{"id":974,"date":"2014-11-25T18:25:54","date_gmt":"2014-11-25T18:25:54","guid":{"rendered":"http:\/\/www.gironsec.com\/blog\/?p=974"},"modified":"2014-11-27T04:35:50","modified_gmt":"2014-11-27T04:35:50","slug":"what-the-hell-uber-uncool-bro","status":"publish","type":"post","link":"https:\/\/www.gironsec.com\/blog\/2014\/11\/what-the-hell-uber-uncool-bro\/","title":{"rendered":"What the hell Uber? Uncool bro."},"content":{"rendered":"<p><a href=\"http:\/\/www.gironsec.com\/blog\/wp-content\/uploads\/2014\/11\/New-Logo-Vertical-Dark.jpg\"><img decoding=\"async\" loading=\"lazy\" src=\"http:\/\/www.gironsec.com\/blog\/wp-content\/uploads\/2014\/11\/New-Logo-Vertical-Dark.jpg\" alt=\"New-Logo-Vertical-Dark\" width=\"300\" height=\"300\" class=\"alignnone size-full wp-image-977\" srcset=\"https:\/\/www.gironsec.com\/blog\/wp-content\/uploads\/2014\/11\/New-Logo-Vertical-Dark.jpg 300w, https:\/\/www.gironsec.com\/blog\/wp-content\/uploads\/2014\/11\/New-Logo-Vertical-Dark-150x150.jpg 150w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>Howdy ho! <\/p>\n<p>This is one of those interim posts where I&#8217;m not posting something cool, but rather something that&#8217;s bothering me. You know, like a blog post?<\/p>\n<p>Anyways, I downloaded Uber the other day and its pretty cool and handy. The only qualm I had was with all the permissions it asked for. <\/p>\n<p>You can see the permissions the app wants to use by viewing the &#8220;AndroidManifest.xml&#8221; file inside the APK. just open the thing with 7zip and view it. Unfortunately doing this will yield garbage data. <a href=\"http:\/\/www.gironsec.com\/blog\/wp-content\/uploads\/2014\/11\/droid1.png\"><img decoding=\"async\" loading=\"lazy\" src=\"http:\/\/www.gironsec.com\/blog\/wp-content\/uploads\/2014\/11\/droid1-300x102.png\" alt=\"droid1\" width=\"300\" height=\"102\" class=\"alignnone size-medium wp-image-975\" srcset=\"https:\/\/www.gironsec.com\/blog\/wp-content\/uploads\/2014\/11\/droid1-300x102.png 300w, https:\/\/www.gironsec.com\/blog\/wp-content\/uploads\/2014\/11\/droid1-1024x350.png 1024w, https:\/\/www.gironsec.com\/blog\/wp-content\/uploads\/2014\/11\/droid1.png 1104w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>The easiest way I&#8217;ve seen is to use a tool like <a href=\"https:\/\/code.google.com\/p\/xml-apk-parser\" target=\"_blank\">xml-apk-parser<\/a>.<br \/>\n<a href=\"http:\/\/www.gironsec.com\/blog\/wp-content\/uploads\/2014\/11\/droid2.png\"><img decoding=\"async\" loading=\"lazy\" src=\"http:\/\/www.gironsec.com\/blog\/wp-content\/uploads\/2014\/11\/droid2-276x300.png\" alt=\"droid2\" width=\"276\" height=\"300\" class=\"alignnone size-medium wp-image-976\" srcset=\"https:\/\/www.gironsec.com\/blog\/wp-content\/uploads\/2014\/11\/droid2-276x300.png 276w, https:\/\/www.gironsec.com\/blog\/wp-content\/uploads\/2014\/11\/droid2-945x1024.png 945w, https:\/\/www.gironsec.com\/blog\/wp-content\/uploads\/2014\/11\/droid2.png 997w\" sizes=\"(max-width: 276px) 100vw, 276px\" \/><\/a><\/p>\n<p>Now we can get a clearer picture of what the heck it wants permission to use:<br \/>\n<!-- HTML generated using hilite.me --><\/p>\n<div style=\"background: #ffffff; overflow:auto;width:auto;border:solid gray;border-width:.1em .1em .1em .8em;padding:.2em .6em;\">\n<pre style=\"margin: 0; line-height: 125%\"><span style=\"color: #000080; font-weight: bold\">&lt;uses-permission<\/span> <span style=\"color: #FF0000\">android:name=<\/span><span style=\"color: #0000FF\">&quot;android.permission.ACCESS_COARSE_LOCATION&quot;<\/span><span style=\"color: #000080; font-weight: bold\">&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;\/uses-permission&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;uses-permission<\/span> <span style=\"color: #FF0000\">android:name=<\/span><span style=\"color: #0000FF\">&quot;android.permission.ACCESS_FINE_LOCATION&quot;<\/span><span style=\"color: #000080; font-weight: bold\">&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;\/uses-permission&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;uses-permission<\/span> <span style=\"color: #FF0000\">android:name=<\/span><span style=\"color: #0000FF\">&quot;android.permission.ACCESS_NETWORK_STATE&quot;<\/span><span style=\"color: #000080; font-weight: bold\">&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;\/uses-permission&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;uses-permission<\/span> <span style=\"color: #FF0000\">android:name=<\/span><span style=\"color: #0000FF\">&quot;android.permission.ACCESS_WIFI_STATE&quot;<\/span><span style=\"color: #000080; font-weight: bold\">&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;\/uses-permission&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;uses-permission<\/span> <span style=\"color: #FF0000\">android:name=<\/span><span style=\"color: #0000FF\">&quot;android.permission.CALL_PHONE&quot;<\/span><span style=\"color: #000080; font-weight: bold\">&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;\/uses-permission&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;uses-permission<\/span> <span style=\"color: #FF0000\">android:name=<\/span><span style=\"color: #0000FF\">&quot;android.permission.CAMERA&quot;<\/span><span style=\"color: #000080; font-weight: bold\">&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;\/uses-permission&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;uses-permission<\/span> <span style=\"color: #FF0000\">android:name=<\/span><span style=\"color: #0000FF\">&quot;android.permission.GET_ACCOUNTS&quot;<\/span><span style=\"color: #000080; font-weight: bold\">&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;\/uses-permission&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;uses-permission<\/span> <span style=\"color: #FF0000\">android:name=<\/span><span style=\"color: #0000FF\">&quot;android.permission.INTERNET&quot;<\/span><span style=\"color: #000080; font-weight: bold\">&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;\/uses-permission&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;uses-permission<\/span> <span style=\"color: #FF0000\">android:name=<\/span><span style=\"color: #0000FF\">&quot;android.permission.MANAGE_ACCOUNTS&quot;<\/span><span style=\"color: #000080; font-weight: bold\">&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;\/uses-permission&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;uses-permission<\/span> <span style=\"color: #FF0000\">android:name=<\/span><span style=\"color: #0000FF\">&quot;android.permission.READ_CONTACTS&quot;<\/span><span style=\"color: #000080; font-weight: bold\">&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;\/uses-permission&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;uses-permission<\/span> <span style=\"color: #FF0000\">android:name=<\/span><span style=\"color: #0000FF\">&quot;android.permission.READ_PHONE_STATE&quot;<\/span><span style=\"color: #000080; font-weight: bold\">&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;\/uses-permission&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;uses-permission<\/span> <span style=\"color: #FF0000\">android:name=<\/span><span style=\"color: #0000FF\">&quot;android.permission.USE_CREDENTIALS&quot;<\/span><span style=\"color: #000080; font-weight: bold\">&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;\/uses-permission&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;uses-permission<\/span> <span style=\"color: #FF0000\">android:name=<\/span><span style=\"color: #0000FF\">&quot;android.permission.VIBRATE&quot;<\/span><span style=\"color: #000080; font-weight: bold\">&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;\/uses-permission&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;uses-permission<\/span> <span style=\"color: #FF0000\">android:name=<\/span><span style=\"color: #0000FF\">&quot;android.permission.WRITE_SETTINGS&quot;<\/span><span style=\"color: #000080; font-weight: bold\">&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;\/uses-permission&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;uses-permission<\/span> <span style=\"color: #FF0000\">android:name=<\/span><span style=\"color: #0000FF\">&quot;android.permission.WRITE_EXTERNAL_STORAGE&quot;<\/span><span style=\"color: #000080; font-weight: bold\">&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;\/uses-permission&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;uses-permission<\/span> <span style=\"color: #FF0000\">android:name=<\/span><span style=\"color: #0000FF\">&quot;com.google.android.providers.gsf.permission.READ_GSERVICES&quot;<\/span><span style=\"color: #000080; font-weight: bold\">&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;\/uses-permission&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;permission<\/span> <span style=\"color: #FF0000\">android:name=<\/span><span style=\"color: #0000FF\">&quot;com.ubercab.permission.C2D_MESSAGE&quot;<\/span> <span style=\"color: #FF0000\">android:protectionLevel=<\/span><span style=\"color: #0000FF\">&quot;0x00000002&quot;<\/span><span style=\"color: #000080; font-weight: bold\">&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;\/permission&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;permission<\/span> <span style=\"color: #FF0000\">android:name=<\/span><span style=\"color: #0000FF\">&quot;com.ubercab.permission.NOTIFY_ACTION&quot;<\/span> <span style=\"color: #FF0000\">android:protectionLevel=<\/span><span style=\"color: #0000FF\">&quot;0x00000002&quot;<\/span><span style=\"color: #000080; font-weight: bold\">&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;\/permission&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;uses-permission<\/span> <span style=\"color: #FF0000\">android:name=<\/span><span style=\"color: #0000FF\">&quot;com.ubercab.permission.C2D_MESSAGE&quot;<\/span><span style=\"color: #000080; font-weight: bold\">&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;\/uses-permission&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;uses-permission<\/span> <span style=\"color: #FF0000\">android:name=<\/span><span style=\"color: #0000FF\">&quot;com.google.android.c2dm.permission.RECEIVE&quot;<\/span><span style=\"color: #000080; font-weight: bold\">&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;\/uses-permission&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;uses-permission<\/span> <span style=\"color: #FF0000\">android:name=<\/span><span style=\"color: #0000FF\">&quot;android.permission.WAKE_LOCK&quot;<\/span><span style=\"color: #000080; font-weight: bold\">&gt;<\/span>\r\n<span style=\"color: #000080; font-weight: bold\">&lt;\/uses-permission&gt;<\/span>\r\n<\/pre>\n<\/div>\n<p>Christ man! Why the hell would it want access to my camera, my phone calls, my wifi neighbors, my accounts, etc? We&#8217;ll see in just a second.<\/p>\n<p><!-- HTML generated using hilite.me --><\/p>\n<div style=\"background: #ffffff; overflow:auto;width:auto;border:solid gray;border-width:.1em .1em .1em .8em;padding:.2em .6em;\">\n<pre style=\"margin: 0; line-height: 125%\"><span style=\"color: #000080; font-weight: bold\">public<\/span> <span style=\"color: #000080; font-weight: bold\">void<\/span> run()\r\n      {\r\n        Looper.<span style=\"color: #FF0000\">prepare<\/span>();\r\n        InAuthManager.<span style=\"color: #FF0000\">getInstance<\/span>().<span style=\"color: #FF0000\">updateLogConfig<\/span>(<span style=\"color: #000080; font-weight: bold\">this<\/span>.<span style=\"color: #FF0000\">val<\/span>$URL, <span style=\"color: #000080; font-weight: bold\">this<\/span>.<span style=\"color: #FF0000\">val<\/span>$acctGUID);\r\n        InAuthManager.<span style=\"color: #FF0000\">getInstance<\/span>().<span style=\"color: #FF0000\">sendAccountsLog<\/span>(<span style=\"color: #000080; font-weight: bold\">this<\/span>.<span style=\"color: #FF0000\">val<\/span>$transID);\r\n        InAuthManager.<span style=\"color: #FF0000\">getInstance<\/span>().<span style=\"color: #FF0000\">sendAppActivityLog<\/span>(<span style=\"color: #000080; font-weight: bold\">this<\/span>.<span style=\"color: #FF0000\">val<\/span>$transID);\r\n        InAuthManager.<span style=\"color: #FF0000\">getInstance<\/span>().<span style=\"color: #FF0000\">sendAppDataUsageLog<\/span>(<span style=\"color: #000080; font-weight: bold\">this<\/span>.<span style=\"color: #FF0000\">val<\/span>$transID);\r\n        InAuthManager.<span style=\"color: #FF0000\">getInstance<\/span>().<span style=\"color: #FF0000\">sendAppInstallLog<\/span>(<span style=\"color: #000080; font-weight: bold\">this<\/span>.<span style=\"color: #FF0000\">val<\/span>$transID);\r\n        InAuthManager.<span style=\"color: #FF0000\">getInstance<\/span>().<span style=\"color: #FF0000\">sendBatteryLog<\/span>(<span style=\"color: #000080; font-weight: bold\">this<\/span>.<span style=\"color: #FF0000\">val<\/span>$transID);\r\n        InAuthManager.<span style=\"color: #FF0000\">getInstance<\/span>().<span style=\"color: #FF0000\">sendDeviceInfoLog<\/span>(<span style=\"color: #000080; font-weight: bold\">this<\/span>.<span style=\"color: #FF0000\">val<\/span>$transID, <span style=\"color: #000080; font-weight: bold\">true<\/span>);\r\n        InAuthManager.<span style=\"color: #FF0000\">getInstance<\/span>().<span style=\"color: #FF0000\">sendGPSLog<\/span>(<span style=\"color: #000080; font-weight: bold\">this<\/span>.<span style=\"color: #FF0000\">val<\/span>$transID, <span style=\"color: #000080; font-weight: bold\">true<\/span>);\r\n        InAuthManager.<span style=\"color: #FF0000\">getInstance<\/span>().<span style=\"color: #FF0000\">sendMMSLog<\/span>(<span style=\"color: #000080; font-weight: bold\">this<\/span>.<span style=\"color: #FF0000\">val<\/span>$transID);\r\n        InAuthManager.<span style=\"color: #FF0000\">getInstance<\/span>().<span style=\"color: #FF0000\">sendNetDataLog<\/span>(<span style=\"color: #000080; font-weight: bold\">this<\/span>.<span style=\"color: #FF0000\">val<\/span>$transID);\r\n        InAuthManager.<span style=\"color: #FF0000\">getInstance<\/span>().<span style=\"color: #FF0000\">sendPhoneCallLog<\/span>(<span style=\"color: #000080; font-weight: bold\">this<\/span>.<span style=\"color: #FF0000\">val<\/span>$transID);\r\n        InAuthManager.<span style=\"color: #FF0000\">getInstance<\/span>().<span style=\"color: #FF0000\">sendSMSLog<\/span>(<span style=\"color: #000080; font-weight: bold\">this<\/span>.<span style=\"color: #FF0000\">val<\/span>$transID);\r\n        InAuthManager.<span style=\"color: #FF0000\">getInstance<\/span>().<span style=\"color: #FF0000\">sendTelephonyInfoLog<\/span>(<span style=\"color: #000080; font-weight: bold\">this<\/span>.<span style=\"color: #FF0000\">val<\/span>$transID, <span style=\"color: #000080; font-weight: bold\">true<\/span>);\r\n        InAuthManager.<span style=\"color: #FF0000\">getInstance<\/span>().<span style=\"color: #FF0000\">sendWifiConnectionLog<\/span>(<span style=\"color: #000080; font-weight: bold\">this<\/span>.<span style=\"color: #FF0000\">val<\/span>$transID);\r\n        InAuthManager.<span style=\"color: #FF0000\">getInstance<\/span>().<span style=\"color: #FF0000\">sendWifiNeighborsLog<\/span>(<span style=\"color: #000080; font-weight: bold\">this<\/span>.<span style=\"color: #FF0000\">val<\/span>$transID);\r\n      }\r\n    });\r\n<\/pre>\n<\/div>\n<p>Why the hell is this here? What&#8217;s it sending? Why? Where? I don&#8217;t remember agreeing to allow uber accedes to my phone calls and sms messages. Bad NSA-Uber. <\/p>\n<p>There&#8217;s a lot of code to go over. The thing is about 7.5 MB of classes. In fact, the code I snagged from above comes from about 1100 lines of code. See <a href=\"http:\/\/www.gironsec.com\/blog\/wp-content\/uploads\/2014\/11\/InAuthManager.txt\"> for yourself<\/a>. I especially liked the &#8216;hasHeartbleedVulnerability()&#8217; method. Why do they want to know that? Later exploitation?<\/p>\n<p>Going through the licenses.html file in the apk file, theres a software suite missing.<br \/>\n<a href=\"http:\/\/www.gironsec.com\/blog\/wp-content\/uploads\/2014\/11\/droid4.png\"><img decoding=\"async\" loading=\"lazy\" src=\"http:\/\/www.gironsec.com\/blog\/wp-content\/uploads\/2014\/11\/droid4-300x219.png\" alt=\"droid4\" width=\"300\" height=\"219\" class=\"alignnone size-medium wp-image-979\" srcset=\"https:\/\/www.gironsec.com\/blog\/wp-content\/uploads\/2014\/11\/droid4-300x219.png 300w, https:\/\/www.gironsec.com\/blog\/wp-content\/uploads\/2014\/11\/droid4-1024x747.png 1024w, https:\/\/www.gironsec.com\/blog\/wp-content\/uploads\/2014\/11\/droid4.png 1389w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a><br \/>\nSee it? Stericson.RootTools<\/p>\n<p>Google helps:<br \/>\n<a href=\"http:\/\/www.gironsec.com\/blog\/wp-content\/uploads\/2014\/11\/droid3.png\"><img decoding=\"async\" loading=\"lazy\" src=\"http:\/\/www.gironsec.com\/blog\/wp-content\/uploads\/2014\/11\/droid3-300x128.png\" alt=\"droid3\" width=\"300\" height=\"128\" class=\"alignnone size-medium wp-image-980\" srcset=\"https:\/\/www.gironsec.com\/blog\/wp-content\/uploads\/2014\/11\/droid3-300x128.png 300w, https:\/\/www.gironsec.com\/blog\/wp-content\/uploads\/2014\/11\/droid3.png 946w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>Why the hell would they need this? I know I keep asking questions, but here&#8217;s some answers: Uber checks to see if your device is rooted. It doesn&#8217;t tell you of course, it just wants to know so it can phone home and tell them about it. I also saw checks for malware, application activity and a bunch of other stuff.<\/p>\n<p>[Correction] They use REST, not webdav. Thanks to everyone who pointed that out. Derp. <\/p>\n<p>Like I said before, there&#8217;s a lot of data here to go through. Maybe Uber evil. Maybe Uber isn&#8217;t sending a bunch of data off to their collection servers for harvesting. Maybe I&#8217;m just paranoid. <\/p>\n<p>Stay tuned for my next post, its gonna be good. I know I said that last time, but this is more of a blog post than an actual post. <\/p>\n<p><a href=\"http:\/\/www.gironsec.com\/blog\/wp-content\/uploads\/2014\/11\/1405103297032.jpg\"><img decoding=\"async\" loading=\"lazy\" src=\"http:\/\/www.gironsec.com\/blog\/wp-content\/uploads\/2014\/11\/1405103297032.jpg\" alt=\"1405103297032\" width=\"450\" height=\"2841\" class=\"alignnone size-full wp-image-984\" srcset=\"https:\/\/www.gironsec.com\/blog\/wp-content\/uploads\/2014\/11\/1405103297032.jpg 450w, https:\/\/www.gironsec.com\/blog\/wp-content\/uploads\/2014\/11\/1405103297032-162x1024.jpg 162w\" sizes=\"(max-width: 450px) 100vw, 450px\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Howdy ho! This is one of those interim posts where I&#8217;m not posting something cool, but rather something that&#8217;s bothering me. You know, like a blog post? Anyways, I downloaded Uber the other day and its pretty cool and handy. The only qualm I had was with all the permissions it asked for. You can [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[4,7],"tags":[96],"_links":{"self":[{"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/posts\/974"}],"collection":[{"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/comments?post=974"}],"version-history":[{"count":7,"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/posts\/974\/revisions"}],"predecessor-version":[{"id":988,"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/posts\/974\/revisions\/988"}],"wp:attachment":[{"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/media?parent=974"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/categories?post=974"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/tags?post=974"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}