Dailydave mailing list archives

Re: Vista speach recognition

From: "George Ou" <george_ou () lanarchitect net>
Date: Fri, 2 Feb 2007 01:04:14 -0800

Here's the round up on news coverage on this flaw.
http://blogs.techrepublic.com.com/Ou/?p=420
http://blogs.zdnet.com/Ou/?p=420

"The fundamental problem here is that Microsoft "extended" speech to be able
to control the Operating System and Applications without considering the
full security implications.  If Microsoft had merely assigned a user-defined
password with an automatic lockout after a certain amount of idle time, it
would have made the generic attack impossible but they failed do that.  So
I'm asking Microsoft to reconsider their stance that "there is little if any
need to worry" and implement some sort of safety mechanism rather than
relying on the user to be self vigilant.  It doesn't matter that there
aren't that many people using this feature; Microsoft should fix it if
they're going to offer it and market it as a key Vista advantage.  Since
Microsoft is promoting Voice recognition for healthcare, we should consider
the safety of patient health records.

At present time, Vista Speech Recognition wakes up to the command "start
listening".  How hard would it be for Microsoft to make that a
user-definable phrase or word?  For example: A user would pick "Zelda" as
the word to wake speech mode while someone else picks "439" as their wake
word.  How hard would it be for Microsoft to implement a wake timeout so
that Speech Recognition would sleep after 5 minutes idle?  How hard would it
be for Microsoft to implement their excellent echo cancellation algorithm in
Windows Messenger for Speech Recognition?  I don't believe this is too much
to ask."


I want to thank the SANS Institute guys for "getting it".  Coming from them,
that means something to me.


I'm also running a poll at the end asking if Microsoft should patch this
with a pass phrase and echo cancellation.



George Ou

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Re: [RGSPAM] Re: Vista speach recognition, (continued)
- - - Re: [RGSPAM] Re: Vista speach recognition christian void (Jan 31)
    - Re: Vista speach recognition Sebastian Krahmer (Jan 31)
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Re: Vista speach recognition George Ou (Jan 31)
    - Re: Vista speach recognition dan (Jan 31)
    - Re: Vista speach recognition Curt Wilson (Jan 31)
    - Re: Vista speach recognition dan (Jan 31)
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Re: Vista speach recognition George Ou (Jan 31)
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Re: Vista speach recognition George Ou (Jan 31)
    - Message not available
    - Re: Vista speach recognition George Ou (Feb 01)
    - Re: Vista speach recognition Sebastian Krahmer (Feb 01)
    - Message not available
    - Re: Vista speach recognition George Ou (Feb 02)
    - Re: Vista speach recognition Sebastian Krahmer (Feb 02)
    - Re: Vista speach recognition Dave Aitel (Feb 02)
    - Re: Vista speach recognition George Ou (Jan 31)
    - Re: Vista speach recognition dan (Jan 30)
  - Re: Vista speach recognition Halvar Flake (Jan 31)
- Re: Vista speach recognition christian void (Jan 30)
- Re: Vista speach recognition George Ou (Jan 30)
- Re: Vista speach recognition George Ou (Jan 30)
- Re: Vista speach recognition Ross Brown (Jan 31)
  - Re: Vista speach recognition Sebastian Krahmer (Jan 31)

(Thread continues...)