Jour : 31 décembre 2024

Publié le par Laisser un commentaire

Study finds thousands of browser extensions compromise user data – India Technology News

Browser extensions, the software add-ons that help users customize and enhance their web browsers, are wildly popular. Some of the most-used extensions find shopping deals, fix grammar and typos, manage passwords, or translate web pages. The types of extensions available are nearly endless, and many have become indispensable tools for businesses and everyday users.
While these extensions can make web browsing more accessible, productive, and rewarding, they are not without risk. New research from Georgia Tech reveals that thousands of browser extensions pose significant threats to privacy, and hundreds automatically extract private user content from within webpages — affecting millions of internet users.
Led by Frank Li, assistant professor in the School of Cybersecurity and Privacy and the School of Electrical and Computer Engineering, and Ph.D. student Qinge Xie, a team of researchers developed a new system that monitors if and how browser extensions collect user content from webpages. The team, which also includes Paul Pearce, assistant professor in the School of Cybersecurity and Privacy and the School of Computer Science, and Manoj Vignesh Kasi Murali, a Georgia Tech M.S. alumnus, presented their research paper at the Usenix Security Symposium, a top cybersecurity conference, in August.
“We know from prior research that browser extensions collect users’ browser activity and history, but some of the most sensitive user data is located within webpages, such as emails, social media profiles, medical records, banking information, and more,” Li said. “We wanted to know if extensions are also collecting personal data from these webpages.”
The team designed a web framework, Arcanum, to test whether extensions automatically extract user data from webpages. They used the system to study every functional extension — more than 100,000 — available in the Chrome Web Store. Specifically, they used the system to monitor whether the extensions extracted user data from seven popular websites known to contain sensitive information: Amazon, Facebook, Gmail, Instagram, LinkedIn, Outlook, and PayPal.
The researchers observed that browser extension collection of potentially sensitive and private data is pervasive. They identified more than 3,000 browser extensions that automatically collect user-specific data, affecting tens of millions of users. More than 200 extensions directly took sensitive user data from webpages and uploaded it to servers.
Browser extensions do sometimes collect user data for legitimate reasons — for example, when the data collected is related to the extension’s functionality or purpose. For this reason, it can be challenging to identify the intent behind the extension’s data collection behavior.
To investigate further, the researchers took a sample group of the flagged extensions and compared each extension’s data collection behavior to its privacy policy and web store description, which are supposed to explain how the extension is used and what information it will collect. This allowed the researchers to investigate whether users would reasonably expect extensions to automatically collect their data as part of their function.
In this sample group, the researchers found that none of them clearly described the automated user data collection in their privacy policy or web store description.
“Unfortunately, the same capabilities that extensions rely on to enrich the web browsing experience can also be abused to harm user privacy, and potentially without users’ knowledge or explicit consent,” Xie said. “Even in cases where data collection is benign and necessary for legitimate functionality, it introduces privacy risks. Sensitive user data can be transmitted and stored by a third party, which may further share the data or possibly leak the data during a data breach.”
According to the researchers, their findings suggest that companies like Google could develop stricter privacy policies for extensions or more broadly enforce existing policies. Major companies whose users’ sensitive data is being collected could also increase measures to protect their customers.
“I don’t believe individual users should have to bear the burden of worrying about their privacy or protecting their data, because they may not have the capability or technical knowledge to figure out what’s happening,” Li said. “The goal of this type of work is to bring these issues to the organizations or stakeholders that can influence data collection, in hopes that it can guide them in enhancing user privacy.”

India Technology News is a one-stop news portal for all your news needs- ranging from technological solutions to technological advancements; the impact of technology.
Quick Links


Lost your password?

source

Publié le par Laisser un commentaire

What to expect from tech’s biggest buzzword in 2025 – The Business Journals

Listen to this article 3 min
As 2024 draws to a close, local tech experts share their expectations for AI trends in the coming year.
With a buzz continuously increasing around artificial intelligence, companies of every industry and size are hoping to jump on the AI train.
Artificial intelligence remains a key focus for both prominent organizations and young startups, with companies in nearly every industry honing in on the surging technology.
Major AI developments in 2024 include OpenAI’s release of its ChatGPT-4o model, characterized by increased up-to-date information gathering and summarization capabilities, as well as improvements of Microsoft’s Copilot and Google’s Gemini models.
However, local business leaders say these improvements seem to be hitting a temporary plateau as newer models haven’t made as formative innovative leaps as previous models.
“These models have not been quite as big of a leap forward as previous models … that said, they are still better than anything that has come before them, and companies should use the latest and greatest,” said Will Blackburn, co-founder of DevClarity and AI information group Birmingham AI. “In 2025, we expect moderate base model improvements with more investment in alternative innovations.”
Blackburn’s role with Birmingham AI allows him a close look at how local founders and professionals are implementing artificial intelligence into their businesses.
“Birmingham is past the “enthusiast” stage and into the “user” stage,” he said. “As I talk to leaders and operators of Birmingham-based companies, I hear stories of AI teams inside their companies. I hear about the different tools they have access to, such as ChatGPT for teams and GitHub Copilot for developers.”
Although many large corporations are starting to implement AI capabilities into their business model, one of the biggest challenges surrounding AI is still accessibility of use for normal-sized companies.
“The biggest challenge continues to be connecting the latest models with the context that the business has. This is a technology, security and compliance challenge wrapped up in one,” Blackburn said.
He said 2025 will likely bring an increase in businesses adopting AI solutions and tools that will allow their employees to use them for everyday tasks.
In addition to an uptick of employee use, Blackburn also said he expects 2025’s AI ecosystem to be focused on AI agents, which are able to solve a problem holistically.
“Companies will begin to use AI agents that solve an entire problem from top to bottom,” he said. “Think of an AI agent that reviews a project plan and provides a report or an agent that updates a sales pipeline automatically based on emails from your sales team.”
Many local AI-focused startups have launched over the last year both locally and nationally, leading to a saturated market. To differentiate themselves, new businesses will need to make sure they’re solving a specific existing problem and making it clear what the return for the customer is.
Blackburn’s final piece of advice is for business professionals to continue using and becoming familiar with different AI tools to help narrow down the ones that best help day-to-day tasks.
“Continue to lean on AI. Explore AI agent solutions in 2025 that have been specifically built for a challenge your business faces,” he said. “You will find out what AI is good at and where it can help your business.”
© 2024 American City Business Journals. All rights reserved. Use of and/or registration on any portion of this site constitutes acceptance of our User Agreement (updated August 13, 2024) and Privacy Policy (updated December 17, 2024). The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of American City Business Journals.

source

Publié le par Laisser un commentaire

ASML DEADLINE NOTICE: ROSEN, A TOP-RANKED LAW FIRM, – GlobeNewswire

 | Source: The Rosen Law Firm PA The Rosen Law Firm PA
NEW YORK, Dec. 31, 2024 (GLOBE NEWSWIRE) —
WHY: Rosen Law Firm, a global investor rights law firm, reminds purchasers of ordinary shares, including those that purchased call options and/or sold put options of ASML Holding N.V. (NASDAQ: ASML) between January 24, 2024 and October 15, 2024, both dates inclusive (the “Class Period”), of the important January 13, 2025 lead plaintiff deadline.
SO WHAT: If you purchased ASML ordinary shares and/or purchased call options and/or sold put options during the Class Period you may be entitled to compensation without payment of any out of pocket fees or costs through a contingency fee arrangement.
WHAT TO DO NEXT: To join the ASML class action, go to https://rosenlegal.com/submit-form/?case_id=31159 or call Phillip Kim, Esq. at 866-767-3653 or email case@rosenlegal.com for more information. A class action lawsuit has already been filed. If you wish to serve as lead plaintiff, you must move the Court no later than January 13, 2025. A lead plaintiff is a representative party acting on behalf of other class members in directing the litigation.
WHY ROSEN LAW: We encourage investors to select qualified counsel with a track record of success in leadership roles. Often, firms issuing notices do not have comparable experience, resources, or any meaningful peer recognition. Many of these firms do not actually litigate securities class actions, but are merely middlemen that refer clients or partner with law firms that actually litigate cases. Be wise in selecting counsel. The Rosen Law Firm represents investors throughout the globe, concentrating its practice in securities class actions and shareholder derivative litigation. Rosen Law Firm achieved the largest ever securities class action settlement against a Chinese Company at the time. Rosen Law Firm was Ranked No. 1 by ISS Securities Class Action Services for number of securities class action settlements in 2017. The firm has been ranked in the top 4 each year since 2013 and has recovered hundreds of millions of dollars for investors. In 2019 alone the firm secured over $438 million for investors. In 2020, founding partner Laurence Rosen was named by law360 as a Titan of Plaintiffs’ Bar. Many of the firm’s attorneys have been recognized by Lawdragon and Super Lawyers.
DETAILS OF THE CASE: According to the lawsuit, during the Class Period, defendants made false and/or misleading statements and/or failed to disclose that: (1) the issuers being faced by suppliers, like ASML, in the semiconductor industry were much more severe than defendants had indicated to investors; (2) the pace of recovery of sales in the semiconductor industry was much slower than defendants had publicly acknowledged; (3) defendants had created the false impression that they possessed reliable information pertaining to customer demand and anticipated growth, while also downplaying risk from macroeconomic and industry fluctuations, as well as stronger regulations restricting the export of semiconductor technology, including the products that ASML sells; and (4) as a result, defendants’ statements about ASML’s business, operations, and prospects lacked a reasonable basis. When the true details entered the market, the lawsuit claims that investors suffered damages.
To join the ASML class action, go to https://rosenlegal.com/submit-form/?case_id=31159 or call Phillip Kim, Esq. toll-free at 866-767-3653 or email case@rosenlegal.com for information on the class action.
No Class Has Been Certified. Until a class is certified, you are not represented by counsel unless you retain one. You may select counsel of your choice. You may also remain an absent class member and do nothing at this point. An investor’s ability to share in any potential future recovery is not dependent upon serving as lead plaintiff.
Follow us for updates on LinkedIn: https://www.linkedin.com/company/the-rosen-law-firm, on Twitter: https://twitter.com/rosen_firm or on Facebook: https://www.facebook.com/rosenlawfirm/.
Attorney Advertising. Prior results do not guarantee a similar outcome.
——————————-
Contact Information:
        Laurence Rosen, Esq.
        Phillip Kim, Esq.
        The Rosen Law Firm, P.A.
        275 Madison Avenue, 40th Floor
        New York, NY 10016
        Tel: (212) 686-1060
        Toll Free: (866) 767-3653
        Fax: (212) 202-3827
        case@rosenlegal.com
        www.rosenlegal.com

source

Publié le par Laisser un commentaire

Supertrailer: ‘Love & Hip-Hop: Atlanta’ Season 12 [Part 2] – ThatGrapeJuice

‘Love & Hip-Hop: Atlanta’ returns to MTV on January 7 for season 12 / part 2.
The newest installment of the long-running reality series sees the action expand to London, England as the eclectic collective navigates music and mishaps.
Returning are the likes of Rasheeda and husband Kirk Frost, Spice, Karlie Redd, Yandy Smith, Mendeecees, Shekinah, Scrappy, Bambi, Momma Dee, Erica Dixon, Erica Banks, Amy Luciani, and Yung Joc.
Rapper Saucy Santana alongside on-off boyfriend ZellSwaggs are also in the mix and the fireworks are continuing to fly.
Before the show makes its comeback on MTV, a titillating supertrailer has been unleashed.
Watch after the jump…
Continuer la lecture de Supertrailer: ‘Love & Hip-Hop: Atlanta’ Season 12 [Part 2] – ThatGrapeJuice