{"id":2866,"date":"2021-08-16T21:43:40","date_gmt":"2021-08-16T16:13:40","guid":{"rendered":"https:\/\/xiarch.com\/blog\/?p=2866"},"modified":"2021-08-16T21:43:42","modified_gmt":"2021-08-16T16:13:42","slug":"the-ford-flaw-revealed-customers-and-employee-records-from-internal-systems","status":"publish","type":"post","link":"https:\/\/xiarch.com\/blog\/the-ford-flaw-revealed-customers-and-employee-records-from-internal-systems\/","title":{"rendered":"The Ford Flaw Revealed Customers and Employee Records from Internal Systems"},"content":{"rendered":"\n<p><p style=\"text-align: justify;\">A flaw on Ford Motor Company\u2019s website permitted for accessing critical systems and accessing custody information, such as customer database, employee records, internal tickets, etc.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">The data revealed arises from a misconfigured instance of the Pega Infinity customer engagement system running on Ford\u2019s servers.<\/p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>From Data Exfiltration to Account Takeovers<\/strong><\/h2>\n\n\n\n<p><p style=\"text-align: justify;\">This week, investigators have revealed a vulnerability found on Ford\u2019s website that permits them to peek into confidential company records, databases and execute account takeovers. This vulnerability was founded by Robert Willis and break3r, with further acceptance and support facilitated by members of Sakura Samurai the ethical hacking group \u2013 Aubrey Cottle, Jackson Henry, and John Jackson.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">The issue is caused by CVE-2021-27653, detailed exposure vulnerability in improperly configured Pega Infinity customer management system instances. Investigators also shared many screenshots of Ford\u2019s internal systems and database with our experts. Such as the Company\u2019s Ticketing System is shown below:<\/p><\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img decoding=\"async\" loading=\"lazy\" width=\"1024\" height=\"557\" src=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/08\/The-Ford-Flaw-Revealed-Customers-and-Employee-Records-from-Internal-Systems-image1-1024x557.jpg\" alt=\"The-Ford-Flaw-Revealed-Customers-and-Employee-Records-from-Internal-Systems-image1 \" class=\"wp-image-2870\" srcset=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/08\/The-Ford-Flaw-Revealed-Customers-and-Employee-Records-from-Internal-Systems-image1-1024x557.jpg 1024w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/08\/The-Ford-Flaw-Revealed-Customers-and-Employee-Records-from-Internal-Systems-image1-300x163.jpg 300w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/08\/The-Ford-Flaw-Revealed-Customers-and-Employee-Records-from-Internal-Systems-image1-768x418.jpg 768w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/08\/The-Ford-Flaw-Revealed-Customers-and-Employee-Records-from-Internal-Systems-image1-1536x836.jpg 1536w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/08\/The-Ford-Flaw-Revealed-Customers-and-Employee-Records-from-Internal-Systems-image1.jpg 1600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n\n<p><p style=\"text-align: justify;\">To exploit the issues, the threat actor would first have to access the backend web panel of a misconfigured Pega Chat Access Group portal instance: <\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\"><a href=\"https:\/\/www.rpa-pega-1.ford.com\/prweb\/PRChat\/app\/RPACHAT_4089\/bD8qH******bIw4Prb*\/!RPACHAT\/$STANDARD\">https:\/\/www.rpa-pega-1.ford.com\/prweb\/PRChat\/app\/RPACHAT_4089\/bD8qH******bIw4Prb*\/!RPACHAT\/$STANDARD<\/a><\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">As seen by our experts, different payloads facilitated as URL arguments could enable threat actors to execute queries, retrieve database tables, OAuth access tokens, and execute administrative actions. The researchers state that some of the revealed assets contained critical Personal Identifiable Information (PII), and consisted of:<\/p><\/p>\n\n\n\n<ul><li>Customer and employee records<\/li><li>Finance account numbers<\/li><li>Database names and tables<\/li><li>OAuth access tokens<\/li><li>Internal support tickets<\/li><li>User profiles within the organization<\/li><li>Pulse actions<\/li><li>Internal interfaces<\/li><li>Search bar history<\/li><\/ul>\n\n\n\n<p><p style=\"text-align: justify;\">\u201cThe impact was large in scale. Threat actors could utilize the vulnerabilities discovered in the broken access control and generate troves of critical records, perform account takeovers, and obtain a substantial amount of information,\u201d Willis states in a blog posting.<\/p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Took six months to \u2018Force-Disclose\u2019<\/strong><\/h2>\n\n\n\n<p><p style=\"text-align: justify;\">In February 2021, the investigators had reported their searches to Pega that fixed the CVE in their chat portal relatively quickly. The concern was also reported to Ford around a similar time via their HackerOne vulnerability disclosure program. But the researcher told our experts that communications from Ford was thin and a bit faded as the responsible disclosure timeline progressed:<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">\u201cAt one point in time, they absolutely stopped answering the questions. It seems that HackerOne arbitration to get the first response on our responsibility submission from Ford,\u201d John Jackson told our experts in an email interview. Jackson told that as the disclosure timeline progressed further, the investigator heard back from HackerOne only after tweeting about the bug, but without giving out any critical details:<\/p><\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img decoding=\"async\" loading=\"lazy\" width=\"545\" height=\"412\" src=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/08\/The-Ford-Flaw-Revealed-Customers-and-Employee-Records-from-Internal-Systems-image2.png\" alt=\"The-Ford-Flaw-Revealed-Customers-and-Employee-Records-from-Internal-Systems-image2\" class=\"wp-image-2871\" srcset=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/08\/The-Ford-Flaw-Revealed-Customers-and-Employee-Records-from-Internal-Systems-image2.png 545w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/08\/The-Ford-Flaw-Revealed-Customers-and-Employee-Records-from-Internal-Systems-image2-300x227.png 300w\" sizes=\"(max-width: 545px) 100vw, 545px\" \/><\/figure><\/div>\n\n\n\n<p><p style=\"text-align: justify;\">&#8220;When the vulnerability was marked as resolved, Ford ignored our disclosure request. Subsequently, HackerOne mediation ignored our request for help disclosing which can be seen in the PDF.&#8221;<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">&#8220;We had to wait the full six months to force disclose per HackerOne&#8217;s policy out of fear of the law and negative repercussions,&#8221; continued Jackson. At this time, Ford&#8217;s vulnerability disclosure program does not offer monetary incentives or bug bounties, so a coordinated disclosure in light of public interest was the only &#8220;reward&#8221; researchers were hoping for.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">A copy of the disclosure report shared with our experts shows Ford refrained from commenting on specific security-related actions. &#8220;The findings you submitted&#8230; are considered private. These vulnerability reports are intended to prevent compromises which may require disclosure.&#8221;<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">&#8220;In this scenario, the system was taken offline shortly after you submitted your findings to HackerOne,&#8221; Ford shared with HackerOne and the researchers, as per the discussion in the PDF. Although the endpoints were taken offline by Ford within 24 hours of the report, the researchers comment in the same report that the endpoints remained accessible even afterward, and requested another review and remediation.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">It is not yet known if any threat actors exploited the vulnerability to breach systems at Ford, or if the sensitive customer\/employee PII was accessed. Our experts reached out to Ford multiple times well in advance of publishing but we did not hear back.<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A flaw on Ford Motor Company\u2019s website permitted for accessing critical systems and accessing custody information, such as customer database, employee records, internal tickets, etc. The data revealed arises from a misconfigured instance of the Pega Infinity customer engagement system running on Ford\u2019s servers. From Data Exfiltration to Account Takeovers This week, investigators have revealed [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":2872,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.11 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>The Ford Flaw Revealed Customers and Employee Records from Internal Systems - Xiarch Solutions Private Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiarch.com\/blog\/the-ford-flaw-revealed-customers-and-employee-records-from-internal-systems\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Ford Flaw Revealed Customers and Employee Records from Internal Systems - Xiarch Solutions Private Limited\" \/>\n<meta property=\"og:description\" content=\"A flaw on Ford Motor Company\u2019s website permitted for accessing critical systems and accessing custody information, such as customer database, employee records, internal tickets, etc. The data revealed arises from a misconfigured instance of the Pega Infinity customer engagement system running on Ford\u2019s servers. From Data Exfiltration to Account Takeovers This week, investigators have revealed [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiarch.com\/blog\/the-ford-flaw-revealed-customers-and-employee-records-from-internal-systems\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiarch Solutions Private Limited\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xiarch\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-08-16T16:13:40+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-08-16T16:13:42+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/08\/The-Ford-Flaw-Revealed-Customers-and-Employee-Records-from-Internal-Systems-featured-image.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Xiarch Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xiarch\" \/>\n<meta name=\"twitter:site\" content=\"@xiarch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Xiarch Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/xiarch.com\/blog\/the-ford-flaw-revealed-customers-and-employee-records-from-internal-systems\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/the-ford-flaw-revealed-customers-and-employee-records-from-internal-systems\/\"},\"author\":{\"name\":\"Xiarch Security\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\"},\"headline\":\"The Ford Flaw Revealed Customers and Employee Records from Internal Systems\",\"datePublished\":\"2021-08-16T16:13:40+00:00\",\"dateModified\":\"2021-08-16T16:13:42+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/xiarch.com\/blog\/the-ford-flaw-revealed-customers-and-employee-records-from-internal-systems\/\"},\"wordCount\":679,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"articleSection\":[\"Vulnerabilities\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/xiarch.com\/blog\/the-ford-flaw-revealed-customers-and-employee-records-from-internal-systems\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/xiarch.com\/blog\/the-ford-flaw-revealed-customers-and-employee-records-from-internal-systems\/\",\"url\":\"https:\/\/xiarch.com\/blog\/the-ford-flaw-revealed-customers-and-employee-records-from-internal-systems\/\",\"name\":\"The Ford Flaw Revealed Customers and Employee Records from Internal Systems - Xiarch Solutions Private Limited\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#website\"},\"datePublished\":\"2021-08-16T16:13:40+00:00\",\"dateModified\":\"2021-08-16T16:13:42+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/xiarch.com\/blog\/the-ford-flaw-revealed-customers-and-employee-records-from-internal-systems\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/xiarch.com\/blog\/the-ford-flaw-revealed-customers-and-employee-records-from-internal-systems\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/xiarch.com\/blog\/the-ford-flaw-revealed-customers-and-employee-records-from-internal-systems\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/xiarch.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The Ford Flaw Revealed Customers and Employee Records from Internal Systems\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/xiarch.com\/blog\/#website\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"name\":\"Xiarch Solutions Private Limited\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/xiarch.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\",\"name\":\"Xiarch\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"contentUrl\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"width\":300,\"height\":300,\"caption\":\"Xiarch\"},\"image\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/xiarch\/\",\"https:\/\/twitter.com\/xiarch\",\"https:\/\/www.linkedin.com\/company\/xiarch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\",\"name\":\"Xiarch Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"caption\":\"Xiarch Security\"},\"sameAs\":[\"https:\/\/xiarch.com\/blog\/\"],\"url\":\"https:\/\/xiarch.com\/blog\/author\/vector\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The Ford Flaw Revealed Customers and Employee Records from Internal Systems - Xiarch Solutions Private Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiarch.com\/blog\/the-ford-flaw-revealed-customers-and-employee-records-from-internal-systems\/","og_locale":"en_US","og_type":"article","og_title":"The Ford Flaw Revealed Customers and Employee Records from Internal Systems - Xiarch Solutions Private Limited","og_description":"A flaw on Ford Motor Company\u2019s website permitted for accessing critical systems and accessing custody information, such as customer database, employee records, internal tickets, etc. The data revealed arises from a misconfigured instance of the Pega Infinity customer engagement system running on Ford\u2019s servers. From Data Exfiltration to Account Takeovers This week, investigators have revealed [&hellip;]","og_url":"https:\/\/xiarch.com\/blog\/the-ford-flaw-revealed-customers-and-employee-records-from-internal-systems\/","og_site_name":"Xiarch Solutions Private Limited","article_publisher":"https:\/\/www.facebook.com\/xiarch\/","article_published_time":"2021-08-16T16:13:40+00:00","article_modified_time":"2021-08-16T16:13:42+00:00","og_image":[{"width":1000,"height":525,"url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/08\/The-Ford-Flaw-Revealed-Customers-and-Employee-Records-from-Internal-Systems-featured-image.png","type":"image\/png"}],"author":"Xiarch Security","twitter_card":"summary_large_image","twitter_creator":"@xiarch","twitter_site":"@xiarch","twitter_misc":{"Written by":"Xiarch Security","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiarch.com\/blog\/the-ford-flaw-revealed-customers-and-employee-records-from-internal-systems\/#article","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/the-ford-flaw-revealed-customers-and-employee-records-from-internal-systems\/"},"author":{"name":"Xiarch Security","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c"},"headline":"The Ford Flaw Revealed Customers and Employee Records from Internal Systems","datePublished":"2021-08-16T16:13:40+00:00","dateModified":"2021-08-16T16:13:42+00:00","mainEntityOfPage":{"@id":"https:\/\/xiarch.com\/blog\/the-ford-flaw-revealed-customers-and-employee-records-from-internal-systems\/"},"wordCount":679,"commentCount":0,"publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"articleSection":["Vulnerabilities"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xiarch.com\/blog\/the-ford-flaw-revealed-customers-and-employee-records-from-internal-systems\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xiarch.com\/blog\/the-ford-flaw-revealed-customers-and-employee-records-from-internal-systems\/","url":"https:\/\/xiarch.com\/blog\/the-ford-flaw-revealed-customers-and-employee-records-from-internal-systems\/","name":"The Ford Flaw Revealed Customers and Employee Records from Internal Systems - Xiarch Solutions Private Limited","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/#website"},"datePublished":"2021-08-16T16:13:40+00:00","dateModified":"2021-08-16T16:13:42+00:00","breadcrumb":{"@id":"https:\/\/xiarch.com\/blog\/the-ford-flaw-revealed-customers-and-employee-records-from-internal-systems\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiarch.com\/blog\/the-ford-flaw-revealed-customers-and-employee-records-from-internal-systems\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/xiarch.com\/blog\/the-ford-flaw-revealed-customers-and-employee-records-from-internal-systems\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiarch.com\/blog\/"},{"@type":"ListItem","position":2,"name":"The Ford Flaw Revealed Customers and Employee Records from Internal Systems"}]},{"@type":"WebSite","@id":"https:\/\/xiarch.com\/blog\/#website","url":"https:\/\/xiarch.com\/blog\/","name":"Xiarch Solutions Private Limited","description":"","publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiarch.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiarch.com\/blog\/#organization","name":"Xiarch","url":"https:\/\/xiarch.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","contentUrl":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","width":300,"height":300,"caption":"Xiarch"},"image":{"@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/xiarch\/","https:\/\/twitter.com\/xiarch","https:\/\/www.linkedin.com\/company\/xiarch"]},{"@type":"Person","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c","name":"Xiarch Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","caption":"Xiarch Security"},"sameAs":["https:\/\/xiarch.com\/blog\/"],"url":"https:\/\/xiarch.com\/blog\/author\/vector\/"}]}},"_links":{"self":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/2866"}],"collection":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/comments?post=2866"}],"version-history":[{"count":1,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/2866\/revisions"}],"predecessor-version":[{"id":2873,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/2866\/revisions\/2873"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media\/2872"}],"wp:attachment":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media?parent=2866"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/categories?post=2866"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/tags?post=2866"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}