https://t.co/r8moXSpOva. I create cyber weather. Follow me: https://t.co/vdIisQz5hg
20 subscribers
May 30 • 13 tweets • 5 min read
Microsoft told media outlets a hacker cannot exfiltrate Copilot+ Recall activity remotely.
Reality: how do you think hackers will exfiltrate this plain text database of everything the user has ever viewed on their PC? Very easily, I have it automated.
HT detective
It's just an SQLite database, feature ships in a few weeks - I've already modded it into an Infostealer hosted on Microsoft's Github (a few lines of code)
Microsoft are going to deliberately set cybersecurity back a decade & endanger customers by empowering low level criminals.
May 21 • 11 tweets • 4 min read
From Microsoft’s own FAQ: "Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers."
Current situation: InfoStealer malware, stealing your saved passwords.
Coming situation: CoPilot Recall malware, where it steals everything you’ve ever typed or viewed as it’s in an already assembled database.
Thanks, Microsoft, for your service to enabling malicious hackers.
May 22, 2023 • 9 tweets • 3 min read
The Sunday Times had a piece yesterday about what's happening at Capita around cybersecurity.
I want to do a deep dive thread on it. Strap in. thetimes.co.uk/article/capita…
First of all, yes, Capita had published lots of internal policies marked confidential on their own website - including its guide on how to keep information confidential. These have now been taken down.