In his latest piece, @GossiTheDog@cyberplace.social dives deep into the security implications of Microsoft's Copilot+ Recall. 🔍📝

Key takeaways:

🔴 Recall constantly takes screenshots of your PC
🔴 Everything you've seen is stored in a plain text database 📁
🔴 Hackers can easily exfiltrate this data in seconds 👨‍💻💨
🔴 Auto-deleting messages stay in Recall indefinitely ♾️

"Recall enables threat actors to automate scraping everything you've ever looked at within seconds." 😱

"This is the dumbest cybersecurity move in a decade." - @gossithedog 🤦

https://doublepulsar.com/recall-stealing-everything-youve-ever-typed-or-viewed-on-your-own-windows-pc-is-now-possible-da3e12e9465e

@screaminggoat @briankrebs

#AI #Infosec #DataSecurity #Windows #Recall #CyberSecurity

Stealing everything you’ve ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster.

I wrote a piece recently about Copilot+ Recall, a new Microsoft Windows 11 feature which — in the words of Microsoft CEO Satya Nadella- takes “screenshots” of your PC constantly, and makes it into an…

^{Kevin Beaumont (DoublePulsar)}

Regular user: I want to feel safe and private.

Google: cool, anyways here's an AI that listens to your calls.

Microsoft: word, how about an AI that takes screenshots of everything you do?

#Google #AI #Microsoft #privacy #security #safety #cybersecurity #infosec

Big fan of this: smart curtains company Slide is shutting down, but they offer one last update which enables its consumers to keep their curtains running through a local API. Great solution for an increasingly prevalent situation in which consumers are left with IoT devices that no longer function because the manufacturer stops existing (see VanMoof, Gigaset, and more).

https://mailchi.mp/62a41d08c384/important-service-message-slide-is-closing-its-doors?e=d537a73017

#iot #infosec #law

Oh noo....

Did someone forget to change the default credentials on your multifunction printer?!?!?!

Ohhhh nooooo.....

Did someone set up the printer to do email address lookups on active directory?

Hmmm????

Are there stored Domain user service account credentials on this here printer????

Hmmmm???

Well..... since I AMMMMMM administrator on the printer because I looked up the default credentials on the public internet.....

Maybe you wouldn't mind if I changed the IP Address to point from the Domain Controller... to ME!!!!

Hahahaha!!!!

I'm the Domain Controller... I swear.... I even have port 389 open on my hack box... err... Domain Controller. LDAP. Like you like!

And you should do a little... mmm.... "Test Connection".... just to see if you can connect.

Oh what's that?! Your user name is is "PrinterServiceAccount" and your password is "Pr1nt3r$3cr3tP@$$w0rd"

Oh, I'm sorry. You have the wrong place buddy. Why don't you run along....

....while I connect to Active Directory with your username and password....

😈😈😈

#hacking #infosec

A simple observation:

"White Hat Hacker" is NOT synonymous with "Ethical Hacker"

You can legally protect an unethical corporation and in doing so, you are an accomplice to their unethical actions.

You can ethically hack to protect people and still be conducting illegal activities.

Do not conflate the two terms.

#hacking #infosec

@Viss I wish articles like this would include, up front, the indicators of compromise that I can use to test if the servers I manage are affected. It's the first and most important thing I want to know when learning about a vulnerability.

#linux #vulnerability #InfoSec #security #journalism

Wondering if anyone has already started adding malicious LLM prompts to their User Agent strings and hammering sites of companies that might be expected to use "AI" for log analysis. 🤔

Inspired by:
https://tweesecake.social/@weirdwriter/112441889190313713

#InfoSec

Last night I got a visit from the #infosec fairy.

She said: "Martin, you have been doing a lot of good security deeds, I decided to grant you a wish."

I replied: "Great, I always wanted a unicorn."

The fairy looked pained: "You know, unicorns are extinct. That is a very difficult wish. Do you have another one?"

I thought long and hard: "How about a working IT security process?"

Now I have a question for the community: What does a unicorn eat?

Did I start reading a second book about pentesting during my holidays? Absolutely, yes I did 😌

With my experience in development, OSINT and my love of solving riddles, this look like it could be an interesting next step for my career 🤘🏽

#infosec #pentest #whitehat