Full Disclosure mailing list archives
Re: Vista Speech recognition
From: Valdis.Kletnieks () vt edu
Date: Fri, 02 Feb 2007 10:38:06 -0500
On Fri, 02 Feb 2007 16:23:24 +0100, Thierry Zoller said:
With all due respect, I think you are crying wolf a tad bit too much. Speech recognition is inherently unreliable, (btw remember the presentation they gave?). Since you deem the problem as remotely exploitable,let's ignore for one that I have to actively browse to a website and as such be physically in front of the PC and assume we use XSS to zombie the browser and play the audio 5 minutes later. Then we assume there is not too much background noise, assume the audio level is ok, assume the microphone is on, assume Speech recognition is used, assume audio is on, and so forth. Too many assumption to make it a real risk for me remotely, sorry. That's my personal opinion. Is is a vulnerability ? Yes. Is it likely to work 100% like a good crafted exploit? No
On the other hand, it's the sort of attack that is really handy to have if you're doing a targeted attack against a corporation - send a crafted spam that delivers the XSS to zombie the box, sleep for a few hours, and when nobody's left in the office, crank up the volume and yell "PANTS DOWN!" to every computer within range.... :) (Remember - the average office is nice and quiet at 11PM if the janitors aren't around - and nobody ever *said* the computer making the noise was the one getting pwned... :)
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Vista Speech recognition Thierry Zoller (Feb 02)
- Re: Vista Speech recognition Valdis . Kletnieks (Feb 02)
- Re: Vista Speech recognition Sûnnet Beskerming (Feb 02)
- Re: Vista Speech recognition James Matthews (Feb 02)
- Re: Vista Speech recognition Valdis . Kletnieks (Feb 02)