Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Windows Operating Systems Privacy Software

'WaitList.dat' Windows File May Be Secretly Hoarding Your Passwords, Emails (zdnet.com) 40

A file named WaitList.dat, found only on touchscreen-capable Windows PCs, may be collecting your sensitive data like passwords and emails. According to ZDNet, in order for the file to exist users have to enable "the handwriting recognition feature that automatically translates stylus/touchscreen scribbles into formatted text." From the report: The handwriting to formatted text conversion feature has been added in Windows 8, which means the WaitList.dat file has been around for years. The role of this file is to store text to help Windows improve its handwriting recognition feature, in order to recognize and suggest corrections or words a user is using more often than others. "In my testing, population of WaitList.dat commences after you begin using handwriting gestures," [Digital Forensics and Incident Response expert Barnaby Skeggs] told ZDNet in an interview. "This 'flicks the switch' (registry key) to turn the text harvester functionality (which generates WaitList.dat) on." "Once it is on, text from every document and email which is indexed by the Windows Search Indexer service is stored in WaitList.dat. Not just the files interacted via the touchscreen writing feature," Skeggs says.

Since the Windows Search Indexer service powers the system-wide Windows Search functionality, this means data from all text-based files found on a computer, such as emails or Office documents, is gathered inside the WaitList.dat file. This doesn't include only metadata, but the actual document's text. "The user doesn't even have to open the file/email, so long as there is a copy of the file on disk, and the file's format is supported by the Microsoft Search Indexer service," Skeggs told ZDNet. "On my PC, and in my many test cases, WaitList.dat contained a text extract of every document or email file on the system, even if the source file had since been deleted," the researcher added. Furthermore, Skeggs says WaitList.dat can be used to recover text from deleted documents.

This discussion has been archived. No new comments can be posted.

'WaitList.dat' Windows File May Be Secretly Hoarding Your Passwords, Emails

Comments Filter:
  • Comment removed (Score:3, Interesting)

    by account_deleted ( 4530225 ) on Wednesday September 19, 2018 @08:40PM (#57345606)
    Comment removed based on user account deletion
    • Don't fool yourself. It has never been solid.

      Security-wise you used to get worms before the setup for the installer was ready.

    • and security has become a punchline under Nutella

      How so? Based on past performance our chocolaty fiend has a long way to go before he oversees security dramas even remotely the size of the previous two CEOs. Sure MS doesn't have a great reputation, but to claim it has become a punchline under Nutella isn't at all backed up by any data, or any of your examples (unless you are confusing the words security and reliability in which case I wholeheartedly continue to disagree since this trend was started with Windows 8 under the watchful eye of the Ranting Monk

      • Comment removed based on user account deletion
        • Dude the OS is dumping highly sensitive data in the equivalent of a .txt file...

          A process that was also present in Windows 8 which introduced the feature. Just because it was discovered NOW doesn't back up the notion that security has gotten worse under Nudella. It only serves to reinforce how shitty it was under Balmer and that it hasn't gotten any better.

          BTW look up "Windows 10 vulnerability" to see that yeah their security is going downhill

          Look up Windows 8 vulnerability to see that it hasn't budged. Or maybe compare it to Windows 7 pre-SP1 days. Windows security is a joke, but it always has been. It has historically and universally taken several years of bug fixing to

  • Nothing super threatening--you have to opt-in. Nobody known was affected. And Microsoft will have a patch out within like, two weeks.

    I mean, it's good to know about this stuff to watch for trends. But this will have zero effect on anyone's lives, nor Microsoft's stock. Like a murderer, goes on trial, and goes to jail. You can talk about trends maybe, but the murderer is already in jail. He's not a direct threat to any of us. So it's not like "tonight at 10. this thing in your house WILL KILL YOUR CHILDREN i

  • by Anonymous Coward

    It was not introduced in windows 8 like the OP says. Now, this could be a newer feature of the handwriting service that was introduced in 8, I don't know. Also mentioned is a registry key that activates this feature, so you could use that to disable it.

    An idea that I just had involves taking ownership of that file (or create an empty one in its place), set it to read only, and revoke permissions from every user, including SYSTEM. That may prevent the file from getting populated (search or handwriting featur

The best things in life go on sale sooner or later.

Working...