Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

dailydave logo Dailydave mailing list archives

Re: Vista speach recognition
From: Curt Wilson <curtw () siu edu>
Date: Wed, 31 Jan 2007 11:16:01 -0600

I've not analyzed this issue but I wonder what it might take to feed
some remotely hosted speech directly to the system as user-level
commands, bypassing the need for the sound to emerge from speakers and
be picked up by a microphone. I'd guess that higher access than a
generic user would be required for such a trick to work, such as hooking
the voice input routines (if attacker/pentester can do this, why bother
with the clumsiness of such an attack), if it would work at all.

dan () geer org wrote:

"George Ou" writes:
-+-----------------
 | I just verified that TinyURL.com will give you a nice URL to an executable.
 | 
 | Here's an example of a URL that opens a .EXE file.
 | http://tinyurl.com/3d588b
 | 
 | Now imagine that this was actually a user-mode malicious payload that avoids
 | triggering UAC which contains ransomware.  It's very easy to use Vista
 | speech command open IE7 and say "tinyURL.com/3d588b", "enter", "run".  That
 | will actually download and launch your desired payload from any website and
 | TinyURL will make it easy to say.  This is actually easier than my
 | successful document-deleting recycle bin emptying test because it's a
 | shorter script.
 | 

Spectacular!

So, for two or more machines that can hear each other,
I can make one of them tell another to do something
naughty or perhaps I can even use the air itself as
a not-very-covert-but-you-know-what-I-mean channel
for moving data.  Plausible deniability never had it
so good.

--dan

==========
The Oracle:
  Of course you have. Every time you've heard someone say
  they saw a ghost, or an angel. Every story you've ever
  heard about vampires, werewolves, or aliens is the
  system assimilating some program that's doing something
  they're not supposed to be doing.
Neo:
  Programs hacking programs...

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave




-- 
Curt Wilson
IT Network Security Officer
Southern Illinois University Carbondale
618-453-6237

GnuPG key: http://www.infotech.siu.edu/security/curtw.pub.asc

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]