Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Microsoft

Nine Takeaways From Our Investigation Into Microsoft’s Cybersecurity Failures

ProPublica: “After Russian hackers exploited a flaw in a widely used Microsoft product duringone of the largest cyberattacks in U.S. history, the software giant downplayed its culpability. However, a recent ProPublica investigation revealed that a whistleblower within Microsoft’s ranks had repeatedly attempted to convince the company to address the weakness years before the hack — and that the company rebuffed his concerns at every step. Here are the key things you need to know about that whistleblower’s efforts and Microsoft’s inaction. Years before the SolarWinds hack was discovered in 2020, a Microsoft engineer found a security flaw these hackers would eventually exploit. In 2016, while researching an attack on a major tech company, Microsoft engineer Andrew Harris said he discovered a flaw in the company’s Active Directory Federation Services, a product that allowed users to sign on a single time for nearly everything they needed. As a result of the weakness, millions of users — including federal employees — were left exposed to hackers. Harris said the Microsoft team responsible for handling reports of security weaknesses dismissed his concerns. The Microsoft Security Response Center determines which reported security flaws need to be addressed. Harris said he told the MRSC about the flaw, but it decided to take no action. The MSRC argued that, because hackers would already need access to an organization’s on-premises servers before they could take advantage of the flaw, it didn’t cross a so-called “security boundary.” Former MSRC members told ProPublica that the center routinely rejected reports of weaknesses using this term, even though it had no formal definition at the time…”

LinkedIn’s AI Career Coaches Will See You Now

Amanda Hoover, Wired: “LinkedIn has ramped up its generative AI tools in the past year and is moving to incorporate the tech into even more of its offerings. On Thursday, the career site announced new features like a pilot for AI-powered expert advice, an interactive chat to break down information in LinkedIn courses, and more… Continue Reading

Pete Recommends – Weekly highlights on cyber security issues, June 15, 2024

Via LLRX – Pete Recommends – Weekly highlights on cyber security issues, June 15, 2024 – Privacy and cybersecurity issues impact every aspect of our lives – home, work, travel, education, finance, health and medical records – to name but a few. On a weekly basis Pete Weiss highlights articles and information that focus on the… Continue Reading

This Hacker Tool Extracts All the Data Collected by Windows’ New Recall AI

Wired [unpaywalled]: “When Microsoft CEO Satya Nadella revealed the new Windows AI tool that can answer questions about your web browsing and laptop use, he said one of the “magical” things about it was that the data doesn’t leave your laptop; the Windows Recall system takes screenshots of your activity every five seconds and saves… Continue Reading

Windows AI feature that screenshots everything labeled a security ‘disaster’

The Verge: “Microsoft is about to launch a new AI-powered Recall feature that screenshots everything you do on your PC. Recall is part of the new Copilot Plus PCs that are debuting on June 18th, but experts who have tested the feature are already warning that Recall could be a “disaster” for cybersecurity. Recall is… Continue Reading

New FTC Data Shed Light on Companies Most Frequently Impersonated by Scammers

FTC: “New data from the Federal Trade Commission shows that Best Buy/Geek Squad, Amazon, and PayPal are the companies people report scammers impersonate most often. A newly released data spotlight shows that consumers in 2023 submitted about 52,000 reports about scammers impersonating Best Buy or its Geek Squad tech support brand, followed by about 34,000… Continue Reading

Giving Windows total recall of everything a user does is a privacy minefield

The Register: “Microsoft’s Windows Recall feature is attracting controversy before even venturing out of preview. Like so many of Microsoft’s AI-infused products, Windows Recall will remain in preview while Microsoft refines it based on user feedback – or simply gives up and pretends it never happened. The principle is simple. As noted earlier, Windows takes… Continue Reading

Microsoft LinkedIn release 2024 Work Trend Index on state of AI at work

“On Wednesday May 8, 2024 Microsoft Corp. and LinkedIn released the 2024 Work Trend Index, a joint report on the state of AI at work titled, “AI at work is here. Now comes the hard part.” The research — based on a survey of 31,000 people across 31 countries, labor and hiring trends on LinkedIn,… Continue Reading

Pete Recommends – Weekly highlights on cyber security issues, May 4, 2024

Via LLRX – Pete Recommends – Weekly highlights on cyber security issues, May 4, 2024 – Privacy and cybersecurity issues impact every aspect of our lives – home, work, travel, education, finance, health and medical records – to name but a few. On a weekly basis Pete Weiss highlights articles and information that focus on the… Continue Reading

Microsoft is changing how you log in to your accounts

Washington Post [unpaywalled]: “As passwords slowly go extinct, Microsoft is introducing another way to log in to your consumer account. The company said Thursday that users logging in to Microsoft 365 workplace software, Copilot, Xbox and Skype can now use “passkeys” rather than traditional passwords or an authenticator app. That means whatever biometric authentication (such… Continue Reading

Microsoft’s “responsible AI” chief worries about the open web

Washington Post: “…Natasha Crampton, Microsoft’s chief Responsible AI officer, spoke with The Technology 202 ahead of Microsoft’s release today of its first “Responsible AI Transparency Report.” The 39-page report, which the company is billing as the first of its kind from a major tech firm, details how Microsoft plans to keep its rapidly expanding stable… Continue Reading