Microsoft’s publicity team do a thing with media articles they don’t like, which is a not engage and amplify message to staff.
The problem they have - every time Recall is mentioned, the botched rollout will come back up and the privacy and security concerns will reappear.
So they basically have a situation where the AI product group, or whoever owns Recall, are going to negatively impact the security product and services group.
@GossiTheDog
Microsoft #FAFO
This was by design to gauge consumer/customer sentiment and then make changes based on outcry. Zero privacy and security focus.
For those who aren’t aware, Microsoft have decided to bake essentially an infostealer into base Windows OS and enable by default.
From the Microsoft FAQ: “Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers."
Info is stored locally - but rather than something like Redline stealing your local browser password vault, now they can just steal the last 3 months of everything you’ve typed and viewed in one database.
Recall uses a bunch of services themed CAP - Core AI Platform. Enabled by default.
It spits constant screenshots (the product brands then “snapshots”, but they’re hooked screenshots) into the current user’s AppData as part of image storage.
The NPU processes them and extracts text, into a database file.
The database is SQLite, and you can access it as the user including programmatically. It 100% does not need physical access and can be stolen.
A company paid a ransomware group.. then had their info leaked by the same ransomware group anyway. Not isolated at all, eg UnitedHealthcare paid $20m and then got extorted again by the same person.
@GossiTheDog I guess at least he pins his colours to the mast... He also said that Putin is great and that women are all spongers and should be denied healthcare...
Very big cyber incident playing out at Snowflake, who describe themselves as “AI Data Cloud”. They have a free trial where anybody can sign up and upload data… and they have.
Threat actors have been scraping customer data using a tool called rapeflake, for about a month.
The tl;dr of the Snowflake thing is mass scraping has been happening, but nobody noticed.. and they're pointing at customers for having poor credentials. It appears a lot of data has gone walkies from a bunch of orgs.
Snowflake is a big AI data company with a conference in the US next week, chances of that going ahead are interesting.
Snowflake: there is absolutely no cybersecurity incident.
Also Snowflake: Please run these commands and look for "threat activity" logins with the user agent "rapeflake" using this knowledge base article we haven't listed on our website.
Leicester City Council remains offline, from my automated monitoring, from their ransomware incident. A person in the council tells me they’ve been told not to admit it is ransomware by central government.
The BBC reports they expect to return mid week. My take - very unlikely they will get back online mid week.
@GossiTheDog with the well thought out security of Recall, I'm kinda expecting someone breaking the DB with sql injection while writing sql for something unrelated 😀
Here's the mod support, it's called Creations and drops today.
Anybody can upload free mods, Bethesda can drop their own mods, and vetted community creators can charge for mods.
I know, I know - paid mods, lame etc as the groupthink, but it should enable modders to make a living and.. well.. incentivises creating big and good mods as it rewards content creators financially.
PSA: If you use ComfyUI_LLMVISION in ComfyUI, it was hacked by "Nullbulge Group" and had malware injected. It had Async remote access trojan for Windows embedded in it.
"This repository provides integration of GPT-4 and Claude 3 models into ComfyUI, allowing for both image and text-based interactions within the ComfyUI workflow." #threatintel
Btw ComfyUI should be blocked in business environments as the setup of it is ripe for abuse - it's an AI 'stable diffusion' thing where every plugin allows native code execution by design, and there's absolutely no QA or guardrails at all.
They badly needed a good showcase as the Xbox brand is in self inflicted turmoil... and they got it I think. It was great.
Lots of big games and new IP to look forward to.
Not announcing a Pro console when PS5 are about to announce one for this year will probably lead to further console sales erosion but I think they've just given up on hardware now.
@GossiTheDog imo refocusing on getting better gameplay and features out of the same hardware when graphics hardware performance per watt has largely stagnated is a good move.