Mastodawn

New research drop on my blog today.

I’ve been looking at how Microsoft Edge Drop stores and syncs data and found that messages and notes sent through it sit locally in plaintext and quietly replicate across every device signed into that Edge profile.

🚫No encryption at rest and almost no visibility for enterprise tools.🚫

MSRC reviewed the write up and classified it as non security impacting but the architectural implications for organisations using Edge with Entra ID and Conditional Access are worth understanding.

If you work in enterprise security or identity driven access control this one is relevant.
Silent Drip is live here:

https://cirriustech.co.uk/blog/silent-drip/

#MicrosoftEdge #SilentDrip #SilentDataLeak #SecurityResearch

Silent Drip: When 'Sync' Becomes a Slow Leak

An investigation into plaintext persistence and invisible data propagation through Microsoft Edge Drop.

CirriusTech | Serious About Tech