A group of researchers at the University of Wisconsin announced that they have discovered that browser extensions encountered by visitors to web pages can identify user data such as social security numbers, login information, and credit card details through HTML code. post From UW News.
UW News describes their early version as findingswas discovered when investigating the Google login web page, sparking a debate about cybersecurity in the tech world.
According to UW News, researchers found that 15% of the websites they examined, about 7,000 in total, contained this information as plain text within their source code. The team hypothesizes that this information could be obtained through a browser add-on extension.
Jack West, a University of California computer science doctoral student, said it’s still unclear what web browsers do with this information. It is up to the website what to do with the information, and it may even track or sell it.
phd student online privacy Rishabh Khandelwal, from the research team, said that when browsers extract sensitive data, users’ passwords and other data can be leaked to malicious attackers. This could be your banking information or your personal email, and it’s also connected to other places.
Rick Wash, a professor of computer, data and information science at the University of Wisconsin, said web browsers can access user information if the user consents to “cookies,” data files collected for a personalized experience on a website. He said he could. However, it is usually safe to use his web browser extensions from Chrome, Microsoft, and Apple stores.
The microbe that makes cheese could become the state microbe, researchers sayThe Science Policy Catalyst organization plans to introduce a bill aimed at adopting Lactococcus lactis as Wisconsin’s state microorganism. read…
Mr. Wash’s research focuses on the human aspects of cybersecurity. Wash said his research focuses on how people decide whether something is trustworthy and how they make decisions about security implications in general. Ta.
Khandelwal also said that the more people download the extension, the safer it becomes.
Extensions with more downloads and reviews are more reliable than extensions with fewer downloads or no reviews. Checking reviews can help validate the integrity of an extension as other users can attest to their experience using the extension. microsoft.
student Asmit Nayak, who is also part of the PhD online privacy research team, says that while these browser extensions superficially serve their intended purpose, there may be other activities going on behind the scenes. It states that there is.
Microsoft also says that browser extensions are mostly safe to use and can protect users. However, because extensions run in the background of your browser, malicious software may be able to connect and access them and your personal information, such as passwords or credit card numbers.
“Even if you haven’t done anything wrong, someone can use sensitive data to access your identity,” Nayak says. “If someone knows your Social Security number, they can do a lot of bad things with it.”
Nayak said that if someone installs a malicious extension, that data can be read and sent to their own servers.
If your device is affected by malicious extensions or malware, criminals can store and steal your personal information. According to , this can make your device susceptible to even more malware. Federal Trade Commission.
According to Nayak, many websites prevent extensions from accessing personal or sensitive data, but agreeing to the web page’s terms of service may allow access to this data. It is said that there is.
Browser extensions may collect user data for sale to marketing agencies, which is legal if you agree to their privacy policy. That’s why he recommends reading the privacy policy. Browser extensions can collect behavioral data, such as what products people are viewing, and use that data to optimize how they advertise to people, West said.
“A big reason the campus tried to ban the app” [Tik Tok] Because they were afraid that that data would be shared with parties that they didn’t consent to… logging credentials, API tokens, things of that nature could be bad,” West said. said.
But there is a lack of specific laws and regulations regarding what browsers can access, Nayak said. The browser cannot distinguish between the text He only has access to the box, or whether he also has access to the password or email address.
“The problem is that browser exchanges and the browsers themselves don’t differentiate between accessing data and accessing sensors,” Khandelwal said.
Essentially, once an extension has access to one page, it can potentially access all other pages, Khandewal said.
Wisconsin professors consider the impact of marijuana legalization on medicine and researchWisconsin State Sen. Melissa Agard (D-Madison) recently introduced a bill in the Wisconsin Senate that would fully legalize marijuana. read…
Companies typically proactively implement changes after being alerted to privacy issues due to public relations concerns, but some companies disagree that these are serious issues. Nayak said Khandelwal and the rest of his research team contacted a website company after discovering a vulnerability in the extension that could extract and leak user data. The company did not consider this a serious issue as long as the extension requested the necessary permissions.
Nayak said the team considers passwords visible in the extension to be a major security issue.
Khandelwal said that users often don’t realize that their password is visible in the extension, since the password allows the extension to run. The team hopes their efforts will bring awareness and solutions to the problem.
Cybersecurity breaches can be particularly detrimental to college students, Wash said, because once someone signs into a college account, hackers could access their grades, course materials and financial information. Ta. Malicious attackers could also target professors’ accounts and gain access to sensitive student records, grades, and intellectual property. However, West said the university has implemented security measures and verification apps such as Duo Mobile to help with this.