Odds and Ends 

Uber fixes bug that exposed third-party app secrets

Uber has fixed a bug that allowed access to the secret developer tokens of apps that integrated with the ridesharing service, according to the security researchers who discovered the flaw. In a blog post, Anand Prakash and Manisha Sangwan explained that a vulnerable developer endpoint on Uber’s back-end systems — since locked down — was mistakenly spitting back client secrets and server tokens for apps authorized by the Uber account owner. Client secrets and server tokens are considered highly sensitive bits of information for developers, as they allow apps to communicate…

Read More