NationStates Jolt Archive


Vista...ohhhh Vista....

Rubiconic Crossings
02-02-2007, 01:53
How the hell MS still has any credibility is beyond me. Vista my hairy fat arse.

http://news.bbc.co.uk/1/hi/technology/6320865.stm

Last Updated: Thursday, 1 February 2007, 13:33 GMT

Microsoft has admitted that speech recognition features in Vista could be hijacked so that a PC tells itself to delete files or folders.

Vista can respond to vocal commands and concern has been raised about malicious audio on websites or sent via e-mail.

In one scenario outlined by users an MP3 file of voice instructions was used to tell the PC to delete documents.

Microsoft said the exploit was "technically possible" but there was no need to worry.

The firm has pointed out that in order for the flaw to be exploited the speech recognition feature would need to be activated and configured and both microphone and speakers would have to be switched on.

There are also additional barriers that would make an attack difficult
Microsoft security researcher

"The exploit scenario would involve the speech recognition feature picking up commands through the microphone such as 'copy', 'delete', 'shutdown', etc. and acting on them," a Microsoft security researcher wrote on the team's official blog.

Some Vista users have already tested the exploit and were able to delete files and empty the trash can so that the documents were not retrievable.

Microsoft has said that even if the machine was primed to accept voice commands it would be unlikely the user would not be in the room to hear the file with malicious instructions being played.

The firm also said that voice commands could not be used for privileged functions such as creating a new user or formatting a drive.

"There are also additional barriers that would make an attack difficult including speaker and microphone placement, microphone feedback, and the clarity of the dictation," wrote the Microsoft researcher.

While speech recognition was a feature of Windows XP, in Vista the use has been widened.

"While we are taking the reports seriously and investigating them accordingly I am confident in saying that there is little if any need to worry about the effects of this issue on your new Windows Vista installation," said the researcher.
Smunkeeville
02-02-2007, 01:55
:p That's good to know I guess.
Rubiconic Crossings
02-02-2007, 02:02
:p That's good to know I guess.

I admit it could be quite amusing in a office where people are using the speech recognition...just yell...SHUTDOWN! ;)

What is scary is that there is way of deleting files that has no verification that you as the user want that process to happen...so I figure there could be an electronic way to mimic the voice comms...

Plus the other Vista issues that are extant make wonder really how the hell MS can get away with releasing that as a finished product...I mean they are releasing SP1 for it already!

I would rant but I am about to go to bed so want to keep the blood pressure down...otherwise I will have dreams of me doing unpleasant things to the Vista Product Team.
Demented Hamsters
02-02-2007, 07:54
Why stop at screwing someone's computer up?
I'd have the voice recognition tell the user to do weird shit instead.
"I'm sorry, but if you want to save your document you need to first bark like a dog."
United Beleriand
02-02-2007, 08:00
There's no SQL Server for Vista. Showstopper.