Remote "exploit" of Vista Speech reveals fatal flaw

ummm............you Could just change it to where it doesnt start listening till you say, start listening.

That's outrageous!

I also heard today that if you point a gun at yourself & pull the trigger you could be hurt or even killed.

Just another reason I'm turned off by Vista.

Shouldn't this be why the User Account Control was created? Before you could delete the Documents folder, it would ask for permission to do so, and then it would again ask for permission to clear it from the Recycle Bin.

Oh come on, how long will this take to be fixed? A day, 2 tops?

Vista, FUD FUD FUD, VISTA, Microsoft, FUD FUD FUD.

You guys are nuts! "no keyword is required to make your computer start listening to what you have to say, meaning any stray word could be interpreted as a command by Windows if it has the right tone and is within Vista's repertoire"

There IS a keyword - it's called Start Listening - and only then the computer will take your blabbing for serious.

Also, to be honest, Speech recognition in almost any OS really sucks, and it is not super good in Vista either, so chances of you suffering from this in any way are completely minimal. It's not like WOW - we can get really screwed ;)

And you Vista haters - check out by blog so you can see why you Should get Vista and like it ... It has tons of improvements, new - faster - network stack IpV6, integrated search which really works, it's pretty, and it's really worth the upgrade...

If you are a Mac user, check out that Vista Runs on MacPro faster than Apple's own OS - reported by The Cult of Mac!

And you love linux - power to you - but Vista is nice for all of us who actually do like to use GUI ... I use linux shell on daily basis - but Vista makes me happy when I come back home ;)

Cheers from www.VistaJuice.com

right i use vista, and i use the SR. i turn off the SR when im not using it, so for any 'program' to 'hijack' it they'd first have to turn it on, tell it to start listening, and then somehow mimic my voice commands.

the vista voice recognition isn't bad, but the first time you say somthing, it doesnt have a clue. you have to teach it a bit first, then it'll actually get it right. if some hacker were to try this, they'd just get the little yellow icon with the 'what was that?' next to it.

the only reason this exploit made news is because its of the (very few peices) of new tech in vista. im pretty sure there's going to be a ton of other, more legacy types of security holes that will pop up soon.

btw the indexed search is really really good. i have all my important rss feeds in outlook, and by simply hitting the start key and typing, it searches not only all my files, but everything in outlook as well. very handy.

Vista copies Mac OSX but forgets to copy "speech"

Not really a fatal flaw, more of an over exaggeration to ensue panic and hysteria over nothing really...this was obviously written by an apple stooge.

this is stupid. i don't know how the speech recognition works exactly, but this seems really far fetched to be called a "vulnerability." its like trying to make a problem when there really is none. i mean, how long would you have to let the computer talk (and you not doing anything about it) before it does something damaging... IF it is even possible at all? not exactly realistic. its not like some random website is going to play an audio clip that says "format computer now!!!!" and it would actually like... do it.

The idea of being able to wake up, holler at your computer "Open Google News" from your bed and see your monitor flash on with the headlines is very appealing. If you tell it to do something, it will do it, but it also picks up a lot of other stuff and imagines them to be commands. AIM noises, music whatever. And while you can have it idle, it also thinks that a lot of sounds the system is playing the "Start Listening" command.

If it just compared the noise it was getting with what the soundcard was outputting, it could stop all those silly commands. But it already uses about 20% of the CPU...

cool.. audio batch files and scripts. iTunes pwns your windoze vistas!

Another thing...

Microsoft fixes the issue by requiring some sort of keyword (like "start listening" - or is it there already?) before taking input seriously.

So all the bad guys out there with nothing better to do with their time than try to come up with an audio hack that'll affect a miniscule percent of the population need to do is put "start listening" at the beginning of the audio they play.

Or am I missing something?

There's a sweet Dilbert strip about deleting files via the magic of voice recognition but I can't seem to locate it:(

This won't be a problem. We all know this feature doesn't work anyway. http://www.youtube.com/watch?v=2Y_Jp6PxsSQ

This is the lamest 'hack' I've ever heard of. There's no software vulnerability or anything. There's no malicious software at work or anything, just the equivalent of your roommate shouting "DELETE FILE", except that is more likely than the aforementioned 'hack' taking place.

I meant "news" rather, and sorry for the other typos, just ranting too fast.

In other news, if you fall asleep while using your computer, roommates may be able to sneak in and rename all your files to U2 songs.

Oh no!!!
In related news, if you leave a radio on next to your computer, and the announcer says "Delete all" Vista will delete all your files.

Come on, this is retarded.

That is one of the lamest 'exploits' I've ever heard of.

And the software actually does work pretty well.
http://www.youtube.com/watch?v=bU9we3TdrUA&mode=related&search=

I agree, there are major flaws within the Vista system. The fact that any little 8 year old with a three dollar hack has the potential to exploit, bring down, or potentially expose any Vista machine on the network within a few days of a new os's release is amazing and fantastic. I doubt just Vista machines are vulnerable. Really, searching for and distributing security flaws is capital, let alone just finding the ones that should be found. That's why I think its a good idea to write the congress man and as for legal license to operate computers. To put things into perspective. Like a drivers license, PC rights could be revoked when engaging in damaging operations. It would also create a new market for the insurance companies and possibly drive down software prices. Vote for "Computer Operators Licese"

Check the following:
( ) Agree
( ) Dont Disagree

Courtesy of a new Vista Owner

I heard today that there is a terrible security flaw in the latest Ferrari Testarossa. It seem that if you leave the engine running with the keys in the ignition and the doors unlocked and parked in a really bad neighborhood that the car can easily be stolen...the head of Ferrari is expected to resign over this terrible security risk.
A HUGE corporate blunder.

Keep in mind, the hacker has to say the magic words: "Dear Aunt, let’s set so double the killer delete select all"

So funny to see the M$bots out defending their dearly beloved Crackpot DRM stew Vista, then attempting to convert people dealing with the rigors of running their last bomb of a secure holed OS, XP! Same ugly Winblows OS pre-drilled for exploits, spam, and malware. M$ sucks and their Xbox 360, many OS's, right along with their Zune fiasco! M$=losers

MS actually gives you an API to interact with the speech recognition engine. so here's a utility app that lets you control it using it with keyboard commands (i.e. tap-and-talk), instead of having it always listening. the concept is you press F12 (it starts listening) you say your command (the computer executes the command) you press F12 again (it stops listening).

http://www.brains-N-brawn.com/micBarExtend/

because of this hack nonsense i'll look into making it work with a user-defined keyword

now where have I seen that mic icon before?

haha

the MS photocopiers have been busy busy busy

waddo

heh, i got an idea, someone with Vista try this.

Set it so whatever is coming out of the mic, comes out the speakers, then load this, and tell it to open something (a little txt file would be good since it wont suck up your ram) It should go through your mic, the computer will open it, then out your speakers, and through your mic again, opening and opening the text file forever!

obviously this could have more malicious uses.

Computer

Initiate self-destruct sequence

WAIT! Hold all this inane banter! Stop the presses! Balmer had dignity?
Or are you just taking the piss?

There is also this other vulnerability. If someone walked up behind me, and smacked me in the back of the head to knock me out, they could use my keyboard and mouse to delete all of my files. However, if this were to happen while I was using a mac, the mac would be smart enough to say "No, you KO'd my owner. I will not operate for you." And, yes, it does literally say it. I will never, ever, ever get vista because of the blatant vulnerability.

News just in. Another fatal flaw discovered in Vista. If you leave your mic on, voice control running and your window open, your next door neighbours kids can control your PC while playing in the yard.

Pointless if, if, if scenario. For goodness sake, if you leave all that stuff on and someone can actually be bothered to set up a malicious website and get you to go to it then they deserve to be able to mess with your computer to teach you a valuable lesson.

You dont really need the keyboard on a mac, you can turn it on by saying something like "computer, + command" ex. "computer, quit itunes"

Doom and Gloom, Tear Down The Most Successful Company In The US, from the media, again...

"Hey, Windows Vista came out. It's really cool."
"Well, there must be something wrong with it, that we can scare the public with. We can make up this story.."
"Would that actually work? Could it happen?"
"Probably not in a zillion years, but that's not important. We can "make some news" here! You want to keep your job, don't you?"
"I suppose so, but don't you think that it's a little unethic..."
"Stop right there! We never use that word around here."

This is a complete non-event. For the future please review what a security flaw actually is so you don't mislead the public. Word choice is key to being a good journalist.

Thanks for wasting my time.

Hmm...I know what I'll be adding to my site this evening...

This exploit doesn't seem so off the wall. There are folks who use and rely on speech recognition. I imagine people with disabilitys are a large portion of these users, a blind user for instance would want ot have this running all the time.

Just think, a podcast even describing the issue has the potential to tell Windows to do something that it really shouldn't do. So the potential is indeed there to for a malicious broadcast to set off unwanted events.

Don't Engadget proof-read their articles? "Steve Ballmer" and "dignity" used it the same sentence?

Typical of Microsoft... on their rush to get the product on the shelves, we users have to download tons of "patches" and "upgrades" because M$ can't get things right... not the first time, neither second, third, and so on... it's incredible a company with such lack of compromise with quality and performance can sell that kind of crap just because the eye-candy... pure marketing.

I'm a linux and windows user. When speaking about Open Source Software, I don't complain about updates or patches, because I know it's software in constant development, but problems that appear are resolved swiftly compared to M$... when I start windows... it's incredible how often are "new updates available". Products like firefox have been the cutting-edge in terms of UI, and having its own load of problems, you can't even compare their impact to those of IE...

Everyday I have to use Windows I'm more convinced about Linux being a professional platform... for those of you that think about linux as a command line, please, check the status of KDE and Gnome... real, high quality eye-candy for those who want their computers "look pretty"

ok why the haters dont show the real demo?

http://youtube.com/watch?v=kX8oYoYy2Gc

Windows Vista did work and even worked before.
so before you start sayin "it didnt work anyways" read or view!
and by the way. im using Windows Speech Recognition right now!

And its even better than wierd stuff.

for Apple:
Did you when Microsoft Started the development of Windows Vista?
It started in 2002 with the codename Longhron and now if you search in youtube , google video or any other place you can find all the videos from that time and well. Why you say "They copy mac" if MAC copy Windows Longhorn.

Heres an screen shot from the OS 10.3 "Panther" Apple says "we have search be fore microsoft"
http://www.aventure-apple.com/logiciels/images/panther.jpg
can someone tell me where in that picture you see the spotlight thing.

NOW heres a video of the Longhorn Concept if you put attention you will see this "April 200" in the video.

http://youtube.com/watch?v=b9ifQvQCO7Y

Now after this huge proff what you have 2 say?

For everyone.
Windows Vista is the most impresive software out there. its secure , faster and better lookin than any other operatin system.

Super compatible , stable and i can even say this its cheap. more cheap then getting a Mac just to get the God Damn MAC OS X.

Comments?

one more thing

All the Microsoft haters always are reporting errors on Microsoft Products. but i found something in YouTube something that is hilarious and disturbing at the same time.

You may know Steve Jobs and you may thought that in his keynotes he knows the keynotes.

But here its a proof that he just know the brand.

check out this hilarious video. you may need to wait after the saturday nite videos (super funy btw) and then you will see the real apple.

http://www.youtube.com/watch?v=Xx7vc0xdQrg&NR

Its hilarious
hilarious
hilarious!

Oh come on now. If you can't take 5 seconds to mute the microphone when you're done using voice commands you're stupid and deserve it. Seriously, there is nothing wrong with using voice commands.. in fact the whole speech recognition program can be very useful, especially for replying to junk like this. I suppose it's like anything else.. if it's used correctly and configured properly it will be much harder for people to hack or use the features against your will or in an inappropriate manner.

Mitch, you could be right but what is retarded is people find just about any excuse they can to bash Microsoft, even when it's undeserved. Hey I'm no fan of Microsoft, I don't like a lot of their software. It's often slow, bloated and buggy, but for all speech recognition is and isn't they didn't do a half bad job with the speech recognition in vista.

If you're hoping for Hal 9000, recognition that can differentiate between the speaker and background noise, you can forget it for now. Just use some common sense, mute the damn microphone and all will live happily ever after.

This all sounds to me like someone doesn't really know what they are talking about:

1) There IS a keyword - it's called Start Listening. Input is muted until you say Start listening, this is when Speech Recognition is even loaded. I personally don't leave it running when I am not using it. And I doubt anyone will either.

2) UAC (User Account Control) prevents you from just deleting things, or emptying the recycle bin. Especially with Voice command. And I have tried many commands like "Delete C" or "Format C" and trust me, that doesnt work. And MS wouldnt be that stupid.

3) Once you train SR to your voice, it would be almost impossible for any "Recorded voice" on any website or sound clip to "TAKE OVER" your computer. Simply because IT WONT BE ABLE TO UNDERSTAND the recorded voice. Once you train it to your voice, it will only be able to interpret your voice, No one else.

4) Voice Command technology of ANY Type is fairly new, So it won't be great right now, but as technology gets better, pretty soon we will be able to tell our computers to do our taxes, or order pizza, and it will be able to dam near do it without second guessing.

5) Even if you ignore all the obvious safety features already built into Vista, and lets say hypothetically you got some kind of exploit that when you goto a website, one, it installs a script that runs Voice Recognition, then it tricks VR to turn itself on and "Start listening", then it figures out how to bypass your trained voice, and play a sound clip that will delete all your system files, or mess up your boot file information, then it restarts your computer leaving you with a "NO OS FOUND" prompt.

Obviously all that is far fetched. Because of the Several layers of security that will prevent ANY if not all of those steps to fail, and even if Someone figures out how to do it, There is always the Boot fix option that will fix any booting issue when you boot from the Vista Install CD, then when you get back to windows, if anything is deleted, you can just do a system restore to get back all deleted files.

COME ONE PEOPLE THINK!!!!

Stop listening to Microsoft Bashers, Mac Thumpers, Or just plain out HATERS!!!