23 August 2024

Microsoft Will Enable Hacking. Again. Even More. In October.

They say they value security, but then they do crazy stuff like this. Microsoft will try the data-scraping Windows Recall feature again in October | Ars Technica

If I hated Microsoft before (and I did), I really hate it now.

For those unfamiliar, Recall is a Windows service that runs in the background on compatible PCs, continuously taking screenshots of user activity, scanning those screenshots with optical character recognition (OCR), and saving the OCR text and the screenshots to a giant searchable database on your PC. The goal, according to Microsoft, is to help users retrace their steps and dig up information about things they had used their PCs to find or do in the past.

The problem was that other users on the same PC, or attackers with physical or remote access to your PC, could easily access, view, and export those screenshots and the OCR database since none of the information was encrypted at rest or protected in any substantive way.

And they say "Oh, don't worry! We fixed that." And they won't turn it on by default. At least not at first. But you know they want to. And I hate to see what the End User License Agreement will look like. Or eventually look like, because they always give themselves the right to change the agreement later on. It will likely say that you give Microsoft access to all of your data.

Linux Mint is the way to go. Easy to install. Looks mostly like windows, and while there are a couple of rough edges it works for me. I have 3 different browsers, my email client of choice, an Office Suite that looks a lot like Microsoft Office without all of the online-all-the time, pay-through-your-nose craziness. And I can watch videos.

Hat tip to Pixy Misa at Ambient Irony. Daily News Stuff 22 August 2024: Let's Not And Never Talk About It Again Edition

Microsoft is planning to try again with its obviously insane Windows "Total" Recall spyware system. (Ars Technica)

This is the feature - key to the so-called Copilot Plus platform - that takes screenshots of everything you do on your computer - passwords, bank account details, confidential emails - and puts them in a single conveniently labelled and indexed box for AI assistants and Russian/Chinese/North Korean/Iranian hackers to search for you.

It isn't like Microsoft's code is completely riddled with exploitable software problems. Or is it?

But what could possibly go wrong oh there's another critical vulnerability in Microsoft's Copilot Studio AI platform. (Dark Reading)

Huh.

/blockquote>

No comments:

Post a Comment

Comment Moderation is in place. Your comment will be visible as soon as I can get to it. Unless it is SPAM, and then it will never see the light of day.

Be Nice. Personal Attacks WILL be deleted. And I reserve the right to delete stuff that annoys me.