| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 3 Feb 2007 08:50:30 +1030 From: Sûnnet Beskerming <info@...kerming.com> To: Valdis.Kletnieks@...edu Cc: full-disclosure@...ts.grok.org.uk, Thierry Zoller <Thierry@...ler.lu> Subject: Re: Vista Speech recognition If you have to use a side channel attack to ensure that the microphone is on and the speakers are active (what ideal target environment will have them both enabled or even fitted? No, I don't believe healthcare will be one), why don't you just use that channel to launch the primary attack? While there is a real concern about this issue, that is all it is - a concern. I agree with Thierry that this is a low risk situation. It will be fun for pranking and the occasional exploit (hmm, it appears my drink holder has been replaced with a credit card slot on my computer), but will be harmless for most. It will be more fun to bind sound to system events, so that every time a dialogue box was presented the system helpfully shouts out 'Cancel'. Okay, so Microsoft's implementation of this feature could have been somewhat better, but it isn't really worth the hype and coverage that it has received to date. Carl Sûnnet Beskerming Pty. Ltd. Adelaide, Australia http://www.beskerming.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists