Sign up to save your podcasts
Or
Share EP 247.5 Deep Dive Broken Windows. The IT Privacy and Security Weekly Update for the Week Ending June 17th., 2025
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
EP 247.5 Deep Dive Broken Windows. The IT Privacy and Security Weekly Update for the Week Ending June 17th., 2025
Windows Hello's Facial Authentication Update
Microsoft updated Windows Hello to require both infrared and color cameras for facial authentication, addressing a spoofing vulnerability. This enhances security but disables functionality in low-light settings, potentially inconveniencing users and pushing some toward alternatives like Linux for flexible authentication.
EchoLeak and AI Security
'EchoLeak' is a zero-click vulnerability in Microsoft 365 Copilot, discovered by Aim Labs, allowing data exfiltration via malicious emails exploiting an "LLM Scope Violation." It reveals risks in AI systems combining external inputs with internal data, emphasizing the need for robust guardrails.
Denmark’s Shift to LibreOffice and Linux
Denmark is adopting LibreOffice and Linux to boost digital sovereignty, reduce reliance on foreign tech like Microsoft, and mitigate geopolitical and cost-related risks. This follows a 72% rise in Microsoft software costs over five years.
Chinese AI Firms Bypassing U.S. Chip Controls
Chinese AI companies evade U.S. chip export restrictions by processing data in third countries like Malaysia, using tactics like physically transporting data and setting up shell entities to access high-end chips and return trained AI models.
Mattel and OpenAI Partnership
Mattel’s collaboration with OpenAI to create AI-enhanced toys introduces engaging, safe experiences for kids but raises privacy and security concerns, highlighting the need for "Zero trust" models in handling children’s data.
Apple’s Passkey Import/Export Feature
Apple’s new FIDO-based passkey import/export feature allows secure credential transfers across platforms, enhancing security and convenience. It uses biometric or PIN authentication, replacing less secure methods and improving interoperability.
Airlines Selling Passenger Data to DHS
The Airlines Reporting Corporation, owned by U.S. airlines, sold domestic flight data to DHS’s CBP, including names and itineraries, with a clause hiding the source. This raises privacy concerns about government tracking without transparency.
WhatsApp’s New Ad Policy
WhatsApp’s introduction of ads in its "Updates" section deviates from its original "no ads" philosophy. While limited and preserving chat encryption, this shift alters the ad-free experience that attracted its two billion users.
https://rprescottstearns.blogspot.com/2025/06/broken-windows-it-privacy-and-security.html
View all episodes
By R. Prescott Stearns Jr.
4.5
44 ratings
Windows Hello's Facial Authentication Update
Microsoft updated Windows Hello to require both infrared and color cameras for facial authentication, addressing a spoofing vulnerability. This enhances security but disables functionality in low-light settings, potentially inconveniencing users and pushing some toward alternatives like Linux for flexible authentication.
EchoLeak and AI Security
'EchoLeak' is a zero-click vulnerability in Microsoft 365 Copilot, discovered by Aim Labs, allowing data exfiltration via malicious emails exploiting an "LLM Scope Violation." It reveals risks in AI systems combining external inputs with internal data, emphasizing the need for robust guardrails.
Denmark’s Shift to LibreOffice and Linux
Denmark is adopting LibreOffice and Linux to boost digital sovereignty, reduce reliance on foreign tech like Microsoft, and mitigate geopolitical and cost-related risks. This follows a 72% rise in Microsoft software costs over five years.
Chinese AI Firms Bypassing U.S. Chip Controls
Chinese AI companies evade U.S. chip export restrictions by processing data in third countries like Malaysia, using tactics like physically transporting data and setting up shell entities to access high-end chips and return trained AI models.
Mattel and OpenAI Partnership
Mattel’s collaboration with OpenAI to create AI-enhanced toys introduces engaging, safe experiences for kids but raises privacy and security concerns, highlighting the need for "Zero trust" models in handling children’s data.
Apple’s Passkey Import/Export Feature
Apple’s new FIDO-based passkey import/export feature allows secure credential transfers across platforms, enhancing security and convenience. It uses biometric or PIN authentication, replacing less secure methods and improving interoperability.
Airlines Selling Passenger Data to DHS
The Airlines Reporting Corporation, owned by U.S. airlines, sold domestic flight data to DHS’s CBP, including names and itineraries, with a clause hiding the source. This raises privacy concerns about government tracking without transparency.
WhatsApp’s New Ad Policy
WhatsApp’s introduction of ads in its "Updates" section deviates from its original "no ads" philosophy. While limited and preserving chat encryption, this shift alters the ad-free experience that attracted its two billion users.
https://rprescottstearns.blogspot.com/2025/06/broken-windows-it-privacy-and-security.html
More shows like The IT Privacy and Security Weekly Update.
View all
The Daily
111,864 Listeners
Cyber Security Headlines
127 Listeners
The Ezra Klein Show
15,237 Listeners