|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] Vista speach recognition
dan
geer.org
Date: Wed Jan 31 2007 - 08:30:11 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
"George Ou" writes:
-+-----------------
| I just verified that TinyURL.com will give you a nice URL to an executable.
|
| Here's an example of a URL that opens a .EXE file.
| http://tinyurl.com/3d588b
|
| Now imagine that this was actually a user-mode malicious payload that avoids
| triggering UAC which contains ransomware. It's very easy to use Vista
| speech command open IE7 and say "tinyURL.com/3d588b", "enter", "run". That
| will actually download and launch your desired payload from any website and
| TinyURL will make it easy to say. This is actually easier than my
| successful document-deleting recycle bin emptying test because it's a
| shorter script.
|
Spectacular!
So, for two or more machines that can hear each other,
I can make one of them tell another to do something
naughty or perhaps I can even use the air itself as
a not-very-covert-but-you-know-what-I-mean channel
for moving data. Plausible deniability never had it
so good.
--dan
==========
The Oracle:
Of course you have. Every time you've heard someone say
they saw a ghost, or an angel. Every story you've ever
heard about vampires, werewolves, or aliens is the
system assimilating some program that's doing something
they're not supposed to be doing.
Neo:
Programs hacking programs...
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]