For those who aren’t aware, Microsoft have decided to bake essentially an infostealer into base Windows OS and enable by default.
From the Microsoft FAQ: “Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers."
Info is stored locally - but rather than something like Redline stealing your local browser password vault, now they can just steal the last 3 months of everything you’ve typed and viewed in one database.
@TechnicalAdept @GossiTheDog I don't give a shit who knows about my sexual fantasies or my porn habits. (I am not saying that isn't a threat, but it isn't to me lol)
I just fear for those that ARE afraid of this threat, because to them it IS a threat.
@NosirrahSec @TechnicalAdept @GossiTheDog Yeah, the abuse use cases are basically unbounded.
Sysadmin looks at password manager once, hacker has credentials to migrate from laptop to every device on the network. Politician looks at the "wrong" thing, high level blackmail. Woman looks at abuse shelters to leave her husband, becomeS homicide statistic. HR person looks at employee spreadsheet, hacker has PII for whole company.
You can't spend 5 seconds and not feel morally obligated to stop it.
Kevin Beaumont
NosirrahSec 🏴☠️ guillotine enthusiast
Matt Hardy 3.11 for Workgroups
wrosecrans
Morten