Okay then #Microsoft #CoPilot + PCs #CoSoSec
Microsoft AI “Recall” feature records everything, secures far less
How the new Microsoft Recall feature fundamentally undermines Windows security
With Recall, a CEO’s personal laptop could become an even more enticing target for hackers equipped with infostealers, a journalist’s protected sources could be within closer grasp of an oppressive government that isn’t afraid to target dissidents
"So, threat actors gain access to devices. That happens every day on home PCs, and corporate systems. Currently, they steal browser credential stores and clipboard data.
With Recall, as a malicious hacker you will be able to take the handily indexed database and screenshots as soon as you access a system — including 3 months history by default"
Microsoft are about to set cybersecurity back a decade by empowering cyber criminals via poor AI safety.
(Scroll up)
https://cyberplace.social/@GossiTheDog/112531054138802168
UK watchdog looking into Microsoft AI taking screenshots(the article Microsoft lied in and bbc tech journalist believed the lie) 🤷♂️
Microsoft’s Recall Feature Is Even More Hackable Than You Thought
James Forshaw, a researcher with Google's Project Zero vulnerability research team, published an update to a blog post pointing out that he had found methods for accessing Recall data without administrator privileges
https://www.tiraniddo.dev/2024/06/working-your-way-around-acl.html
“Damn,” Forshaw added on Mastodon. “I really thought the Recall database security would at least be, you know, secure.”
https://infosec.exchange/@tiraniddo/112566044174482506
More here:
https://www.wired.com/story/microsoft-windows-recall-privilege-escalation/
You can now choose whether or not you want Recall active during installation. It is no longer active by default - "Windows Hello" enrollment is now required to enable Recall. A "proof-of-presence" is required to view and search Recall
- Recall is now implementing additional layers of protection – it is decrypted in-real-time with Windows Hello Enhanced Sign-in Security (ESS). Data is only decrypted when a user authenticates it. Search index is all encrypted.
#Microsoft recall how it all unfolded and made the company stop in its tracks and take notice of all the criticism and concern and ultimately stop what they were doing and change it ALL
Microsoft cancels universal Recall release in favor of Windows Insider preview
https://www.theregister.com/2024/06/14/microsoft_recall_release_delayed/