|
Dailydave
mailing list archives
Re: Vista speach recognition
From: dan () geer org
Date: Wed, 31 Jan 2007 09:30:11 -0500
"George Ou" writes:
-+-----------------
| I just verified that TinyURL.com will give you a nice URL to an executable.
|
| Here's an example of a URL that opens a .EXE file.
| http://tinyurl.com/3d588b
|
| Now imagine that this was actually a user-mode malicious payload that avoids
| triggering UAC which contains ransomware. It's very easy to use Vista
| speech command open IE7 and say "tinyURL.com/3d588b", "enter", "run". That
| will actually download and launch your desired payload from any website and
| TinyURL will make it easy to say. This is actually easier than my
| successful document-deleting recycle bin emptying test because it's a
| shorter script.
|
Spectacular!
So, for two or more machines that can hear each other,
I can make one of them tell another to do something
naughty or perhaps I can even use the air itself as
a not-very-covert-but-you-know-what-I-mean channel
for moving data. Plausible deniability never had it
so good.
--dan
==========
The Oracle:
Of course you have. Every time you've heard someone say
they saw a ghost, or an angel. Every story you've ever
heard about vampires, werewolves, or aliens is the
system assimilating some program that's doing something
they're not supposed to be doing.
Neo:
Programs hacking programs...
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
 By Date 
By Thread
Current thread:
|
Intro
