|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-disclosure] Vista Speech recognition
From: Sūnnet Beskerming (info
beskerming.com)
Date: Fri Feb 02 2007 - 16:20:30 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
If you have to use a side channel attack to ensure that the
microphone is on and the speakers are active (what ideal target
environment will have them both enabled or even fitted? No, I don't
believe healthcare will be one), why don't you just use that channel
to launch the primary attack? While there is a real concern about
this issue, that is all it is - a concern.
I agree with Thierry that this is a low risk situation. It will be
fun for pranking and the occasional exploit (hmm, it appears my drink
holder has been replaced with a credit card slot on my computer), but
will be harmless for most. It will be more fun to bind sound to
system events, so that every time a dialogue box was presented the
system helpfully shouts out 'Cancel'.
Okay, so Microsoft's implementation of this feature could have been
somewhat better, but it isn't really worth the hype and coverage that
it has received to date.
Carl
Sūnnet Beskerming Pty. Ltd.
Adelaide, Australia
http://www.beskerming.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]