back to article Microsoft enlarges its cockpit of Copilots to include security

Microsoft's sprint to push generative AI into all parts of its broad portfolio is reaching the cybersecurity realm with the introduction today of Security Copilot, a GPT-4-based service that might assist security teams pushing back against modern threats. Security Copilot is supposed to help security professionals identify …

  1. Pascal Monett Silver badge

    Well thank you, Borkzilla

    It's so nice of you to demonstrate once again that security is an afterthought for you.

    1. Curious

      Re: Well thank you, Borkzilla

      Not an afterthought, a sales opportunity.

      You've only got a P1 security license you pleb? You have a a duty to buy a P2 security license, and days of prepaid support instances. And our AI plugin to make sense of our graph api interface.

      Anything else would be reckless, effectively handing the terabytes of data that your business sends to our cloud directly over to criminals /s

  2. devin3782

    I'm sure this how Skynet started

  3. Anonymous Coward
    Anonymous Coward

    Wait, what?

    Since September 2021, the number of password attacks per second has risen from 579 to 1,287, according to Vasu Jakkal, corporate vice president of security, compliance, and identity at Microsoft. The median time for an attacker to access data in a phishing attack is an hour and 12 minutes, apparently.

    Maybe I'm reading this wrong, but does this person suggest that miscreants manage to get in after 72 minutes worth of dictionary attacks? What about blocking after 3 failures and progressively extending the time before allowing a retry?

    That said, I have never found using an active email address a good idea as part of a login - it means you give away 50% of the required credentials for free with every email. I don't use my main email addresses for logins, period. Speaking of which, my published email addresses are *all* aliases, which means that I could in theory use 'password' as password and a dictionary attack would still fail as they only ever see an alias (and thus attack an account that doesn't actually exist), not the actual email adres used for the IMAP login. Not all security has to be super complicated - sometimes it's simply a matter of misdirection by understanding the tools you work with.

    Besides, it's also more fun :).

    1. claimed

      Re: Wait, what?

      No, that’s not what phishing means.

      While I also use aliases for logins, using a basic password would still be a bad idea as any SMTP server handling the email will know your alias exists, emails are not hashed and salted in app databases as passwords should be so a SQL injection theft of the DB would immediately breach your acccount, and if you use a predictable alias pattern like site@mydomain then once one goes it’s trivial to pop some other common sites you may use.

      I note you didn’t say you do use “password”, but thought I’d offer the downsides!

      1. Anonymous Coward
        Anonymous Coward

        Re: Wait, what?

        Oh, don't worry - my passwords have always been of good quality so even if somehow the actual account details leaked it would not help, and my ISP not only runs the show on FreeBSD, they're also very proactive when it comes to security, one of the main reasons I use them.

        For site passwords I apply the same rules, and I have taken to generating email addresses for those which allow me to track back where I used them. That way, if I see spam arrive I quickly know who's been naughty..

  4. ecofeco Silver badge

    Oh great, Clippy on steroids

    Just what I need, MORE pop-up, fiddly shit to interrupt my work.

    1. Anonymous Coward
      Anonymous Coward

      Re: Oh great, Clippy on steroids

      .. and that is exactly why I switched to MacOS. There, you will go through that once. Done.

  5. Justauser


    Yeah the thing I don't trust to prepare a LinkedIn post without serious editing should obviously be given serious real world responsibility.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like