For those who aren’t aware, Microsoft have decided to bake essentially an infostealer into base Windows OS and enable by default.
-
@GossiTheDog @Laird_Dave Sure, I can see that. But Microsoft has a lot of enterprise customers with CISOs, legal departments, regulatory requirements, etc. for whom Recall is worse than useless. That actually describes most of their largest enterprise customers!
Do they even pay attention to their own customers at all?
Sure enterprises can use GPO to turn it off but why make something that most of your biggest customers are going to have to turn off?
-
@GossiTheDog "Sir you need to work on that draft of accepting the Union benefits"
-
@MisuseCase @GossiTheDog @Laird_Dave o365 ignores the heck out of customers. I see no reason Microsoft would ever listen to feedback. Even if it's for a 600 person company with a legal and security department.
-
Managed to find out how BBC News printed in a headline story that it was not possible to steal Recall data without being physically at the device (which is false) - this is from the journalist:
-
Some screenshots of Recall's SQLite database here: https://mastodon.social/@detective/112513529733646088
Just to clarify, I can access it without SYSTEM too. Microsoft are about to set cybersecurity back a decade by empowering cyber criminals via poor AI safety. Feature ships in a few weeks.
-
The latest Risky Business episode on Recall is good, but one small correction - it doesn’t need SYSTEM rights.
Here’s a video of two MSFT employees gaining access to the Recall database folder - with SQLite database right there. Watch their hacking skills. (You don’t need to go this length as an attacker, either). Cc @riskybusiness
I’m not being hyperbolic when I say this is the dumbest cybersecurity move in a decade. Good luck to my parents safely using their PC.
-
Stealing everything you’ve ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster.
My look at the feature, FAQs from the community etc
-
this is the out of box experience for Windows 11's new Recall feature on Copilot+ PCs. It's enabled by default during setup and you can't disable it directly here. There is an option to tick "open Settings after setup completes so I can manage my Recall preferences" instead.
HT @tomwarren
-
@GossiTheDog @tomwarren this blend of dangerous, evil and poorly designed is a perfect reboot of Gates-era MS with a sprinkle of AI on top
-
The frustrating thing is that in the later Gates-era MS (starting in 2002ish) they actually did start taking security seriously -- and made major progress for years. It's really hard to imagine something like this getting through the Windows organization of the time. And yet, here we are.
@[email protected] @[email protected] @[email protected] -
You allow BYOD so people can pick up webmail and such. It’s okay, because when they leave you revoke their access, and your MDM removes all business data from the machine
What the employee does: opens Recall, searches their email, files etc and pastes the data elsewhere.
Nothing is removed from Recall, as it is a photographic memory of everything the former employee did.
-
Just in time for Copilot+ Recall!
-
Security and privacy researchers - You can now install Copilot+ Recall on any ARM hardware (doesn’t need an NPU) or in Azure VMs.
Guide from @detective
The devices launch THIS MONTH to customers so I suggest people look at this.
-
Nvidia just announced that Copilot+ and Recall are coming to AMD systems. https://www.theverge.com/2024/6/2/24169568/microsoft-copilot-plus-gaming-pc-nvidia-amd
-
Somebody made a tool called Total Recall to dump Recall database and screenshots. https://x.com/xaitax/status/1797349055917416457?s=46
-
Recent DHS published report handed to the US President which said it had "identified a series of Microsoft operational and strategic decisions that collectively pointed to a corporate culture that deprioritized enterprise security investments and rigorous risk management"
Microsoft: let’s use AI to screenshot everything users do every 5 seconds, OCR the screenshots, make it searchable and store it in AppData!
-
Searching Recall database for passwords with @awakecoding