Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Vista speach recognition

From: dan () geer org
Date: Wed, 31 Jan 2007 09:30:11 -0500

"George Ou" writes:
-+-----------------
 | I just verified that TinyURL.com will give you a nice URL to an executable.
 | 
 | Here's an example of a URL that opens a .EXE file.
 | http://tinyurl.com/3d588b
 | 
 | Now imagine that this was actually a user-mode malicious payload that avoids
 | triggering UAC which contains ransomware.  It's very easy to use Vista
 | speech command open IE7 and say "tinyURL.com/3d588b", "enter", "run".  That
 | will actually download and launch your desired payload from any website and
 | TinyURL will make it easy to say.  This is actually easier than my
 | successful document-deleting recycle bin emptying test because it's a
 | shorter script.
 | 

Spectacular!

So, for two or more machines that can hear each other,
I can make one of them tell another to do something
naughty or perhaps I can even use the air itself as
a not-very-covert-but-you-know-what-I-mean channel
for moving data.  Plausible deniability never had it
so good.

--dan

==========
The Oracle:
  Of course you have. Every time you've heard someone say
  they saw a ghost, or an angel. Every story you've ever
  heard about vampires, werewolves, or aliens is the
  system assimilating some program that's doing something
  they're not supposed to be doing.
Neo:
  Programs hacking programs...

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: