Tootfinder

Opt-in global Mastodon full text search. Join the index!

@Xavier@infosec.exchange
2024-06-14 21:03:17

Hey everyone. I'm promoting a new YouTube channel hosted by a friend and her family. I'm loving the content she's putting out there. Consider subscribing!
#infosec #training
youtube.com/@cyberchristy911

@catsalad@infosec.exchange
2024-06-11 19:07:59

QR code SQL injection from popular biometric terminal
💥⁠#InfoSec #CyberSecurity

@pre@boing.world
2024-05-17 02:20:00

#Infosec #Warning
Don't click on any link with "Google" or "Facebook" in the domain, it links to a terrible surveillance capitalist who will build a profile on you to try and help the capital manipulate you.
Be Safe: Never click on Google.

@Xavier@infosec.exchange
2024-06-12 16:24:27

#Tile has been breached according to @…. I'm disturbed to find out that they had a police query tool. I'm going to end up being a hermit just to have some god damn privacy from my government.
#breach #infosec
archive.is/NC1NI

@catsalad@infosec.exchange
2024-04-08 12:51:30

Mystery solved!

#P4x #CyberSecurity #InfoSec @…

@tarah@infosec.exchange
2024-04-27 15:20:36

EDIT: on its way to @…. Thanks, all!
Please share to wireless hackers: Who in the community is doing hacking on fitness trackers, BTLE stuff, radio/wireless, etc? I have an Oura Ring that I had replaced by warranty because the battery life halved suddenly, but it works fine (if with 2-3 days of battery life instead of 5).
Who's the person who'd like this for their lab? I will send a charger as well as the ring because I have an extra one. #infosec #btle #wireless

@grumpybozo@toad.social
2024-05-14 17:12:45

Found an interesting bug in #LittleSnitch, a connection gatekeeper for #macOS that I know many people in #InfoSec use and/or help others use.
If you have a program which is NOT a web browser (in my case, <…

@catsalad@infosec.exchange
2024-04-09 10:45:49

Happy Tuesday everyone! Hope you're all doing well... 😁
Aww, Patch Tuesday wants to say hi!

#InfoSec #CyberSecurity #️⃣CatSalad

@Xavier@infosec.exchange
2024-05-09 17:44:05

When someone wants us to mitigate vulnerable devices by "putting it behind a firewall". Image stolen from @…
#infosec #firewall #meme

@dennisfaucher@infosec.exchange
2024-04-30 15:27:53

File under #deplorable
Hacker jailed for blackmailing therapy patients
#InfoSec

@Xavier@infosec.exchange
2024-05-09 17:44:05

When someone wants us to mitigate vulnerable devices by "putting it behind a firewall". Image stolen from @…
#infosec #firewall #meme

@jtk@infosec.exchange
2024-04-21 22:29:32

On this day in 2017, the world said goodbye to Neil Long. Many people seeing this probably won't have any idea who this is. He wanted no special mention or remembrance upon his passing, but I'm going to keep ignoring his wishes, because he was a friend, colleague, and a person who deserves to be remembered.
When I met him he was doing #infosec at Oxford University. He was involved in early various botnet and DDoS mitigation activities and maintained darknet services plus a howto page for many years. He was on the board of FIRST.org and was one of the founders of Team Cymru.
One of my fondest memories of him was the way he completely dismantled some poor fellow who posed some challenge or question in a very rude manner. The best part of Neil's retort, was not what he said, but how he said it. In that finely honed, proper, and understated British way, Neil ultimately dismissed him and moved on. I don't think the recipient fully understood he had been completely flattened until hours later.

@shellsharks@infosec.exchange
2024-03-22 13:30:44

#followfriday is here once more. As usual, I have some great #infosec / #cybersecurity accounts I've followed recently to recommend!
- @…
- @…
- @…
- @…
- @…
I've stood up a personal / "single-user” instance and am experimenting with it to see if it would be suitable to host my *main* Fediverse account. If it turns out to be decently performant, I may migrate this account over there in the future. If you would like to follow me over there in the meantime, feel free to follow @…. Thanks 🧡!

@catsalad@infosec.exchange
2024-04-03 14:02:09

How will the Merck settlement affect the insurance industry?

March 28, 2024 — By @… #Cybersecurity #InfoSec #Insurance

@losttourist@social.chatty.monster
2024-05-09 19:15:33

It looks like #Dell have suffered a data breach. I bought a Dell laptop a few years ago and have just received this to the email address I used when purchasing it.
#Infosec #DataBreach

@grumpybozo@toad.social
2024-06-13 20:05:20

The way you prevent big customers from being cranky about breaking SSO is to never give them *already broken SSO*
#Sysadminnery #InfoSec

@patrick_townsend@infosec.exchange
2024-04-12 20:23:48

NIST and Web3 Security – A Developing Perspective
 
The National Institute for Standards and Technology just released an initial draft of “A Security Perspective on the Web3 Paradigm” as document IR 8475. It is not long and it is a great take on how NIST is thinking about Web3 security. Here is the link:
 
#Web3 #NIST #Security #InfoSec #BlockChain #IPFS
 

@frankel@mastodon.top
2024-04-09 09:04:03

#Google Public #DNS’s approach to fight against cache poisoning attacks #infosec

@catsalad@infosec.exchange
2024-04-03 14:02:09

How will the Merck settlement affect the insurance industry?

March 28, 2024 — By @… #Cybersecurity #InfoSec #Insurance

@floheinstein@chaos.social
2024-04-07 11:31:31

TIL: posting the XKCD comic strip "security" is a violation of Facebook's "Community Standards on violence and incitement"
#xkcd #facebook #infosec

Facebook logo. Then text

Your comment may go against our Community Standards on violence and incitement

Your comment in Flipper Zero Level Up looks similar to content that we've removed for going against our Community Standards. You can delete it now to avoid potential account restrictions.

Screenshot of my FB comment

You can use a wrench instead of the pinball

https://xkcd.com/538/
@timbray@cosocial.ca
2024-04-01 20:22:33

This is brutal. I was shocked that the obvious vandalism is so hard to see, and then my brain immediately turned to other ways to accomplish the same thing even more discreetly, and a few of the things I thought of made me want to puke.
#xz #infosec

@unixorn@hachyderm.io
2024-06-05 13:52:49

#ai #infosec #InfosecMemes

Screen shot of a bluesky post by Jason Sullivan @jason0x21.bsky.social where he adds this caption

"One of the toughest problems Microsoft has to solve is that Windows has to serve two very different types of users: business users who don't want this at all, and home users who don't want this at all."

to a screen shot of a news site that reads:

TECH / PRODUCT NEWS & REVIEWS New Windows Al feature records everything you’ve done on your PC Recall use Al features "to take imaages of vour active …
@bibbleco@infosec.exchange
2024-04-06 19:07:37

@… "...we have constructed a whole new world on top of a technology [FOSS] that is intrinsically and fundamentally insecure." That's right, you towering blunderwit, they're called Von Neumann Machines.
He even namechecks the #Solarwinds disaster when describing supply chain attacks, FFS. How many clueless managers will be fist pounding their desks on Monday morning demanding that this intrinsically nd fundamentally insecure Free / open source software is ripped out of their organisations?
#xv #infosec #freeandopensourcesoftware

@shellsharks@infosec.exchange
2024-03-18 20:17:01

I don’t have Twitter/X on my phone and have not used the service since I came over to infosec.exchange in late 2022. But! I have seen some great posts from accounts who seem to still primarily exist over there in my timeline via bird.makeup. So my question is, are there any twitter accounts for #infosec / #cybersecurity people that you think are really good / worth following / high value enough that I should add to my follows here (again, via bird.makeup)? It's not ideal I admit, but given Mastodon my curated RSS feed is my primary source(s) of infosec news/research/etc... i'm not opposed to going the bridge route. Thanks!

@Xavier@infosec.exchange
2024-06-01 17:35:46

Great story of how good the scammers are getting. I suggest most folks read, even us #infosec folks.
threadreaderapp.com/thread/179

@keen456@infosec.exchange
2024-06-04 17:10:37

Great blog post going into how the author discovered they could reach any Cox account/modem remotely and change settings.
#infosec #vulnerability #cablemodem #coxcommunications

@patrick_townsend@infosec.exchange
2024-04-12 20:23:48

NIST and Web3 Security – A Developing Perspective
 
The National Institute for Standards and Technology just released an initial draft of “A Security Perspective on the Web3 Paradigm” as document IR 8475. It is not long and it is a great take on how NIST is thinking about Web3 security. Here is the link:
 
#Web3 #NIST #Security #InfoSec #BlockChain #IPFS
 

@tarah@infosec.exchange
2024-06-04 19:44:23

#infosecjobs #hiring Alert: I'm hiring a career transition, entry-level, or intern-level web developer in Rust/Python at @….
We help managed service providers get and keep their small biz clients safe and secure!
This would be a great role for someone mid-career looking to move into a more technical role or into infosec, or who just finished a bootcamp or similar education.
Remote, US-only. Read the JD carefully or you'll miss the subject line requirement when you email me.
#cybersecurity #compliance #infosec

@whophd@ioc.exchange
2024-04-10 00:59:55

Second-order effect of #xz-utils: Should we report this YouTube channel for #misinformation? Or is it just a very bad habit from good intentions? #infosec

@Xavier@infosec.exchange
2024-05-30 22:32:16

Big #infosec news day...
theguardian.com/technology/art

@metacurity@infosec.exchange
2024-05-25 11:57:59

Metacurity is pleased to offer our free and premium subscribers a weekly digest of the best long-form (and longish) infosec-related pieces we couldn’t properly fit into our daily news crush.
This week's selection covers
--Hackers rescued a bricked Polish train,
--The double life of Incognito Market's founder,
--Tricking Wi-Fi networks into less secure connections,
--Cybercriminals are selling Indian police biometric data,
--AI fakes are used to recruit Indian voters,
--Indian fake news verification tools are a bust
#deepfakes #biometricdata #misinformation #hackers #databreach #infosec #cybersecurity
metacurity.com/p/best-infosecr

@losttourist@social.chatty.monster
2024-05-07 17:30:00

Shapps: "I can confirm to the House that we do have indications that this [data breach] was the suspected work of a malign actor."
So the personal and financial details of the UK Armed Forces has been stolen, and the Defence Secretary says it's "suspected" it was a "malign actor".
"Malign actor" is just another way of saying "the bad guys". And it was hardly someone working in the Army's best interests, was it!?
#Infosec #UKNews #DataSecurity

@Gord1i@fosstodon.org
2024-06-01 14:47:58

Some hard #infosec truths from the South African border agency

@wraithe@mastodon.social
2024-03-28 13:52:17

Funny #InfoSec story:
A couple years ago, I got a call from Microsoft about some potential issues on some account I manage.
Uh-huhn. Sure.
So I’m like “what account is this?”
MS: “I’m sorry, due to security restrictions, we can’t tell you the name of the account in question”
Me: “well, I work with a number of clients and I’m not giving you any of their information un…

@catsalad@infosec.exchange
2024-04-19 10:35:34
Content warning
🔥⁠#InfoSec #ProjectZero #Windows

@dennisfaucher@infosec.exchange
2024-05-24 15:13:05

My poor peers in Infosec. It never gets easier does it?
#OWASP #Infosec #AI #LLM

@grumpybozo@toad.social
2024-05-09 18:39:36

Deeply disappointed in the supposed “perimeter defense” tool which solicits CIDR blocks to be scanned but maxes out at 100 IPs, so anything /25 or larger is rejected.
So, I guess I won’t be having them scan our two /21s and various /24s.
#Sysadminnery #InfoSec

@Xavier@infosec.exchange
2024-04-10 20:02:23

Here's a fun #googledork. This finds all the government websites mentioning #Robux. Most, if not all are hacked websites.
#Roblox #infosec #breached
google.com/search?hl=en&q=site

@timbray@cosocial.ca
2024-03-27 16:36:12

Every time Dependabot says “Pls approve kthxby” and I go do this, I feel like a rat pressing a lever for a food pellet. And there’s a little voice inside my head saying “This is a hideous potential vulnerability, anyone who can subvert GitHub CI can pwn the entire freaking world in about a week…”
#infosec

Screenshot of a GitHub approve-PR form, where the only info about what's being approved is the hash of some inscrutable GitHub CI thing, in this case a code-coverage tester.
@floheinstein@chaos.social
2024-05-02 13:28:30

X: "I need SSH access to your server to do make that configuration change."
Me: "OK, send me your public key."
X: "I don't have a public key of that server. You need to send me username and password."
Me: 🤦‍♀️
Nope, you're definitely not tech savvy enough that I would allow you with SSH on my server.
#infosec

@Xavier@infosec.exchange
2024-04-10 20:02:23

Here's a fun #googledork. This finds all the government websites mentioning #Robux. Most, if not all are hacked websites.
#Roblox #infosec #breached
google.com/search?hl=en&q=site

@ingmar@norden.social
2024-05-07 06:47:05

„Two is one and one is none.“
Deswegen hab ich mir irgendwann gleich zwei YubiKeys bestellt.
Seitdem liegen sie ungenutzt in einer Schublade herum.
Thanks for coming to my security talk.
#YubiKey #ITSecurity

@metacurity@infosec.exchange
2024-05-25 11:57:59

Metacurity is pleased to offer our free and premium subscribers a weekly digest of the best long-form (and longish) infosec-related pieces we couldn’t properly fit into our daily news crush.
This week's selection covers
--Hackers rescued a bricked Polish train,
--The double life of Incognito Market's founder,
--Tricking Wi-Fi networks into less secure connections,
--Cybercriminals are selling Indian police biometric data,
--AI fakes are used to recruit Indian voters,
--Indian fake news verification tools are a bust
#deepfakes #biometricdata #misinformation #hackers #databreach #infosec #cybersecurity
metacurity.com/p/best-infosecr

@catsalad@infosec.exchange
2024-04-10 09:39:46
Content warning
⚠️⁠CVE-2024-27983 – Node.js HTTP/⁠2 server
⚠️⁠CVE-2024-27919 – Envoy's oghttp codec
⚠️⁠CVE-2024-2758 – Tempesta FW
⚠️⁠CVE-2024-2653 – amphp/⁠http
⚠️⁠CVE-2024-28182 – nghttp2 library
⚠️⁠CVE-2024-27316 – Apache Httpd
⚠️⁠CVE-2024-31309 – Apache Traffic Server
⚠️⁠CVE-2024-30255 – Envoy < 1.29.2
⚠️⁠CVE-2023-45288 – Go packages net/⁠http and net/⁠http2


#InfoSec #CyberSecurity #CVE #DoS #HTTP2 #Vulnerability #️⃣CatSalad

@Xavier@infosec.exchange
2024-05-10 16:19:09

The threat actor said he registered with several different names on a particular Dell portal as a “partner.” A partner, he said, refers to a company that resells #Dell products or services. After Dell approved his partner accounts, Menelik said he brute-forced customer service tags, which are made of seven digits of only numbers and consonants. He also said that “any kind of partner” could access the portal he was granted access to.
“[I] sent more than 5,000 requests per minute to this page that contains sensitive information. Believe me or not, I kept doing this for nearly 3 weeks and Dell did notice anything. Nearly 50 Million requests…After I thought I got enough data, I sent multiple emails to Dell and notified the vulnerability. It took them nearly a week to patch it all up,” Menelik told #TechCrunch.
#infosec #breach
techcrunch.com/2024/05/10/thre

@grumpybozo@toad.social
2024-05-07 19:34:57

Indeed, if you are doing things that are likely to lead to legal demands from law enforcement to your email provider that you want them to fight, you had best be your own email provider.
Proton, Tutanota, MS, Yahoo, Google, Apple, GMX, Fastmail, et al will not fight a valid legal demand for your data that they can fulfill.
Intrinsically, email security is extremely difficult. There's a reason Signal does not do email.

@Xavier@infosec.exchange
2024-05-10 16:19:09

The threat actor said he registered with several different names on a particular Dell portal as a “partner.” A partner, he said, refers to a company that resells #Dell products or services. After Dell approved his partner accounts, Menelik said he brute-forced customer service tags, which are made of seven digits of only numbers and consonants. He also said that “any kind of partner” could access the portal he was granted access to.
“[I] sent more than 5,000 requests per minute to this page that contains sensitive information. Believe me or not, I kept doing this for nearly 3 weeks and Dell did notice anything. Nearly 50 Million requests…After I thought I got enough data, I sent multiple emails to Dell and notified the vulnerability. It took them nearly a week to patch it all up,” Menelik told #TechCrunch.
#infosec #breach
techcrunch.com/2024/05/10/thre

@grumpybozo@toad.social
2024-05-07 19:34:57

Indeed, if you are doing things that are likely to lead to legal demands from law enforcement to your email provider that you want them to fight, you had best be your own email provider.
Proton, Tutanota, MS, Yahoo, Google, Apple, GMX, Fastmail, et al will not fight a valid legal demand for your data that they can fulfill.
Intrinsically, email security is extremely difficult. There's a reason Signal does not do email.

Die #infosec Probleme an der HS Mannheim schlagen einfach weitere Wellen. Kann doch nicht sein, dass es da nicht 1 kompetente Person gibt, die mal darüber aufklärt, was das konkrete Bedrohungsszenario ist.
(Opinion über das Mismanagement is my own)

@Xavier@infosec.exchange
2024-04-10 18:26:32

If you have a shoe string budget and can't afford a service like @… (and/or you're depending on fail2ban as a preventative control), this Dictionary Based Blocking looks to be very effective.
This research paper has tons of interesting tidbits. Worth the read! Or if you're going to #NSDI24, you can see a presentation by @…
#infosec #ssh #bruteforce #hacking #research
discuss.systems/@ricci/1122475

@Xavier@infosec.exchange
2024-04-10 18:26:32

If you have a shoe string budget and can't afford a service like @… (and/or you're depending on fail2ban as a preventative control), this Dictionary Based Blocking looks to be very effective.
This research paper has tons of interesting tidbits. Worth the read! Or if you're going to #NSDI24, you can see a presentation by @…
#infosec #ssh #bruteforce #hacking #research
discuss.systems/@ricci/1122475

@floheinstein@chaos.social
2024-05-22 13:30:21

Days without DATETIME / TIMESTAMP incident:
#infosec #mysql #development

a sign with text "days without datetime / timestamp incident" and digits in red on black showing -32768
@catsalad@infosec.exchange
2024-04-03 00:54:28

MastoVue #OSINT search

Peek into any public Mastodon Timeline or search for Hashtags.
#InfoSec #MastoVue #️⃣CatSalad

@grumpybozo@toad.social
2024-06-04 13:50:38

See thread context…
If you are actually facing an #InfoSec threat environment that credibly includes physical violence, you need MUCH more expertise than you can find in any online bullshitting forum. I can argue either side of the wipe vs. Potemkin Village UI issue for a durress password, because I AM A BOZO WHO KNOWS NOTHING OF THAT OF WHICH I SPEAK.
99.9% of people really do not …

@shellsharks@infosec.exchange
2024-03-21 13:06:37

If you are in #infosec / #cybersecurity and looking for an easier way to follow interesting infosec accounts that are relatively high signal-to-noise without having to scour the Fediverse, consider checking out the #mammoth Mastodon client and subscribing to the new #indiesec Smart List! Smart Lists are a unique feature pioneered by Mammoth which offers curated lists of accounts in a number of different subject areas.
To start, the IndieSec Smart List (curated by yours truly) features 50 independent security researchers /professionals across many infosec sub-disciplines. I will continue to maintain this list and add new accounts in the coming weeks (I have a whole backlog of accounts I'd like to see added). Over time, this list will seek to feature many accounts that are lower-volume, but high-quality in terms of content. Surfacing harder-to-find accounts (by doing hours of scrolling and curation) is one more way we as a community are improving #discoverability across the network.
Thanks to the @… team and @… for working with me on this new list. If you have any questions about the list feel free to drop me a message!
Edit: I should add - you can see everyone who is featured on this list here github.com/shellsharks/assorte. When new accounts are added, they too will be represented there.

@johndoe@social.linux.pizza
2024-06-04 19:51:57

SimpleX Chat is now available with private message routing, IP address protection for messages, files & media, new chat themes and more #simplex #privacy #infosec

@lilmikesf@c.im
2024-05-03 16:19:01

7 million customers had their #DNA #data exposed in a hacker #InfoSec breach at 23andMe and #lawyers are feuding over will get the lion's share of

@unixorn@hachyderm.io
2024-06-07 14:43:40

#Recall is the gift that keeps on giving. #infosec #microsoft_recall #microsoft

@timbray@cosocial.ca
2024-03-23 18:34:51

I just discovered that apparently Time Machine backups are *not* encrypted by default. This seems crazy insecure. Would like to be told that “Yes they are!” or “No, that’s not crazy insecure because…”
[Back story: Just replaced a disk in our Synology that was going bad, wondering if I should hit it with a hammer a few times before tossing it in electronics recycling. My Arq backups are safe but apparently my wife’s Time Machines aren’t.]

@grumpybozo@toad.social
2024-05-02 12:24:20

Oh look, the assholes calling themselves stretchoid.com have put some of their scanners on Azure UK. Easy enough to shun THAT /13…
#Infosec #scanners

@Xavier@infosec.exchange
2024-04-03 14:08:33

“Today, I am releasing the documents belonging to the Five Eyes Intelligence Group. This data was obtained by breaching into #Acuity Inc, a company that works directly with the US Government and its allies,” the attackers boasted.
#infosec #breach #FiveEyes
cybernews.com/news/acuity-alle

@grumpybozo@toad.social
2024-05-27 16:04:22

WHEEEE!
Once again I dodge a bullet entirely by accident.
I mean, #FluentBit would almost certainly be something I’d be using if $dayjob's expansion plans had not been blown up by Covid.
My condolences for all of the people who have to deal with this.
#InfoSec

@floheinstein@chaos.social
2024-04-01 18:55:21

Interception, data breach, data leak, unauthorized data transfer...
All these terms basically mean the same thing: Available data is repurposed.
But they all have a negative connotation. I propose that we change our attitude, think positive about it and henceforth call it "data upcycling", using this logo
#dataupcycling

An eye inside a recycling symbol
@teledyn@mstdn.ca
2024-04-23 03:32:36

My nomination for Most Honest Privacy Statement by a cloud service.
The Trust Factor in Public Servers | Miro’s Blog
#infosec #digitalprivacy #facingfacts #dybdybdyb

@frankel@mastodon.top
2024-04-01 17:30:00

#AI hallucinates software packages and devs download them – even if potentially poisoned with malware #security #infosec #supplychainsecurity

@floheinstein@chaos.social
2024-04-01 18:55:21

Interception, data breach, data leak, unauthorized data transfer...
All these terms basically mean the same thing: Available data is repurposed.
But they all have a negative connotation. I propose that we change our attitude, think positive about it and henceforth call it "data upcycling", using this logo
#dataupcycling

An eye inside a recycling symbol
@Xavier@infosec.exchange
2024-05-30 22:29:38

I heard that the attackers were just trying to get Taylor Swift tickets.
#breakingnews #infosec #breach #ticketmaster
foxbusiness.com/technology/hac

@Xavier@infosec.exchange
2024-03-29 19:04:34

I found this graph from Google’s Threat Analysis Group and Google Mandiant extremely interesting. This pie chart highlights the motivation behind various threat groups that are using #ZeroDay vulnerabilities.
That yellow section... "The commercial surveillance industry has emerged to fill a lucrative market niche: selling cutting edge technology to governments around the world that exploit vulnerabilities in consumer devices and applications to surreptitiously install spyware on individuals’ devices. "
Thoughts? Are you surprised by this data?
Full Report: #infosec #google #mandiant #threatintel

@shellsharks@infosec.exchange
2024-03-18 14:01:50

OK, so #AskFediSec seemed to win that particular round but many people offered up the suggestion #AskInfosec which I also really like, so here's a run-off. For the folks that liked the idea of having a *dedicated* hashtag for this kinda thing, what is your preference below?
I'll also note that some variations of #AskInfoSex were also floated and tbh could be quite popular 😉🤣.
#infosec #cybersecurity
#AskFediSec
#AskInfosec

@grumpybozo@toad.social
2024-03-30 19:17:46

For anyone who has missed it: One of the maintainers of xz/liblzma (& libarchive?) has apparently been backdooring it for a couple of years. Fortunately it seems to only target Debian-based distros!? So once again I luck out with my oblivious computing choices, having almost everything personally and professionally either EL-based or BSD-based
#InfoSec

@Xavier@infosec.exchange
2024-03-29 18:02:25

"PLEASE IMMEDIATELY STOP USAGE OF ANY FEDORA RAWHIDE INSTANCES for work or personal activity. #FedoraRawhide will be reverted to xz-5.4.x shortly, and once that is done, #Fedora Rawhide instances can safely be redeployed. " #infosec #vulnerability
redhat.com/en/blog/urgent-secu

@unixorn@hachyderm.io
2024-05-31 22:03:03

#infosec #copilot #microsoft_recall
On the one hand #Microsoft has Windows Defender that blocks k…

Tweet from @GossiTheDog.

Microsoft told media outlets a hacker cannot exfiltrate Copilot+ Recall activity remotely.

Reality: how do you think hackers will exfiltrate this plain text database of everything the user has ever viewed on their PC? Very easily, I have it automated.

Followed by a screen shot of opening the sqlite activity database with some example activity
@grumpybozo@toad.social
2024-04-21 16:48:17

Remember, folks, it is impossible to asses your security choices without understanding your threat model…
A small minority of people are at a meaningful risk of being forced by US law enforcement to unlock a phone. Even fewer are at any risk of such an intrusion leading to any further trouble.
Far more people are primarily at risk from fundamentally *illegal* threat actors: thieves, "friends," and family rather than cops.