Vista's "ultimate" security :)

Doug Luurs doug at borisch.com
Tue Feb 6 09:47:50 PST 2007 

The "Proper" way to load Vista ...

http://www.break.com/index/how_to_properly_load_vista.html 

> -----Original Message-----
> From: 
> filepro-list-bounces+doug=borisch.com at lists.celestial.com 
> [mailto:filepro-list-bounces+doug=borisch.com at lists.celestial.
> com] On Behalf Of Fairlight
> Sent: Tuesday, February 06, 2007 9:04 AM
> To: filePro Mailing List
> Subject: OT: Vista's "ultimate" security :)
> 
> Wow, it was released less than a week ago and already it hits 
> SANS with the
> first vulnerability...and an amusing one at that:
> 
> *****
> 07.6.1 CVE: Not Available
> Platform: Windows
> Title: Windows Vista Voice Recognition Command Execution
> Description: Windows Vista is prone to a command execution
> vulnerability because of its built in voice recognition capability.
> When voice recognition is enabled and when the speakers and microphone
> are on and the volume is adjusted appropriately, voice commands given
> via an audio file may be executed by the operating system. Several
> versions of Windows Vista are affected.
> *****
> 
> I just gotta say that, while extremely improbable that it 
> would likely be
> exploited often or easily, this kind of thing is of a large 
> enough scale
> that it should have been thought of during the -years- of 
> security tests
> they did.  All the little things they tweaked, and then this 
> big one slips
> by unnoticed. :)
> 
> Solution:  Disable a major feature of the OS that's possibly 
> a draw for it.
> That's about it, too.  They have no patch available, and I 
> don't know how
> they could possibly get it fixed reasonably without risking more.  I
> know!!!  Make the user have to speak their passwords aloud to 
> proceed!!! :)
> 
> To be fair, it does require certain conditions be met to 
> actually abuse it.
> My own rig would be a potential victim, however, as I always have the
> speakers and mic on.  Details are at:
>      
> http://blogs.technet.com/msrc/archive/2007/01/31/issue-regardi
> ng-windows-vista-speech-recognition.aspx
> 
> I'm not irate with them or anything, I just find it utterly 
> ironic that
> they spent so much attention to fine detail and yet missed a 
> macroscopic
> feature entirely.  And it's been under a week since release, 
> hackers the
> world over are prying at the thing, and it comes down to 
> something this
> simple.  It's easy cannon fodder, and free entertainment in 
> the morning,
> here.
> 
> Again, though, it illustrates the common and continuing trend that the
> potential for an attack is coming more and more from 
> application data--as
> is the case for an Office 2000/2004 arbitrary code execution 
> bug for which
> they have no patch available.  I -do- find it disturbing that 
> traditionally
> and usually the security lists will hold off until the vendor 
> has a patch
> ready before reporting an exploit, and very, very 
> consistently the SANS
> reports say, "Vendor confirmed, no patches available," for Microsoft
> products.
> 
> As for any relevance to fP (well, I did flag this OT, but 
> still...), one
> can be thankful in -some- ways that fP is not SQL compliant.  
> Its lack of
> SQL features means that it's not subject to traditional SQL injection
> attacks.  I guess it's one case where the legacy design works in fP's
> favour, and makes it immune to at least a major vector that's 
> part of the
> overall larger trend.
> 
> I was trying to figure out if there was a way to screw up a 
> key segment
> by injecting specific bytes into an IMPORT, as an example, but since
> it appears to all be based on offsets, I don't think you can do that.
> Thankfully.
> 
> mark->
> -- 
> Fairlight->   ||| "I know when to go out and when to | 
> Fairlight Consulting
>   __/\__      ||| stay in...get things done..." --   |
>  <__<>__>     ||| Bowie                              | 
> http://www.fairlite.com
>     \/        |||                                    | 
> info at fairlite.com
> _______________________________________________
> Filepro-list mailing list
> Filepro-list at lists.celestial.com
> http://mailman.celestial.com/mailman/listinfo/filepro-list
> 

-- 
These commodities/technical data are controlled under the United States Export
Regulations and may not be exported to a foreign person, either in the U.S. or
abroad, without the proper authorization of the U.S. Department of State or the
U.S. Department of Commerce. Please contact Borisch Manufacturing Corporation
for commodity classification and jurisdiction.

This E-mail, including any attachments, may contain confidential
information and is intended solely for use by the individual to whom
it is addressed.  If you received this E-mail in error, please notify
the sender, do not disclose its contents to others, and delete it
from your system.  Any other use of this E-mail and/or attachments
is prohibited.  This message is not meant to constitute an electronic
signature or intent to contract electronically.

More information about the Filepro-list mailing list