Technology

58009 readers

2968 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS

xaitax/TotalRecall: This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots. (github.com)

submitted 3 months ago by salarua@sopuli.xyz to c/technology@lemmy.world

5 comments fedilink hide all child comments

this rootless Python script rips Windows Recall's screenshots and SQLite database of OCRed text and allows you to search them.

top 5 comments

sorted by: hot top controversial new old

[–] xavier666@lemm.ee 1 points 3 months ago (1 children)

Please go through the FAQ section of the git project. It's an eye-opener.

Q. Does this enable mass data breaches of website?

A. Yes. The next time you see a major data breach where customer data is clearly visible in the breach, you’re going to presume company who processes the data are at fault, right? But if people have used a Windows device with Recall to access the service/app/whatever, hackers can see everything and assemble data dumps without the company who runs the service even being aware. The data is already consistently structured in the Recall database for attackers. So prepare for AI powered super breaches. Currently credential marketplaces exist where you can buy stolen passwords — soon, you will be able to buy stolen customer data from insurance companies etc as the entire code to do this has been preinstalled and enabled on Windows by Microsoft.

[–] exanime@lemmy.today 1 points 3 months ago

It's worst than that (as bad as this is)...

Today getting some data on a user is bad as smart hackers can put together the context ... However any guessing the hacker has to do may alert the user before the hacked data can successfully be exploited

Now, a hacker would know exactly where each password goes and worse, they'd could learn the entire workflow of internal systems to successfully imitate a trained user...

This means the hacker could use the stolen bank data and legitimately issue credit cards to anyone they want (for example)

It's no longer "we'll expose some data", now it's "we can use this data to infiltrate your systems and wreak havoc in whatever way we want"

[–] gravitas_deficiency@sh.itjust.works 0 points 3 months ago* (last edited 3 months ago) (1 children)

In a hilarious and infuriating side note, MS is obviously doing their absolute best to blame-shift here.

It’s code. It’s a project someone made to graphically illustrate and demonstrate, in the wild, why the entire concept of MS Recall is an absolutely awful, foundationally-flawed idea. It is not a “hacker tool”. The MS c-suite and board members are just pissed that stock go down as a result of their stupidity, and they’re looking for people to blame who aren’t themselves.

[–] misterkiem@lemmy.world 0 points 3 months ago (1 children)

Where is the blame shifting? The article says they made no comment and the only MS quotes are just random pr feature blurbs

[–] gravitas_deficiency@sh.itjust.works 0 points 3 months ago

Dude the headline:

this hacker tool

It’s absolutely not a “hacker tool”. It’s a proof of concept. It’s just code. The author and/or editor is leaning on ingrained negative kneejerk reactions from less knowledgeable members of the general public towards the term “hacker”.