Notices by Kevin Beaumont (gossithedog@cyberplace.social), page 2

lol Microsoft have put ‘reboot each box 15 times’ on its website

The chuckle brothers at NoName attempting to claim they caused the incident. To be super clear, NoName can barely DDoS a bike shed website, and once asked me to make their logo in Minecraft.

Probably the funniest BBC news update so far (they’ve cleared the airways for this incident).

🤪

BBC News at 6 is leading the entire show with this. (They asked me to appear but I was slightly busy).

For the record I spent much of the day trying to tell people it isn’t a Microsoft issue.

When I get successfully DDoS’d it’s both a security incident and I’m not protected…

Billboards in Times Square blue screen of deathing. Nice way to find out which orgs use Crowdstrike, this 🤣

Source is BBC News, if anybody wondering.

You allow BYOD so people can pick up webmail and such. It’s okay, because when they leave you revoke their access, and your MDM removes all business data from the machine ✅

What the employee does: opens Recall, searches their email, files etc and pastes the data elsewhere.

Nothing is removed from Recall, as it is a photographic memory of everything the former employee did.

Just in time for Copilot+ Recall!

Security and privacy researchers - You can now install Copilot+ Recall on any ARM hardware (doesn’t need an NPU) or in Azure VMs.

Guide from @detective

The devices launch THIS MONTH to customers so I suggest people look at this.

https://github.com/thebookisclosed/AmperageKit

Somebody made a tool called Total Recall to dump Recall database and screenshots. https://x.com/xaitax/status/1797349055917416457?s=46

Recent DHS published report handed to the US President which said it had "identified a series of Microsoft operational and strategic decisions that collectively pointed to a corporate culture that deprioritized enterprise security investments and rigorous risk management"

Microsoft: let’s use AI to screenshot everything users do every 5 seconds, OCR the screenshots, make it searchable and store it in AppData!

Searching Recall database for passwords with @awakecoding

🫡

I've written up my thoughts on the Copilot Recall feature in Microsoft Copilot+ PCs

I think it will enable fraud and endanger users, and is not the sign of a company who are committed to security first.

https://doublepulsar.com/how-the-new-microsoft-recall-feature-fundamentally-undermines-windows-security-aa072829f218

The UK’s ICO have opened an investigation into Copilot+ Recall. https://www.bbc.co.uk/news/articles/cpwwqp6nx14o

Copilot+ Recall has been enabled by default globally in Microsoft Intune managed users, for businesses.

You need to enable DisableAIDataAnalysis to switch it off. https://learn.microsoft.com/en-us/windows/client-management/manage-recall

Here’s Copilot+ Recall search in action, showing instant text based search finding a WhatsApp chat and a PDF from 6 months ago being viewed on screen.

Two quick updates -

A) if you disallow recording of a website in Control Panel or GPO, in Chrome it is still recorded - disallow recording only works in Edge browser

B) Firefox and Tor Browser is recorded always, including in private mode - the exception is Hollywood DRM’d videos

I got ahold of the Copilot+ software.

Recall uses a bunch of services themed CAP - Core AI Platform. Enabled by default.

It spits constant screenshots (the product brands then “snapshots”, but they’re hooked screenshots) into the current user’s AppData as part of image storage.

The NPU processes them and extracts text, into a database file.

The database is SQLite, and you can access it as the user including programmatically. It 100% does not need physical access and can be stolen.