|
Dailydave
mailing list archives
Re: Vista speach recognition
From: Rich Mogull <rmogull-dd () securosis com>
Date: Tue, 30 Jan 2007 18:05:31 -0700
I just tested this on Vista and it works.
Running Vista Ultimate in Parallels on my Mac I enabled voice
commands, then recorded a simple command and played it back. Using
the mic and speakers on my Mac the commands executed. Sound quality
was actually terrible because of poor Vista performance in the VM.
But UAC seems to stop it. At the suggestion of Dave Maynor I tried to
create a new user account. The usual UAC window popped up and no
voice commands seemed to work.
I suspect anything that avoids the "final" (greyed out background)
UAC dialogs will work, but looks like UAC stops it. At least in my
quick test...
-rich
On Jan 30, 2007, at 2:27 PM, George Ou wrote:
Voice command is autoloaded if you calibrate the system and enable
Voice commands. You can actually activate voice command mode by
saying a certain phrase. If this exploit works, you could say that
phrase first and then start your commands. Then you'd say "start",
"cmd", "enter", then bark out the commands you want. This assumes
it works and that no one near the PC gets suspicious :).
George
From: dailydave-bounces () lists immunitysec com [mailto:dailydave-
bounces () lists immunitysec com] On Behalf Of Dave Aitel
Sent: Tuesday, January 30, 2007 12:48 PM
To: dailydave () lists immunitysec com
Subject: Re: [Dailydave] Vista speach recognition
That's a great idea! If the Microsoft people have thought of it, no
doubt they ignore any sound coming out of the speakers, so you'll
have to rely on an echo effect. Essentially you can always win if
your model of the acoustic properties of the room is better than
Vistas. :> Many speech recognition systems I've seen require the
user to press a button first, of course. :> I haven't tested
Vista's. I have, however, gotten CANVAS working on Vista. ( http://
www.immunityinc.com/images/CANVAS_on_Vista.png). So far I recommend
it over Windows XP SP2 because I think they removed that broken
limitation from the TCP stack where you could only make 5
connections at once.
Also, here is an article about Evgeny! ok. Not entirely about
Evgeny. Mostly about people buying bugs. For someone who's wife is
a lawyer in this field, there's a lot of "apparently legal" talk in
it. It's just plain legal! Everybody deal.
http://www.nytimes.com/2007/01/30/technology/30bugs.html?
pagewanted=1&_r=1
-dave
On 1/30/07, Sebastian Krahmer <krahmer () suse de > wrote:
Hi,
I am in no way an Win expert but recently I read that
vista will support commands as they are spoken by the user.
What about websites where the browser is playing wav or similar
audio files upon visiting? what if they contain spoken
commands? An exploit audio file which speaks something like
'open shell' would be cool, eh?
Sebastian
--
~
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer () suse de - SuSE Security Team
~
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
 By Date 
By Thread
Current thread:
|
Intro
