GossiTheDog

GossiTheDog, 9 days ago

GossiTheDog, 9 days ago

@sepi1enfwb those aren’t AI 🤣

GossiTheDog, 11 days ago (edited 8 days ago)

The deleted Hudson Rock post on Snowflake breach: https://web.archive.org/web/20240531140540/https://hudsonrock.com/blog/snowflake-massive-breach-access-through-infostealer-infection

For the record I don't think all the content is accurate - however Snowflake did have a security incident via their former employee, they have full IR stood up. They didn't follow their own best practices.

I also know multiple orgs who've had their full databases take from Snowflake.

GossiTheDog, 11 days ago

I wrote a blog on everything I know about the Snowflake situation https://doublepulsar.com/snowflake-at-central-of-worlds-largest-data-breach-939fc400912e

GossiTheDog, 10 days ago (edited 3 days ago)

The Snowflake authentication setup is terrible.

MFA can’t be enabled org wide, each user has to manually log in and enable it. There’s no policy to block users without MFA. And it uses Duo MFA rather than your orgs MFA. (You can bring your own MFA with SAML).

Also all users log in via a Snowflake domain, so you can just pull creds from info stealer marketplaces or logs.

That’s why they’re being targeted as a platform.

GossiTheDog, 10 days ago

@SamJSharpe huh.. I wonder if it’s a licensing thing. Are you an admin on them? I’m pondering how your org set that up.

GossiTheDog, 10 days ago

Hudson Rock have put out a statement saying a legal threat from Snowflake caused them to remove their blog. https://www.linkedin.com/posts/hudson-rock_activity-7203433945919578113-RH05 HT @mattburgess

GossiTheDog, 11 days ago

Nvidia just announced that Copilot+ and Recall are coming to AMD systems. https://www.theverge.com/2024/6/2/24169568/microsoft-copilot-plus-gaming-pc-nvidia-amd

GossiTheDog, 10 days ago (edited 3 days ago)

Somebody made a tool called Total Recall to dump Recall database and screenshots. https://x.com/xaitax/status/1797349055917416457?s=46

GossiTheDog, 10 days ago

Recent DHS published report handed to the US President which said it had "identified a series of Microsoft operational and strategic decisions that collectively pointed to a corporate culture that deprioritized enterprise security investments and rigorous risk management"

Microsoft: let’s use AI to screenshot everything users do every 5 seconds, OCR the screenshots, make it searchable and store it in AppData!

Tkn GIF by ROSALÍA

GossiTheDog, 10 days ago (edited 8 days ago)

Searching Recall database for passwords with @awakecoding

GossiTheDog, 9 days ago

🫡

GossiTheDog, 9 days ago

If anybody is wondering if you can enable Recall on a machine remotely without Copilot+ hardware support - yep.

I’ve also found a way to disable the tray icon.

GossiTheDog, 9 days ago

I went and looked at YouTube for Recall to get out of the echo chamber and I can only find one positive video. Even the people at the event are slating it, including people with media provided Copilot+ PCs.

There’s some content creators who’ve realised it records their credit cards, so they’re making videos of their cards going walkies.

image/jpeg
image/jpeg
image/jpeg

GossiTheDog, 9 days ago

@acquirer a Windows fan site

GossiTheDog, 9 days ago

It’s going to be interesting to see how Microsoft get out of this one. They may have contractual commitments to ship Recall with external parties.

I thought they were risking crashing the Copilot brand with this one, but I was wrong looking at the videos and comments on them - I think they’re crashing the Windows consumer brand.

The reaction to photographic memory of what people do at home has - you’ll be surprised to know - not been seen as a reason to buy a device, but a reason why not to.

GossiTheDog, 9 days ago (edited 8 days ago)

@forgifuzzbutt yep. And there’s loads of tangible security benefits from the rest of the work going on in Windows 11 in terms of security.

They just shit their own bed on this one by not understanding their customers, Apple must be so happy.

GossiTheDog, 9 days ago

@never_released oh I agree they will be shipping. Commercially it looks like they’ve made New Coke. There’s gonna be victims in terms of fraud from Recall, which is just going to pile on the problems.

GossiTheDog, 9 days ago

@Npars01 I don’t think it’s anything like that at all, they’ve probably just signed deals with AMD, Dell etc for laptops with Copilot+

GossiTheDog, 9 days ago

@Npars01 that has nothing to do with Recall

GossiTheDog, 9 days ago

Windows Central, about the only outlet giving Recall positive coverage and having articles tweeted by Microsoft staff - have updated their take after being hands on with a device. https://www.windowscentral.com/software-apps/windows-11/microsoft-should-recall-windows-recall-security-researcher-finds-microsofts-new-ai-tool-woefully-insecure

GossiTheDog, 9 days ago

@jt_rebelo yeah, they’re wrong about that. They’re talking to Microsoft people about it and unfortunately Microsoft people don’t seem to understand what happens outside their world.