Q. Is this really as harmful as you think?

A. Go to your parents house, your grandparents house etc and look at their Windows PC, look at the installed software in the past year, and try to use the device. Run some antivirus scans. There’s no way this implementation doesn’t end in tears — there’s a reason there’s a trillion dollar security industry, and that most problems revolve around malware and endpoints.

  • NoiseColor
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    3
    ·
    5 months ago

    But it doesn’t save completely everything. It does snapshots as far as I understand. So it’s unlikely a whole password would be there on a snapshot. And again, it had to be mentioned that anything can be excluded from recall or disabled completely.

    At this point it has to be again highlighted that gaining access to a computer is very hard and that in itself is game over scenario. More information can be gained from a keylogger than this recall feature.

    • Spotlight7573@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      5 months ago

      A keylogger isn’t retroactive to before the keylogger was installed though. Recall is. Also, with Recall you don’t need to write keylogging software and get it past antimalware scans (and keep it from getting detected), you just have to get an infostealer past them one single time to take the Recall database.

      • NoiseColor
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        5
        ·
        5 months ago

        It’s very unlikely you could get the password from recall

        • Spotlight7573@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          5 months ago

          The video posted by Moorshou literally shows someone getting a password and a credit card number from it. Yes, the password was due to someone clicking the show password button momentarily but do we just never expect people to use those or to not use a password manager that would show the password on screen at some point? Due to it doing text recognition, you would literally be able to just search for “credit card” to find all the times when it was displaying a credit card field on a checkout page or “password” to find all the times someone is logging in or using their password manager. And that’s using the built in search, not even exfiltrating the data and processing it with more specialized tools.

          You really need to watch that video to see what it can do and how easily it can do it.

          • NoiseColor
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            2
            ·
            5 months ago

            So even if it does ship like this guy thinks it will, it will take someone gaining control of the computer and having the victim click show password at the wrong time.

            The end is nigh.

              • NoiseColor
                link
                fedilink
                English
                arrow-up
                1
                arrow-down
                1
                ·
                5 months ago

                And how does the python script run itself?

                • Adanisi@lemmy.zip
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  edit-2
                  5 months ago

                  How does any virus run itself? Are you seriously this dense?

                  Hint: there are many attack vectors, including no-click drive-by downloads, programs from Softonic, etc.

                  EDIT: Does this person seriously believe that because Microsoft made it, it must be secure, despite that literally having just been proven wrong? And that pointing that out means I need to be smarter than everyone at MS? That explains the delusional argument they’re going with.

                  • NoiseColor
                    link
                    fedilink
                    English
                    arrow-up
                    1
                    arrow-down
                    3
                    ·
                    5 months ago

                    Damn you are so stupid. But it’s normal for stupid people to think they are smart.

                    Smarter guy here on lemmy calling other people names than all the people at Microsoft.

                    I’m done here. Bye.