowdStrike’s Security AI, Charlotte
- Google Triples Chrome Exploit Bounty
- Motherboards Sold with a Backdoor
Reddit’s API Price Hikes
Reddit is showing signs of mutiny as Apollo creator Christian Selig posted about upcoming Reddit API price changes.
Apollo is a 3rd-party Reddit browsing app known for its customization, affordable ad-free subscription, and user-friendly experience.
In the post found in our sources in the description below, Selig unveiled the new API price of $12,000 per 50 million requests.
To put that into perspective, Imgur, the image-sharing platform has a similar pricing model with very different pricing as 50 million image requests come in at $166, or about 1.38% of the cost.
Mr. Selig did a fantastic breakdown estimation that resulted in 1st party users having a value of about $0.12/month and 3rd party users having over 20x the value at $2.50/month.
This came months after Twitter’s price hikes to $42,000 per 50 million requests but the company stated that they will be “A) reasonable and based in reality, and B) they would not operate like Twitter”
We will have to wait and see Reddit’s official response.
Sources:
CrowdStrike’s Security AI, Charlotte
Crowdstrike is joining the AI arms race by unveiling their security-focused generative AI called Charlotte.
The model will accept natural language questions and prompts to interact with the Falcon platform enabling users with minimal experience to become power users.
Charlotte is designed to help at every level of the organization including enabling IT helpdesk workers to ask if specific software is safe, assisting security analysts in threat-hunting efforts, enabling executives to get real-time domain-wide security reports, and assisting engineers in automating mundane manual security tasks.
The training data CrowdStrike has revealed includes their deep intelligence knowledge base, Falcon’s XDR telemetry, and hundreds of thousands of human-to-human interactions their internal security and engagement teams have recorded.
Charlotte is currently in a closed private customer preview.
Sources:
Google Triples Chrome Exploit Bounty
If you are proficient in exploiting web browsers, you may be interested in Google’s new exploit bounty payout!
The giant is tripling the bounty for a functional full-chain exploit resulting in a Chrome sandbox escape to the first hacker to accomplish it by December 1st.
The payout is expected to be up to $180,000.
Once the first bounty has been paid, all other functional full-chain exploits resulting in a Chrome sandbox escape will payout double (up to $120,000) all the way til December 1st.
Both the blog announcement from Google Chrome Security Team member Amy Ressler and the Chrome Vulnerability Reward Program reward matrix will be in our sources in the description below.
Sources:
Motherboards Sold with a Backdoor
Eclypsium researchers have discovered Gigabyte motherboards sold recently come with the bonus feature of an insecure backdoor.
The UEFI firmware, or the code that tells the PC how to load the OS, would load and run an updater program on start-up that in turn would download and execute software without the operating system’s knowledge.
While not intended to be malicious, the update mechanism was downloading code without proper authentication and sometimes downloading over http instead of https.
This can lead to a very simple man-in-the-middle attack being carried out before your operating system is done spinning up.
271 models have been affected including both AMD and Intel-compatible boards.
The full list of affected motherboards can be found in our sources.
To mitigate your risk of this exploit according to Eclypsium…
- Scan and monitor systems and firmware updates in order to detect affected Gigabyte systems and the backdoor-like tools embedded in firmware.
- Update systems to the latest validated firmware and software in order to address security issues like this one.
- Inspect and disable the “APP Center Download & Install” feature in UEFI/BIOS Setup on Gigabyte systems
- Set a BIOS password to deter malicious changes.
- Administrators can also block the following URLs:
Sources:
What Are Your Thoughts?
- Is Reddit trying to kill 3rd party apps or correctly value their API?
- When will the $180,000 bug bounty be claimed?
- If a tree falls in a forest, does it make a sound?
Let us know your thoughts in the comments at the bottom of the page!