Wednesday, September 19, 2018

Windows even less secure than we thought.

This is getting nauseating.

"In my testing, population of WaitList.dat commences after you begin using handwriting gestures," [Digital Forensics and Incident Response expert Barnaby Skeggs] told ZDNet in an interview. "This 'flicks the switch' (registry key) to turn the text harvester functionality (which generates WaitList.dat) on." "Once it is on, text from every document and email which is indexed by the Windows Search Indexer service is stored in WaitList.dat. Not just the files interacted via the touchscreen writing feature," Skeggs says.

 Meaning, every text file on your PC, AND passwords etc. If you wrote it into a text file, its there in WaitList.dat.

According to Skeggs, the default location of this file is at:
C:\Users\%User%\AppData\Local\Microsoft\InputPersonalization\TextHarvester\WaitList.dat
Not all users may be storing passwords in emails or text-based files on their PCs, but those who do are advised to delete the file or disable "Personalised Handwriting Recognition" feature in their operating system's settings panel.

Be it noted, according to the researchers, this is a FEATURE of Windows. Not a bug. It is supposed to work like that.

No comments:

Post a Comment