The miserable mess that is Microsoft Recall

Posted on May 28, 2024 by dstrom

Last week Microsoft announced a new feature that is a major security sinkhole called Recall. It is a miserable mess, and makes Windows more vulnerable to attack. Sadly, it will be operating by default unless you get out your secret decoder ring and lock it up behind some group policies.

Why is Recall so bad? It combines the features of a keylogger and an infostealer and puts them inside the Windows OS. It automatically takes frequent screenshots of what you are doing, and stores them on your hard drive. This data is stored in a searchable database, so you can rewind what you are doing to a specific point in time. This includes all your passwords, if they are displayed on screen. Kevin Beaumont wrote that Recall fundamentally undermines your security and introduces immense new risks.

It didn’t take long after the announcement at Build, Microsoft’s annual developer conference, for the UK ICO, its privacy agency, to open an inquiry. Yes, hackers would need to gain access to your device and figure out the encryption of the data, but these aren’t big hills to climb. “Something could go wrong very quickly,” said one security researcher.

Eva Galperin, director of cybersecurity with the Electronic Frontier Foundation, said Recall will “be a gift for domestic abusers,” given that a partner would have physical PC access and perhaps login details too. She said the database of screenshots would be a tempting target for hackers.

Bh187 Total Recall GIF - Bh187 Total Recall Arnie GIFs Microsoft will start selling its own line of AI-enabled laptops later this summer that will include Recall. Sometimes total recall goes awry, as fans of the original Arnold movie (or Philip Dick short story) might remember. It’s too bad that this is one journey from sci fi to reality that we could do without. Here is how to disable it.

CSOonline: Microsoft Azure’s Russinovich sheds light on key generative AI threats

Posted on May 22, 2024 by dstrom

Generative AI-based threats operate over a huge landscape, and CISOs must look at it from a variety of perspectives, said Microsoft Azure CTO Mark Russinovich during Microsoft Build conference this week in Seattle. “We take a multidisciplinary approach when it comes to AI security, and so should you,” Russinovich said of the rising issue confronting CISOs today. I cover his talk, which was quite illuminating, about AI-based threats here for CSOonline.

CSOonline: It is finally time to get rid of NTLM across your enterprise networks

Posted on May 13, 2024 by dstrom

It is finally time to remove all traces of an ancient protocol that is a security sinkhole: NTLM. You may not recognize it, and you may not even know that it is in active use across your networks. But the time has come for its complete eradication. The path won’t be easy, to be sure.

The acronym is somewhat of a misnomer: it stands for Windows New Technology LAN Manager and goes back to Microsoft’s original network server operating system that first appeared in 1993.

NTLM harks back to another era of connectivity: when networks were only local connections to file and print servers. Back then, the internet was still far from a commercial product and the web was still largely contained as an experimental Swiss project. That local focus would come to haunt security managers in the coming decades.

In this analysis for CSOonline, I recount its troubled history, what Microsoft is trying to do to rid it completely from the networking landscape, and what enterprise IT managers can do to seek out and eliminate it once and for all. It will not be a smooth ride to be sure.

Faking the demo

Posted on December 8, 2023 by dstrom

Simon and Garfunkel once sang:

I know I’m fakin’ it / I’m not really makin’ it /I’m such a dubious soul

I was thinking about this song while I was reading this report in TechCrunch about a recent Google demo of their Gemini AI model. Turns out the demo was faked. “Viewers are misled about how the speed, accuracy, and fundamental mode of interaction with the model,” they wrote.

Now, in the rush to either overlaud or bedevil AI over the past year, we have this. It is enough to make me want to dive back into the Bitcoin market, where the real faking was going on. Just kidding.

Getting to the bottom of how demos are conducted used to be my bread and butter as a roving technology reporter back in the go-go 1980s and 1990s. I was (in)famous for going behind the equipment that was being demo’ed in front of me, and pulling the plug or some Ethernet cable to see if it stopped, testing the reality of the situation or seeing if the vendor was running some canned video. PR folks warned their clients ahead of time that I was going to do this, and some vendors even incorporated the “Strom reveal” in their demos.

I recognize that the demo gods can be cruel, and often things go wrong at the last minute. We all recall the famous moment when Bill Gates himself got hit with a blue screen when showing off some Windows 98 demo. The audience cheered, I guess in sympathy — at least that was back when the titans of tech could be sympathetic and not act with the emotional range of children. Or when candidates running for national office — or podcasters with huge multi-million audiences — wouldn’t espouse ridiculous conspiracy theories. I am sure you can guess who I am talking about in each of these cases. Sadly, there are multiple examples of each. These people are in plentiful supply.

Now, it is great that my tech press colleagues can call foul play on Google’s demo. Especially on the topic of AI, when the hype is already on overdrive. But maybe it is time to return to a more believable era, when things were more genuine, and when “alternative facts” were once called “bold faced lies” or something more profane. Or when we had fewer dubious souls roaming the planet.

Self-promotions dep’t

Among the numerous articles that I wrote this week for SiliconANGLE is one about Joe Marshall who was the genuine real deal. You should read about his leadership and determination to help the Ukrainian people. Recall how the Russians jammed GPS signals so their troops weren’t targeted? Turns out that doing that does more than prevent folks from finding their way around the country. It also disrupts their power grid, which needs precise absolute time to synchronize the power flows. Marshall cobbled together some Cisco gear (he works for the company, but that isn’t really the point) and got their lights turned back on thanks to his doggedness in figuring out how to do it.

Speaking of GPS jamming, even in the best of times there are numerous GPS fails. How about all the people — and there were a lot of them — who were stranded in the Mojave desert coming back to the LA area from Vegas. They were following directions from Google Maps, and also didn’t know that there is only one way to get there (I-15). Now they certainly do.

SiliconANGLE: That Chinese attack on Microsoft’s Azure cloud? It’s worse than it first looked

Posted on July 21, 2023 by dstrom

The revelations last week that Chinese hackers had breached a number of U.S. government email accounts indicate the problem is a lot worse than was initially thought, according to new research today by Wiz Inc. Indeed, this hack could turn out to be as damaging and as far-reaching as the SolarWinds supply chain compromises of last year.

In my post for SiliconANGLE, I summarize what Wiz learned about the attack, what you have to do to scan and fix any potential problems, and why people who choose “login with Microsoft” are playing with fire.

SiliconANGLE: News from Google and Amazon cloud announcements this week

Posted on June 15, 2023 by dstrom

I posted two stories on SiliconANGLE about lots of news coming from new security services on Google Cloud and similar news from AWS. Both are showing that we are at watershed events — AWS is making architectural changes and adding new depth with programming languages such as Cedar. Google is finally building some solid tools into its Chronicle platform that has been available for four or so years now. Both are also paying attention to LLMs/Generative AI methods to provide threat intelligence.

Both vendors are trying to consolidate their services with their channel partners large and small.

News flash: Google can still track you

Posted on March 4, 2021 by dstrom

Yesterday Google announced that they will completely eliminate third-party browser cookies. Calling it a move towards a more privacy-first web, as their director of product management who wrote the post claimed, is a bit of a misnomer. Yes, they will phase out tracking these cookies on their Chrome browser. But they will still track what you do on your mobile phone, especially an Android phone, and track what you do on their own websites, including YouTube and its main search page. And they will still target the ads that you see from these activities.

The announcement was expected: last year they announced their plan to de-cookiefy their browser. They basically had to — Safari and Firefox have blocked these cookies for years, so it was high time Google got on board this train. They have come up with a variety of technologies and tools that sound good at first blush, but I am not sure that these replacements are better, especially for preserving privacy. One of them is called the Privacy Sandbox. Now, sandboxes have certain implications, especially for security researchers. The goal is to limit who can view what is going on inside the sandbox, and more importantly, who can’t. It seems that smaller advertisers will have to find some other place to play, but the big guys will still have the means to figure out who you are and more importantly, what you are interested in, to target their advertising. Vox’s Recode says that “Google will still technically deliver targeted ads to you, but it will do so in a more anonymous and less creepy way.”

Firefox has a better idea: to limit the reach of cookies to just the website that places them on your hard drive. They call it Total Cookie Protection and you can follow the links on their blog to understand more of the details. It does seem to eliminate web tracking cookies, but we’ll see as they roll it out across their browsers.

In the meantime, if you use any Google products, go to your Google Account and review the numerous personalization settings you have at your disposal to rid yourself of tracking, including their activity controls, ad personalization, and recorded activity history. And if you are using an iOS phone or tablet, make sure you update to iOS v14 and enable the ability to block cross-app tracking.

Network Solutions blog: The Best IT Certifications to Maximize Your Personal ROI

Posted on December 16, 2020 by dstrom

As teaching methods advance and especially during the pandemic, online learning is starting to approach a physical classroom experience, and it’s great for conceptual learning. A good online learning experience should include not only content, but should also feature practice drills, integrate with real-world case studies, and contain a social component to make learning more effective. I cover some of the things to look for in selecting the right professional IT certifications to increase your potential value to your company.

You can read my blog for Network Solutions here for more about this topic.

Network Solutions blog: What is Identity and Access Management and How Does It Protect High-Profile Users?

Posted on November 24, 2020 by dstrom

Microsoft AccountGuard banner Image

My latest blog for Network Solutions is about identity and access management. Our email accounts have become our identity, for better and worse. Hackers exploit this dependency by using more clever phishing lures. Until recently, enterprises have employed very complex and sophisticated mechanisms to manage and protect our corporate identities and control access to our files and other network resources. What has changed recently are two programs from Microsoft and Google that are designed to help combat phishing. They are aimed at helping higher-risk users who want enterprise-grade identity and access management security without the added extra cost and effort to maintain it. The two programs are called AccountGuard (Microsoft) and Advanced Security (Google). In my blog post, I explain what these two programs are all about.

The evolution of the network protocol sniffer

Posted on May 31, 2020 by dstrom

Last month I caught this news item about Microsoft building in a new command-line feature that is commonly called a network protocol sniffer. It is now freely available in Windows 10 and the post documents how to use it. Let’s talk about the evolution of the sniffer and how we come to this present-day development.

If we turn back the clock to the middle 1980s, there was a company called Network General that made the first Sniffer Network Analyzer. The company was founded by Len Shustek and Harry Saal. It went through a series of corporate acquisitions, spin outs and now its IP is owned by NetScout Systems.

The Sniffer was the first machine you could put on a network and trace what packets were being transmitted. It was a custom-built luggable PC that was typical of the “portable” PCs of that era — it weighed about 30 pounds and had a tiny screen by today’s standards. It cost more than $10,000 to purchase, but then you needed to be trained how to use it. You would connect the Sniffer to your network, record the traffic into its hard drives, and then spend hours figuring out what was going on across your network. (Here is a typical information-dense display.) Decoding all the protocols and tracking down the individual endpoints and what they were doing was part art, part science, and a great deal of learning about the various different layers of the network and understanding how applications worked. Many times Sniffer analysts would find bugs in these applications, or in implementations of particular protocols, or fix thorny network configuration issues.

My first brush with the Sniffer was in 1988 when I was an editor at PC Week (now eWeek). Barry Gerber and I were working on one of the first “network topology shootouts” where we pit a network of PCs running on three different wiring schemes against each other. In addition to Ethernet there was also Token Ring (an IBM standard) and Arcnet. We took over one of the networked classrooms at UCLA during spring break and hooked everything up to a Novell network file server that ran the tests. We needed a Sniffer because we had to ensure that we were doing the tests properly and make sure it was a fair contest.

Ethernet ended up wining the shootout, but we did find implementation bugs in the Novell Token Ring drivers. Eventually Ethernet became ubiquitous and today you use it every time you bring up a Wifi connection on your laptop or phone.

Since the early Sniffer days, protocol analysis has moved into the open source realm and WireShark is now the standard application software tool used. It doesn’t require a great deal of training, although you still need to know your seven layer network protocol model. I have used Sniffers on several occasions doing product reviews, and one time helped to debug a particularly thorny network problem for an office of the American Red Cross. We tracked the problem to a faulty network card in one user’s PC which was just flaky enough to operate correctly most of the time.

Today, sniffers can be found in a number of hacking tools, as this article in ComputerWorld documents. And now inside of WIndows 10 itself. How about that?

I asked Saal what he thought about the Microsoft Windows sniffer feature. “It is now almost 35 years since its creation. Seeing that some similar functionality is now hard wired into the guts of Windows 10 is amusing. Microsoft makes a first class Windows GUI tool, NetMon, available for free and of course there is WireShark. Why Microsoft would invest design, programming and test resources into creating a text-based command line tool is beyond me. What unfilled need does it satisfy? Regardless, more is better, so I say good luck to Redmond and the future of Windows.”

Web Informant

David Strom's musings on technology

Category Archives: microsoft and google