Dailydave mailing list archives
Re: Vista speach recognition
From: Sebastian Krahmer <krahmer () suse de>
Date: Fri, 2 Feb 2007 10:48:29 +0100 (CET)
On Fri, 2 Feb 2007, George Ou wrote: Hi, I think its a quite normal reflex to decrease importance of such bugs. If its an IE7 instand high-tech remote, you have little chance to say 'not so important'. if it has some sort of fun-factor and some laughs, its easier to say 'yes, but not serious'. At least until you realize that all your firewalls, IDS and whatnot did not protect you. On the other hand, I do not really care what the "official" severity is. Maybe, in 20 years, if all computers are controlled by expressions, speech and gestures such "exploits" become common; and this one was the first of this kind. Lets see how it developes ;-) thanks for the effort, Sebastian
Here's the round up on news coverage on this flaw. http://blogs.techrepublic.com.com/Ou/?p=420 http://blogs.zdnet.com/Ou/?p=420 "The fundamental problem here is that Microsoft "extended" speech to be able to control the Operating System and Applications without considering the full security implications. If Microsoft had merely assigned a user-defined password with an automatic lockout after a certain amount of idle time, it would have made the generic attack impossible but they failed do that. So I'm asking Microsoft to reconsider their stance that "there is little if any need to worry" and implement some sort of safety mechanism rather than relying on the user to be self vigilant. It doesn't matter that there aren't that many people using this feature; Microsoft should fix it if they're going to offer it and market it as a key Vista advantage. Since Microsoft is promoting Voice recognition for healthcare, we should consider the safety of patient health records. At present time, Vista Speech Recognition wakes up to the command "start listening". How hard would it be for Microsoft to make that a user-definable phrase or word? For example: A user would pick "Zelda" as the word to wake speech mode while someone else picks "439" as their wake word. How hard would it be for Microsoft to implement a wake timeout so that Speech Recognition would sleep after 5 minutes idle? How hard would it be for Microsoft to implement their excellent echo cancellation algorithm in Windows Messenger for Speech Recognition? I don't believe this is too much to ask." I want to thank the SANS Institute guys for "getting it". Coming from them, that means something to me. I'm also running a poll at the end asking if Microsoft should patch this with a pass phrase and echo cancellation. George Ou
-- ~ ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer () suse de - SuSE Security Team ~ _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Vista speach recognition, (continued)
- Re: Vista speach recognition Sebastian Krahmer (Jan 31)
- Message not available
- Message not available
- Message not available
- Message not available
- Re: Vista speach recognition George Ou (Jan 31)
- Re: Vista speach recognition dan (Jan 31)
- Re: Vista speach recognition Curt Wilson (Jan 31)
- Re: Vista speach recognition dan (Jan 31)
- Message not available
- Message not available
- Message not available
- Message not available
- Re: Vista speach recognition George Ou (Jan 31)
- Message not available
- Message not available
- Message not available
- Message not available
- Re: Vista speach recognition George Ou (Jan 31)
- Message not available
- Re: Vista speach recognition George Ou (Feb 01)
- Re: Vista speach recognition Sebastian Krahmer (Feb 01)
- Message not available
- Re: Vista speach recognition George Ou (Feb 02)
- Re: Vista speach recognition Sebastian Krahmer (Feb 02)
- Re: Vista speach recognition Dave Aitel (Feb 02)
- Re: Vista speach recognition George Ou (Jan 31)
- Re: Vista speach recognition dan (Jan 30)
- Re: Vista speach recognition Sebastian Krahmer (Jan 31)
- Re: Vista speach recognition George Ou (Jan 31)