Re: Vista Speech recognition

[Valdis.Kletnieks () vt edu]

On Fri, 02 Feb 2007 16:23:24 +0100, Thierry Zoller said:
> With all due respect, I think you are crying wolf a tad bit too much.
> Speech recognition is inherently unreliable, (btw remember the presentation
> they gave?). Since you deem the problem as remotely exploitable,let's ignore
> for one that I have to actively browse to a website and as such be physically
> in front of the PC and assume we use XSS to zombie the browser and play the
> audio 5 minutes later.  Then we assume there is not too much background
> noise, assume the audio level is ok, assume the microphone is on,
> assume Speech recognition is used, assume audio is on, and so forth.
>
> Too many assumption to make it a real risk for me remotely, sorry. That's
> my personal opinion. Is is a vulnerability ? Yes. Is it likely to work
> 100% like a good crafted exploit? No

On the other hand, it's the sort of attack that is really handy to have
if you're doing a targeted attack against a corporation - send a crafted
spam that delivers the XSS to zombie the box, sleep for a few hours, and
when nobody's left in the office, crank up the volume and yell "PANTS DOWN!"
to every computer within range.... :)

(Remember - the average office is nice and quiet at 11PM if the janitors
aren't around - and nobody ever *said* the computer making the noise was
the one getting pwned... :)

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/