this post was submitted on 01 Jun 2024
0 points (NaN% liked)

Technology

58458 readers
4579 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
L4s@lemmy.world
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
0
Stealing everything you’ve ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster. (doublepulsar.com)
submitted 4 months ago by Stopthatgirl7@lemmy.world to c/technology@lemmy.world
174 comments fedilink hide all child comments
 

Q. Is this really as harmful as you think?

A. Go to your parents house, your grandparents house etc and look at their Windows PC, look at the installed software in the past year, and try to use the device. Run some antivirus scans. There’s no way this implementation doesn’t end in tears — there’s a reason there’s a trillion dollar security industry, and that most problems revolve around malware and endpoints.

you are viewing a single comment's thread
view the rest of the comments
[–] NoiseColor@startrek.website 0 points 4 months ago (2 children)

It's very unlikely you could get the password from recall

[–] Adanisi@lemmy.zip 0 points 4 months ago (1 children)

????? It saves everything it sees that's the point ?????

[–] NoiseColor@startrek.website 0 points 4 months ago

Not the same as a snapshot.

[–] Spotlight7573@lemmy.world 0 points 4 months ago* (last edited 4 months ago) (1 children)

The video posted by Moorshou literally shows someone getting a password and a credit card number from it. Yes, the password was due to someone clicking the show password button momentarily but do we just never expect people to use those or to not use a password manager that would show the password on screen at some point? Due to it doing text recognition, you would literally be able to just search for "credit card" to find all the times when it was displaying a credit card field on a checkout page or "password" to find all the times someone is logging in or using their password manager. And that's using the built in search, not even exfiltrating the data and processing it with more specialized tools.

You really need to watch that video to see what it can do and how easily it can do it.

[–] NoiseColor@startrek.website 0 points 4 months ago (1 children)

So even if it does ship like this guy thinks it will, it will take someone gaining control of the computer and having the victim click show password at the wrong time.

The end is nigh.

[–] Adanisi@lemmy.zip 0 points 3 months ago* (last edited 3 months ago) (1 children)

https://github.com/xaitax/TotalRecall

User python script. Full control of computer not required.

[–] NoiseColor@startrek.website 0 points 3 months ago (1 children)

And how does the python script run itself?

[–] Adanisi@lemmy.zip 0 points 3 months ago* (last edited 3 months ago) (1 children)

How does any virus run itself? Are you seriously this dense?

Hint: there are many attack vectors, including no-click drive-by downloads, programs from Softonic, etc.

[–] NoiseColor@startrek.website 0 points 3 months ago

Damn you are so stupid. But it's normal for stupid people to think they are smart.

Smarter guy here on lemmy calling other people names than all the people at Microsoft.

I'm done here. Bye.