this post was submitted on 07 Jun 2024
454 points (97.5% liked)
Technology
60082 readers
3879 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I wouldn’t really call it a hacker tool any more than you would call a hammer a thieves tool.
It just accesses the data that stored in an unencrypted format on the computers hard drive.
If someone had remote access to your computer they could use this, but I imagine they could also use the official tool too.
Since the data is stored in an unencrypted fashion, a hacker who had remote access would be better served running some script that will just transfer all this data to their offsite server and could be accomplished pretty easily.
I guess what I want to really say is that calling it a “hacker tool” is misleading.
Nmap is a "hacker tool" and all it does is ask computers what ports they have open, something they are set to advertise to the world.
This is a "hacker tool" in the sense that it is accessing data in an unintended way, in the same contect as nmap using protocols intended to communicate for a set purpose to built a list of possible attack vectors.
So when I walk past some bicycles parked outside of a store, and simply use my eyes to determine if they have locks, I’m essentially a hacker.
no, your eyes are hacker tools
There's a word for that, it's called "casing."
Obviously not "hacking," unless they're locked up by a computer or some shit.
A hacker using software like that to test vulnerabilities seems similar to me in some ways.
A thief to be
Looking for opportunity
IANAL, but I’m pretty sure a hammer is a thieves tool if used in the commission of a burglary.
Those devices used by employees to remove security locks from CDs/DVDs aren’t “thieves tools” when used as intended, but when my dumb ass got caught with one while stealing from Blockbuster, the judge considered it one.
Right but if I use a hammer to prove the lock I just bought is useless at protecting my shed, I'm not committing theft. This was a few lines of Python to look at data that is explicitly stored for the user to look at later.
🤤
You do have a point, but it does highlight why Microsoft's framing is bad.
Microsoft is basing their approach to this on the concept that your MS account-secured local machine is itself secure, so whatever is in it is fine, because hey, your confidential work info is probably also in your hard drive and unencrypted, so if a bad actor can steal the pictures of it, then it can also steal the original document.
Which mostly is true, to be clear, but it fundamentally misunderstands how much juicier and easier of a target is a reliable, searchable database that logs all activity stored in a consistent location, as opposed to potentially having to extract everything up front. Plus, even if there are few guardrails to all data inside your system, there are some, as this will likely include info you may keep hidden, password-protected or encrypted both locally and remotely. There's a reason my password manager asks for my credentials manually once every time I use it.