Posted in Commentary with tags WizCase on September 25, 2024 by itnerd
The Chrome Web Store is home to hundreds of AI browser extensions. Taking that into account, researchers at WizCase looked into the privacy implications of using these extensions to understand the potential risks and overreach into user data. We explain some highlights of our findings below.
According to their research:
Despite being advertised as serverless with no analytics and data collection, WebChat GPT secretly sends data to its own server and records your email address before you even sign up for an account.
The Liner AI browser extension collects extremely sensitive user information, including 2FA codes, user credentials, and emails, which is a major security and privacy issue.
Wiseone actively logs sites you visit and can extract data — including email, contacts, and other personal information — from your Google account without your permission or consent.
LinkedRadar collects excessive browser traffic, actively logging open browser tabs every 10 seconds.
Why it matters: Their research has shown that, even if browser extensions give users ease-of-use, too often, the software accesses and records information contrary to the Chrome Web Store policies and even the developer’s own, making it almost impossible for consumers to know how secure their information truly is.
LinkedIn has released the 2024 Canadian Top Startups List, featuring 15 emerging companies attracting attention and top talent in 2024. Eleven new companies are on this year’s list including Pine, Sweat and Tonic, Quandri, and Felix.
As the landscape of work changes rapidly around professionals, from what we do to how we do it, startups are a natural place to look for forward thinking and innovation around the future of how we live and work. LinkedIn’s Top Startups list is the place to find the startups Canadians should be paying attention to, whether they’re looking for a new job or inspiration from those leading us through change.
LinkedIn measures startups based on four pillars: employment growth, engagement, job interest and attraction of top talent. Employment growth is measured as percentage headcount increase over methodology time frame, which must be a minimum of 10%. Engagement looks at non-employee views and follows of the company’s LinkedIn page, as well as how many non-employees are viewing employees at that startup. Job interest counts the rate at which people are viewing and applying to jobs at the company, including both paid and unpaid postings. Attraction of top talent measures how many employees the startup has recruited away from any global LinkedIn Top Company, as a percentage of the startup’s total workforce. Data is normalized across all eligible startups. The methodology time frame is July 1, 2023 through June 30, 2024.
To be eligible, companies must be fully independent, privately held, have 30 or more full-time employees, be 5 years old or younger and be headquartered in the country on whose list they appear. We exclude all staffing firms, think tanks, venture capital firms, law firms, management and IT consulting firms, nonprofits and philanthropy, accelerators and government-owned entities. Startups who have laid off 10% or more of their workforce based on corporate announcements or public, reliable sources between July 1, 2023 and the list launch, are not eligible. These decisions are made by the LinkedIn News team based on company statements and/or reputable news outlets.
Posted in Commentary with tags TTC on September 25, 2024 by itnerd
I woke up this morning to the news that at least for now, the TTC which had announced that free WiFi was going away in Toronto’s subway system will stay for now:
The service will now continue at least until studies are done on the impact of the move on vulnerable riders — including youth, women and people with low-income.
TTC staff will also consider a plan to establish a pilot for free Wi-Fi on bus and street platforms, as well as bays at stations, according to the motion, put forward by Coun. Josh Matlow.
I was never completely comfortable with this decision as I am sure it was predicated on the fact that now that 5G cell service is available in the subway, that the TTC didn’t need to spend the cash to upgrade WiFi. The problem with that logic is that this is Canada and Canada has some of the highest costs for cell phone service on the planet. So there’s plenty of people who would be adversely affected by this decision in my mind. As long as the TTC seriously looks at this again and makes a decision that is based on logic and facts, I’m fine with them keeping WiFi in the subway around.
Horizon3.ai Chief Attack Engineer Zach Hanley has just published “CVE-2024-28987: SolarWinds Web Help Desk Hardcoded Credential Vulnerability Deep-Dive.” He details “a hardcoded credentials vuln affecting SolarWinds Web Help Desk. It allows attackers to read all help desk tickets, often containing sensitive IT procedures including user onboarding, password resets and shared resource credentials.”
On August 13, 2024, SolarWinds released a security advisory for Web Help Desk (WHD) that detailed a deserialization remote code execution vulnerability. This vulnerability, CVE-2024-28986, was added to CISA’s Known Exploited Vulnerability (KEV) catalog two days later on August 15, 2024.
The advisory states: SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine.
While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.
Zach said: “While we initially went in looking for the above vulnerability, we discovered a different vulnerability, now assigned CVE-2024-28987, which allows unauthenticated attackers to remotely read and modify all help desk ticket details – often containing sensitive information like passwords from reset requests and shared service account credentials.
“At the time of writing this, there are approximately 827 instances of SolarWinds Web Help Desk reachable on the internet. The WHD application is seemingly popular with State, Local, and Education (SLED) market segment according to a brief examination of those that expose it to the internet and our own client base.”
Horizon3.ai is publishing the deep dive today (September 25, 2024), having provided SolarWinds more than 30 days’ notice (on August 13, 2024), allowing the SolarWinds team to discover and patch the vulnerability. This is in keeping with Horizon3.ai’s practices to decrease the likelihood of exploitation and protect users.
Horizon3.ai today announced the appointment of Keith Poyser as Vice President for EMEA. Poyser brings more than 25 years of experience in driving sales growth, strategy, and business development in leading cybersecurity and technology firms. He joins Horizon3.ai at a time of significant market expansion as the company continues to deliver its cutting-edge solution, NodeZero™, to organizations worldwide.
Poyser has built an impressive career in the technology sector, holding key leadership roles at organizations like SentinelOne, Palo Alto Networks, BigFix, and IBM. With a proven track record of building and revamping sales teams, developing go-to-market strategies, and driving sustained growth, Poyser is well-positioned to lead Horizon3.ai’s expansion efforts across the EMEA region.
Poyser’s leadership will focus on strategic talent development, refining go-to-market strategies, operational excellence, and expanding partnerships across key verticals and regions. He emphasizes the importance of efficient resource management and delivering value to clients as Horizon3.ai continues to help organizations address today’s most pressing cybersecurity challenges.
Poyser’s prior roles include leadership positions at SentinelOne, where he served as Area Vice President for Northern EMEA, and Palo Alto Networks, where he led Enterprise Sales and then served as Interim Vice President for Western Europe. His wealth of experience includes leading teams through periods of rapid growth, driving sales excellence, and consistently exceeding performance targets.
With his deep understanding of the EMEA market, Poyser is ready to lead the company’s next phase of expansion. Outside of work, Poyser, who is based just outside of London, enjoys the outdoors and is an accomplished long-range rifle competitor, having represented the UK internationally.
Posted in Products with tags Bakespace on September 25, 2024 by itnerd
By Ms. IT Nerd
Besides her many other talents, my wife when she isn’t working during the day is a trained baker having studied at George Brown College’s Hospitality and Culinary Arts school. Her cakes and other baked goods are sought after for parties and other events. Thus this makes her the perfect person to do this review.
When BakeSpace reached out to Mr. IT Nerd, I was excited. This dropped into my lap a timely way as I was involved in baking up a cake for my girlfriend’s milestone birthday for her party. This cake needed to feed 40 – 44 people and I needed help. On the suggestion of our planning group chat in Signal, the idea was born where the cake was to be a certain part of the male anatomy. This was uncharted territory for me but I had ideas and a rough plan of attack. Enter Bakebot AI. Let me demonstrate this via a video before I go into detail:
Here’s the interaction that I had with Bakebot AI:
Bakebot AI question: “What cake pans should I use to make a penis cake to serve 45 people?” I had the Home Cook option turned on as I needed Bakebot AI to provide options that I can use at home cook and it delivered suggesting 9 inch round pans and 9 x 13 inch rectangular pan which would be most commonly used by home cooks.
Out of curiosity I tried the ProChef and Adventurous setting almost expecting the same answer to the same question and I was pleasantly surprised when it gave me a different answer each time and all of the options suggested would work. You can also re-frame the question and ask “how can I make a penis cake using only 9 inch round pans and 9 x 13 inch rectangular pans”. In fact I was having so much fun conversing with Bakebot AI that it was getting a bit addictive for the baking nerd in me.
My next hurdle was getting the right colour(s) for my project. I asked BakeBot “what Chef Master colours should I use to mix skin tone?” It provided me with the suggestion of Chef Master Soft Pink (#101), Egg Yellow (#112), Master Brown (#124), Master Red (#107) along with colour mixing suggestions. It will do the same for AmeriColour. I then tried to challenge it by asking for suggestions for a Toronto food colour brand McCall’s. This is where it provided more general colour vs the specific version of the product. But it had exceeded my exceptions.
I found that I liked using the free BakeBot version as it was very intuitive for me to just click on the BakeBot AI beacon and ask all my questions and it would provide you with the advice that I mentioned above. As a member to utilize the BakeBot AI functionality you would need to go to BakeBot AI Recipe Maker and provide you with a recipe then you see below. Personally I liked the BakeBot AI beacon/icon and think that in the member section they can add “Save Recipe to BakeSpace” as an option that would work better rather than having change the experience.
As for the rest of the experience, My Cookbooks is the section where you can create, share and sell your cookbook.
Pro – The creators of BakeSpace thought about you and your privacy in many ways here as you can see in the Privacy Level. You can keep your Grandma’s recipe in the family by setting it as Group Cookbook or you can share it with the world for free or charge a fee. Most of the cookbooks for sale seemed to be published by Bloggers, Pros or the Community usually for a nominal price. The only con that I can think of is that I have a cooking app paid subscription or using recipes from website or my hardcopy cookbooks and BakeSpace is all about Community for Community and does not allow proprietary or paid subscriptions to be integrated.
Pantry Magic – I entered all the ingredients that I use for make my easy comfort food Asian fruit salad and it gave me this recipe with fresh herbs, honey, walnuts, lemon juice to provide texture and some freshness which is definitely a practical way to go. But you can try it this pantry staple salad using the Asian Kewpie Mayonnaise (a Japanese mayo that gives that umami flavour) and you will change BakeSpace get the Asian pantry fruit salad that you may like. For anyone reading this article I am sharing this recipe with you as I have saved the recipe and called it Asian Fruit Salad. Unfortunately I was not able to remove the section “Pairs Well With” with default “This delightful salad pairs well with Sauvignon blanc and non-alcoholic iced green tea” so I modified it to say “This delightful salad pairs wonderfully with any non-alcoholic iced green tea or drink.” as I feel there is no place for alcoholic drink with a fruit salad unless you are one of these people who feel it’s 5 pm somewhere.
Recipes – is where you can access all of the recipes created by BakeBot AI or shared by the BakeBot community.
Overall I feel that BakeSpace exemplifies the best of a sharing community where the love of baking can be shared. My favorite aspect is the BakeBot AI who hands down has helped me with my many baking projects where I need to “wing it” or take pieces of various recipes to create my unique baking product.
Privacy Overreach of AI Browser Extensions
Posted in Commentary with tags WizCase on September 25, 2024 by itnerdThe Chrome Web Store is home to hundreds of AI browser extensions. Taking that into account, researchers at WizCase looked into the privacy implications of using these extensions to understand the potential risks and overreach into user data. We explain some highlights of our findings below.
According to their research:
Why it matters: Their research has shown that, even if browser extensions give users ease-of-use, too often, the software accesses and records information contrary to the Chrome Web Store policies and even the developer’s own, making it almost impossible for consumers to know how secure their information truly is.
You can access their detailed report here: https://www.wizcase.com/blog/privacy-overreach-of-ai-browser-extensions/
Leave a comment »