Microsoft told media outlets a hacker cannot exfiltrate Copilot+ Recall activity remotely.

Reality: how do you think hackers will exfiltrate this plain text database of everything the user has ever viewed on their PC? Very easily, I have it automated.

HT detective It's just an SQLite database, feature ships in a few weeks - I've already modded it into an Infostealer hosted on Microsoft's Github (a few lines of code)

Microsoft are going to deliberately set cybersecurity back a decade & endanger customers by empowering low level criminals.

From Microsoft’s own FAQ: "Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers."

https://twitter.com/tsarnick/status/1792680674060832829

Current situation: InfoStealer malware, stealing your saved passwords.

Coming situation: CoPilot Recall malware, where it steals everything you’ve ever typed or viewed as it’s in an already assembled database.

Thanks, Microsoft, for your service to enabling malicious hackers.

The Sunday Times had a piece yesterday about what's happening at Capita around cybersecurity.

I want to do a deep dive thread on it. Strap in. thetimes.co.uk/article/capita… First of all, yes, Capita had published lots of internal policies marked confidential on their own website - including its guide on how to keep information confidential. These have now been taken down.