Mastodawn

«Google hält an 82.000-Dollar-Rechnung fest — Entwickler warnt vor API-Key-Sicherheitslücke:
Weil sein API-Key für massenhafte #Gemini-Anfragen missbraucht wurde, soll ein Entwicklerteam jetzt über 82.000 US-Dollar an Google zahlen. Dabei ist der #TechKonzern selbst von dem Problem geleakter #APIKey's betroffen»

Das ist doch mal ein Beispiel wie sicher viele #API's sind. Da ist #Google sicherlich nicht alleine und deren #KI- & #ITSicherheit ist nicht unbedingt simpel.

🧑‍💻 https://t3n.de/news/google-api-key-82000-dollar-1732507/

Google hält an 82.000-Dollar-Rechnung fest: Entwickler warnt vor API-Key-Sicherheitslücke | t3n

Weil sein API-Key für massenhafte Gemini-Anfragen missbraucht wurde, soll ein Entwicklerteam jetzt über 82.000 US-Dollar an Google zahlen. Dabei ist der Tech-Konzern selbst von dem Problem geleakter API-Keys betroffen. In den vergangenen Jahren haben Entwickler:innen API-Keys von Google in vielen Fällen bedenkenlos in ihren Website-Code eingebaut, etwa wenn es um die Einbettung von Maps geht. […]

t3n Magazin

sayzard Apr 1

Joshua Xu (@joshua_xu_)

사용자들에게 API 키가 인간용인지 에이전트용인지 선택하게 했더니 76%가 에이전트용을 선택했다는 내용이다. 별도 기본값 없이 직접 선택하도록 했다는 점에서, AI 에이전트 사용이 빠르게 늘고 있음을 보여주는 흥미로운 지표다.

https://x.com/joshua_xu_/status/2039250060169666839

#aiagent #apikey #llm #developer

Joshua Xu (@joshua_xu_) on X

We asked users to answer whether their API key is for a human or an agent, 76% select an agent p.s: It's not defaulted to any value. users have to pick one.

X (formerly Twitter)

irgendlink Mar 10

Hetzner DNS Zonen-Migration: Zum Thema Api-Key bin ich etwas verwirrt. In der Regel nutze ich das nicht, aber da alles so lange her ist: woran sehe ich, ob ich api-keys bei einzelnen Domains nutzte? Erkenne ich das im Zonefile? Ich könnte einen Kompass brauchen, der mir die richtige Richtung zeigt. Beispiele für die Nutzung von Apikeys würden mich wohl auch Erinnern machen, ob ich welche nutzte.

#dns #hetzner #zonefileMigration #apikey

Script Kiddie Mar 6

Long story short: #Google once said that you could publish this #API #key. Then Google changed the #software and used the key for #billing with #Gemini, its in-house #AI. Of course, there are now many leaked keys and high costs that Google now wants to collect from the owners of the keys. Don't let Google fool you!

see: trufflesecurity.com/blog/googl…

#news #software #money #customer #service #fool #wtf #omg #economy #bigtech #evil #problem #cybersecurity #security #marketing #fail #company #politics #responsibility #bill #cost #leak #apikey

Google API Keys Weren't Secrets. But then Gemini Changed the Rules. ◆ Truffle Security Co.

Google spent over a decade telling developers that Google API keys (like those used in Maps, Firebase, etc.) are not secrets. But that's no longer true.

Christian Feb 26

Google API Keys Weren't Secrets. But then Gemini Changed the Rules.

https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules

#google #apikey #security

Google API Keys Weren't Secrets. But then Gemini Changed the Rules. ◆ Truffle Security Co.

Google spent over a decade telling developers that Google API keys (like those used in Maps, Firebase, etc.) are not secrets. But that's no longer true.

sayzard Feb 18

金のニワトリ (@gosrum)

작성자는 API 키 유출 위험을 줄이기 위한 아이디어로 특정 IP 주소나 MAC 주소에서만 API를 사용 가능하도록 제한하는 방안을 제안했습니다. 이 방법은 키가 유출되더라도 허가된 장비 외부에서는 사용을 막아 보안성을 높일 수 있다는 취지의 제언입니다.

https://x.com/gosrum/status/2024040131926122803

#api #security #apikey #devops

金のニワトリ (@gosrum) on X

素人的な考えとして、特定のIPアドレスとかMACアドレスからしか使えないようにするとかできないのかな？そうすればAPIキーが流出しても、他の人は使えないのでは？

X (formerly Twitter)

Qiita - 人気の記事 Jan 22

API GatewayのAPIキーをSecrets Managerでうまく管理できないかを検討してみた
https://qiita.com/_YukiOgawa/items/33581eeb70e9e3155873?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items

#qiita #AWS #Security #APIGateway #SecretsManager #apikey

API GatewayのAPIキーをSecrets Managerでうまく管理できないかを検討してみた - Qiita

はじめに API GatewayではAPIキーによる認証を設定できます。APIキーを必須としてデプロイしたAPIでは、配布したAPIキーをヘッダーでx-api-keyと指定してリクエストしないと403 Forbiddenで応答されます。 APIキーを使った認証は実装が簡単...

Qiita

Show thread

❀𝓪𝓵𝓬𝓮𝓪𖤐

Jan 5

The fact that I needed v2 search means ...

You cannot #resolve #Misskey or #Sharkey without #apikey / auth #token
=> i.e. you need to be logged in to the cross domain instance

correct me #askfedi
But this s-u-...... is not very cool

Oh why oh why

Reddit Tech VN Bot Dec 30

Tạo công cụ quản lý API key và tính phí theo mức sử dụng cho sản phẩm SaaS. Holdify tự động cấp key, đồng bộ phân quyền theo gói đăng ký, kiểm soát rate limit và theo dõi usage để thanh toán. Kết nối với nhà cung cấp thanh toán (hiện hỗ trợ Polar), tích hợp dễ dàng qua SDK chỉ với một dòng code. Dành cho các nhà phát triển API muốn tiết kiệm thời gian. #SaaS #API #Holdify #DeveloperTool #CôngCụSaaS #APIKey #UsageBasedBilling

https://www.reddit.com/r/SaaS/comments/1pzt29l/i_built_a_tool_to_handl

Reddit Tech VN Bot Dec 29

Sản phẩm beta dính phản ứng bất ngờ về API key: Người dùng cảnh báo nhau đừng nhập vì sợ chi phí phát sinh. Dù có mã hóa, minh bạch, sự tin tưởng không chỉ đến từ kỹ thuật mà cần giao tiếp rõ ràng. Làm sao bạn giảm xa lánh và xây niềm tin với người dùng khi mới khởi đầu?

#Founders #TrustBuilding #APIKey #Startups #KinhNghiệmKhởiNghiệp #XâyDựngNiềmTin #CôngNghệ #LậpTrình

https://www.reddit.com/r/SaaS/comments/1py76uj/how_did_you_build_trust_when_your_product/