EPISODE · Jun 19, 2025 · 14 MIN
EP 247.5 Deep Dive Broken Windows. The IT Privacy and Security Weekly Update for the Week Ending June 17th., 2025
from The AI, Privacy, and Security Weekly Update · host R. Prescott Stearns Jr.
Windows Hello's Facial Authentication UpdateMicrosoft updated Windows Hello to require both infrared and color cameras for facial authentication, addressing a spoofing vulnerability. This enhances security but disables functionality in low-light settings, potentially inconveniencing users and pushing some toward alternatives like Linux for flexible authentication.EchoLeak and AI Security'EchoLeak' is a zero-click vulnerability in Microsoft 365 Copilot, discovered by Aim Labs, allowing data exfiltration via malicious emails exploiting an "LLM Scope Violation." It reveals risks in AI systems combining external inputs with internal data, emphasizing the need for robust guardrails.Denmark’s Shift to LibreOffice and LinuxDenmark is adopting LibreOffice and Linux to boost digital sovereignty, reduce reliance on foreign tech like Microsoft, and mitigate geopolitical and cost-related risks. This follows a 72% rise in Microsoft software costs over five years.Chinese AI Firms Bypassing U.S. Chip ControlsChinese AI companies evade U.S. chip export restrictions by processing data in third countries like Malaysia, using tactics like physically transporting data and setting up shell entities to access high-end chips and return trained AI models.Mattel and OpenAI PartnershipMattel’s collaboration with OpenAI to create AI-enhanced toys introduces engaging, safe experiences for kids but raises privacy and security concerns, highlighting the need for "Zero trust" models in handling children’s data.Apple’s Passkey Import/Export FeatureApple’s new FIDO-based passkey import/export feature allows secure credential transfers across platforms, enhancing security and convenience. It uses biometric or PIN authentication, replacing less secure methods and improving interoperability.Airlines Selling Passenger Data to DHSThe Airlines Reporting Corporation, owned by U.S. airlines, sold domestic flight data to DHS’s CBP, including names and itineraries, with a clause hiding the source. This raises privacy concerns about government tracking without transparency.WhatsApp’s New Ad PolicyWhatsApp’s introduction of ads in its "Updates" section deviates from its original "no ads" philosophy. While limited and preserving chat encryption, this shift alters the ad-free experience that attracted its two billion users.https://rprescottstearns.blogspot.com/2025/06/broken-windows-it-privacy-and-security.html
What this episode covers
Windows Hello's Facial Authentication UpdateMicrosoft updated Windows Hello to require both infrared and color cameras for facial authentication, addressing a spoofing vulnerability. This enhances security but disables functionality in low-light settings, potentially inconveniencing users and pushing some toward alternatives like Linux for flexible authentication.EchoLeak and AI Security'EchoLeak' is a zero-click vulnerability in Microsoft 365 Copilot, discovered by Aim Labs, allowing data exfiltration via malicious emails exploiting an "LLM Scope Violation." It reveals risks in AI systems combining external inputs with internal data, emphasizing the need for robust guardrails.Denmark’s Shift to LibreOffice and LinuxDenmark is adopting LibreOffice and Linux to boost digital sovereignty, reduce reliance on foreign tech like Microsoft, and mitigate geopolitical and cost-related risks. This follows a 72% rise in Microsoft software costs over five years.Chinese AI Firms Bypassing U.S. Chip ControlsChinese AI companies evade U.S. chip export restrictions by processing data in third countries like Malaysia, using tactics like physically transporting data and setting up shell entities to access high-end chips and return trained AI models.Mattel and OpenAI PartnershipMattel’s collaboration with OpenAI to create AI-enhanced toys introduces engaging, safe experiences for kids but raises privacy and security concerns, highlighting the need for "Zero trust" models in handling children’s data.Apple’s Passkey Import/Export FeatureApple’s new FIDO-based passkey import/export feature allows secure credential transfers across platforms, enhancing security and convenience. It uses biometric or PIN authentication, replacing less secure methods and improving interoperability.Airlines Selling Passenger Data to DHSThe Airlines Reporting Corporation, owned by U.S. airlines, sold domestic flight data to DHS’s CBP, including names and itineraries, with a clause hiding the source. This raises privacy concerns about government tracking without transparency.WhatsApp’s New Ad PolicyWhatsApp’s introduction of ads in its "Updates" section deviates from its original "no ads" philosophy. While limited and preserving chat encryption, this shift alters the ad-free experience that attracted its two billion users.https://rprescottstearns.blogspot.com/2025/06/broken-windows-it-privacy-and-security.html
NOW PLAYING
EP 247.5 Deep Dive Broken Windows. The IT Privacy and Security Weekly Update for the Week Ending June 17th., 2025
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Mar 19, 2026 ·34m
Feb 18, 2026 ·11m
Feb 11, 2026 ·45m