lists.openwall.net   lists  /  announce  john-users  owl-users  popa3d-users  /  xvendor  oss-security  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4 
Open Source and information security mailing list archives
 
This website is powered by Openwall GNU/*/Linux security-enhanced OS
[<prev] [next>] [<thread-prev] [month] [year] [list] 
Date: Sat, 3 Feb 2007 08:50:30 +1030
From: Sūnnet Beskerming <info@...kerming.com>
To: Valdis.Kletnieks@...edu
Subject: Re: Vista Speech recognition

If you have to use a side channel attack to ensure that the  
microphone is on and the speakers are active (what ideal target  
environment will have them both enabled or even fitted? No, I don't  
believe healthcare will be one), why don't you just use that channel  
to launch the primary attack?  While there is a real concern about  
this issue, that is all it is - a concern.

I agree with Thierry that this is a low risk situation.  It will be  
fun for pranking and the occasional exploit (hmm, it appears my drink  
holder has been replaced with a credit card slot on my computer), but  
will be harmless for most.  It will be more fun to bind sound to  
system events, so that every time a dialogue box was presented the  
system helpfully shouts out 'Cancel'.

Okay, so Microsoft's implementation of this feature could have been  
somewhat better, but it isn't really worth the hype and coverage that  
it has received to date.

Carl

Sūnnet Beskerming Pty. Ltd.
Adelaide, Australia
http://www.beskerming.com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux