Microsoft faces ongoing, systemic cybersecurity failures rooted in blind spots within its very organizational design. These vulnerabilities repeatedly result in serious product blunders and damaging breaches. This has once again become evident with the continuing Microsoft Recall debacle where an OS feature was not developed with the benefit of security design inputs, that took into account user or attacker behaviors, and a patchwork of controls had to be overlaid to shore up exploitable capabilities.
The Microsoft Recall feature, when first announced by company executives, was roasted by the cybersecurity and privacy communities as being seriously dangerous to the users. Recall will run silently in the background to periodically screenshot user activity continuously throughout the day. Initially it was planned to be enabled by default and intended to help forgetful users remember what they were doing if they became distracted or forgetful. The problem being it would capture passwords, crypto keys, conference video images, snapshots of open files, and other sensitive data – which it would store locally. This data would be conveniently indexed and searchable.
What Microsoft didn’t consider that such an aggregation it is a treasure trove for system hackers and rogue admins!
Often focused on secure code and ignoring how their technology may be misused, Microsoft has found itself stumbling again and again. After the Recall backlash, Microsoft again touted how it was brilliant in cybersecurity but would make adjustments. It delayed the release, indicated it was verifying the code security, stated it would no longer be automatically turned on for all u
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: