Connect with us

NEWS

Gravatar “Breach” Exposes Data of 100+ Million Users

Published

on

spying 4270361 1280

The security alert company HaveIBeenPwned notified users that the profile information of 114 million Gravatar users had been leaked online in what they characterized as a data breach. Gravatar denies that it was hacked.

Here’s a screenshot of the email that was sent to HaveIBeenPwned users that characterized the Gravatar event as a data breach:

Gravatar Breach

Gravatar Enumeration Vulnerability

The user information of every person with a Gravatar account was open to being downloaded using software that “scrapes” the data.

While technically that is not a breach, the manner in which user information was stored by Gravatar made it easy for a person with malicious intent to obtain user information which could then be used as part of another attack to gain passwords and access.

Gravatar accounts are public information. However the individual user profile accounts are not publicly listed in a way that can easily be browsed. Ordinarily a person would have to know account information like the username in order to find the account and all the publicly available information.

A security researcher discovered in late 2020 that Gravatar user account information was recorded in numerical order. A news report from the time described how the security researcher peeked into a JSON file linked in the profile page revealed an ID number that corresponded to the numerical number assigned to that user.

The problem with that user identification number is that the profile could be reached with that number.

Because the number was not randomly generated but in numerical order, anyone wishing to access the all of the Gravatar usernames could access that information by requesting and scraping the user profiles in numerical order.

Data Scraping Event

A data breach is defined as when an unauthorized person gains access to information that is not publicly available.

The Gravatar information was publicly available but an outsider would have to know the username of the Gravatar user in order to gain access to the Gravatar user profile. Additionally the email address of that user was stored in an insecure encrypted manner (called an MD5 hash).

An MD5 hash is insecure and can easily be unencrypted (also known as cracked). Storing email addresses in the MD5 format provided only minor security protection.

That means that once an attacker downloaded the usernames and the email MD5 hash it was then a simple matter for the user’s email address to be extracted.

According to the security researcher who initially discovered the username enumeration vulnerability, Gravatar only had “virtually no rate limiting” which means that a scraper bot could request millions of user profiles without being stopped or challenged for suspicious behavior.

According to the news report from October 2020 that originally divulged the vulnerability:

“While data provided by Gravatar users on their profiles is already public, the easy user enumeration aspect of the service with virtually no rate limiting raises concerns with regards to the mass collection of user data.”

Gravatar Minimizes User Data Collection

Gravatar tweeted public statements that minimized the impact of the user information collection.

The last tweet in the series from Gravatar encouraged readers to learn how Gravatar works:

“If you want to learn more about how Gravatar works or adjust the data shared on your profile, please visit http://Gravatar.com.”

Ironically, Gravatar linked to an insecure protocol of the URL, using HTTP. Upon reaching the URL there was no redirect on Gravatar to a secure (HTTPS) version of the web page, which only undermined their efforts to project a sense of security.

Twitter Users React

One Twitter user objected to the use of the word “breach” because the information was publicly available.

The person behind the HaveIBeenPwned website responded:

Why Gravatar Scraping Event Is Important

Troy Hunt, the person behind the HaveIBeenPwned website explained in a series of tweets why the Gravatar scraping event is important.

Troy asserted that the data that users entrusted to Gravatar was used in a way that was unexpected.

Gravatar User Trust Eroded

Users Want Control Over Their Gravatar Information

Troy asserted that users want to be aware of how their information is used and accessed.

Were Gravatar Users Pwned?

An argument could be made that a Gravatar account can be public but not easily harvested as Step One of a hacking event by people with malicious intent.

Gravatar asserted that after the enumeration attack vulnerability was disclosed that they took steps to close it to prevent further downloading of user information.

So on the one hand Gravatar took steps to prevent those with malicious intent from harvesting user information. But on the other hand they said reports of Gravatar being hacked is misinformation.

But the fact is that HaveIBeenPwned did not call it a hacking event, they called it a breach.

An argument could be made that Gravatar’s use of the MD5 hash for storing email data was insecure and the moment hackers cracked the insecure encryption, the abnormal scraping of “public information” became a breach.

Many Gravatar users aren’t particularly happy and are looking for answers:

Searchenginejournal.com

Keep an eye on what we are doing
Be the first to get latest updates and exclusive content straight to your email inbox.
We promise not to spam you. You can unsubscribe at any time.
Invalid email address

NEWS

OpenAI Introduces Fine-Tuning for GPT-4 and Enabling Customized AI Models

Published

on

By

OpenAI Introduces Fine-Tuning for GPT-4 and Enabling Customized AI Models

OpenAI has today announced the release of fine-tuning capabilities for its flagship GPT-4 large language model, marking a significant milestone in the AI landscape. This new functionality empowers developers to create tailored versions of GPT-4 to suit specialized use cases, enhancing the model’s utility across various industries.

Fine-tuning has long been a desired feature for developers who require more control over AI behavior, and with this update, OpenAI delivers on that demand. The ability to fine-tune GPT-4 allows businesses and developers to refine the model’s responses to better align with specific requirements, whether for customer service, content generation, technical support, or other unique applications.

Why Fine-Tuning Matters

GPT-4 is a very flexible model that can handle many different tasks. However, some businesses and developers need more specialized AI that matches their specific language, style, and needs. Fine-tuning helps with this by letting them adjust GPT-4 using custom data. For example, companies can train a fine-tuned model to keep a consistent brand tone or focus on industry-specific language.

Fine-tuning also offers improvements in areas like response accuracy and context comprehension. For use cases where nuanced understanding or specialized knowledge is crucial, this can be a game-changer. Models can be taught to better grasp intricate details, improving their effectiveness in sectors such as legal analysis, medical advice, or technical writing.

Key Features of GPT-4 Fine-Tuning

The fine-tuning process leverages OpenAI’s established tools, but now it is optimized for GPT-4’s advanced architecture. Notable features include:

  • Enhanced Customization: Developers can precisely influence the model’s behavior and knowledge base.
  • Consistency in Output: Fine-tuned models can be made to maintain consistent formatting, tone, or responses, essential for professional applications.
  • Higher Efficiency: Compared to training models from scratch, fine-tuning GPT-4 allows organizations to deploy sophisticated AI with reduced time and computational cost.

Additionally, OpenAI has emphasized ease of use with this feature. The fine-tuning workflow is designed to be accessible even to teams with limited AI experience, reducing barriers to customization. For more advanced users, OpenAI provides granular control options to achieve highly specialized outputs.

Implications for the Future

The launch of fine-tuning capabilities for GPT-4 signals a broader shift toward more user-centric AI development. As businesses increasingly adopt AI, the demand for models that can cater to specific business needs, without compromising on performance, will continue to grow. OpenAI’s move positions GPT-4 as a flexible and adaptable tool that can be refined to deliver optimal value in any given scenario.

By offering fine-tuning, OpenAI not only enhances GPT-4’s appeal but also reinforces the model’s role as a leading AI solution across diverse sectors. From startups seeking to automate niche tasks to large enterprises looking to scale intelligent systems, GPT-4’s fine-tuning capability provides a powerful resource for driving innovation.

OpenAI announced that fine-tuning GPT-4o will cost $25 for every million tokens used during training. After the model is set up, it will cost $3.75 per million input tokens and $15 per million output tokens. To help developers get started, OpenAI is offering 1 million free training tokens per day for GPT-4o and 2 million free tokens per day for GPT-4o mini until September 23. This makes it easier for developers to try out the fine-tuning service.

As AI continues to evolve, OpenAI’s focus on customization and adaptability with GPT-4 represents a critical step in making advanced AI accessible, scalable, and more aligned with real-world applications. This new capability is expected to accelerate the adoption of AI across industries, creating a new wave of AI-driven solutions tailored to specific challenges and opportunities.

Keep an eye on what we are doing
Be the first to get latest updates and exclusive content straight to your email inbox.
We promise not to spam you. You can unsubscribe at any time.
Invalid email address
Continue Reading

GOOGLE

This Week in Search News: Simple and Easy-to-Read Update

Published

on

This Week in Search News: Simple and Easy-to-Read Update

Here’s what happened in the world of Google and search engines this week:

1. Google’s June 2024 Spam Update

Google finished rolling out its June 2024 spam update over a period of seven days. This update aims to reduce spammy content in search results.

2. Changes to Google Search Interface

Google has removed the continuous scroll feature for search results. Instead, it’s back to the old system of pages.

3. New Features and Tests

  • Link Cards: Google is testing link cards at the top of AI-generated overviews.
  • Health Overviews: There are more AI-generated health overviews showing up in search results.
  • Local Panels: Google is testing AI overviews in local information panels.

4. Search Rankings and Quality

  • Improving Rankings: Google said it can improve its search ranking system but will only do so on a large scale.
  • Measuring Quality: Google’s Elizabeth Tucker shared how they measure search quality.

5. Advice for Content Creators

  • Brand Names in Reviews: Google advises not to avoid mentioning brand names in review content.
  • Fixing 404 Pages: Google explained when it’s important to fix 404 error pages.

6. New Search Features in Google Chrome

Google Chrome for mobile devices has added several new search features to enhance user experience.

7. New Tests and Features in Google Search

  • Credit Card Widget: Google is testing a new widget for credit card information in search results.
  • Sliding Search Results: When making a new search query, the results might slide to the right.

8. Bing’s New Feature

Bing is now using AI to write “People Also Ask” questions in search results.

9. Local Search Ranking Factors

Menu items and popular times might be factors that influence local search rankings on Google.

10. Google Ads Updates

  • Query Matching and Brand Controls: Google Ads updated its query matching and brand controls, and advertisers are happy with these changes.
  • Lead Credits: Google will automate lead credits for Local Service Ads. Google says this is a good change, but some advertisers are worried.
  • tROAS Insights Box: Google Ads is testing a new insights box for tROAS (Target Return on Ad Spend) in Performance Max and Standard Shopping campaigns.
  • WordPress Tag Code: There is a new conversion code for Google Ads on WordPress sites.

These updates highlight how Google and other search engines are continuously evolving to improve user experience and provide better advertising tools.

Keep an eye on what we are doing
Be the first to get latest updates and exclusive content straight to your email inbox.
We promise not to spam you. You can unsubscribe at any time.
Invalid email address
Continue Reading

FACEBOOK

Facebook Faces Yet Another Outage: Platform Encounters Technical Issues Again

Published

on

By

Facebook Problem Again

Uppdated: It seems that today’s issues with Facebook haven’t affected as many users as the last time. A smaller group of people appears to be impacted this time around, which is a relief compared to the larger incident before. Nevertheless, it’s still frustrating for those affected, and hopefully, the issues will be resolved soon by the Facebook team.

Facebook had another problem today (March 20, 2024). According to Downdetector, a website that shows when other websites are not working, many people had trouble using Facebook.

This isn’t the first time Facebook has had issues. Just a little while ago, there was another problem that stopped people from using the site. Today, when people tried to use Facebook, it didn’t work like it should. People couldn’t see their friends’ posts, and sometimes the website wouldn’t even load.

Downdetector, which watches out for problems on websites, showed that lots of people were having trouble with Facebook. People from all over the world said they couldn’t use the site, and they were not happy about it.

When websites like Facebook have problems, it affects a lot of people. It’s not just about not being able to see posts or chat with friends. It can also impact businesses that use Facebook to reach customers.

Since Facebook owns Messenger and Instagram, the problems with Facebook also meant that people had trouble using these apps. It made the situation even more frustrating for many users, who rely on these apps to stay connected with others.

During this recent problem, one thing is obvious: the internet is always changing, and even big websites like Facebook can have problems. While people wait for Facebook to fix the issue, it shows us how easily things online can go wrong. It’s a good reminder that we should have backup plans for staying connected online, just in case something like this happens again.

Keep an eye on what we are doing
Be the first to get latest updates and exclusive content straight to your email inbox.
We promise not to spam you. You can unsubscribe at any time.
Invalid email address
Continue Reading

Trending