Vista fun

Discussion in 'NZ Computing' started by J.Wilson, Feb 12, 2007.

  1. J.Wilson

    J.Wilson Guest

    From Xpmediacentre forums

    All the effort Microsoft has put into making sure this Windows would be the
    most secure ever appears to be somewhat in vain. Iranian hackers, operating
    through a legitimate software firm, have gotten past all of Microsoft's
    "anti-copying tricks". These hackers claim they will sell these illegitimate
    copies of Windows Vista through the firm they work for at approximately $8
    USD a copy. What's really interesting, though, is how they managed to give
    each pirated copy of Vista its own serial number, so that they can register
    it through Microsoft as a legal copy of Windows Vista.

    Also Russian hackers posted instructions to an underground forum describing
    how to implement "privilege escalation," which could bypass some Vista
    security measures. This hack could escalate the "privileges" of a normal
    Vista user into that of a "superuser," allowing him to change anything he
    desired on the system. This would be particularly dangerous in a corporate
    environment where normal computer users have limited privileges, in that
    they cannot install programs, visit certain Web sites, etc. This threat is
    considered so serious that Microsoft has scrambled its "Security Response
    Center," which is ostensibly still trying to figure out what to do.

    Microsoft also recently acknowledged that Vista's built-in speech
    recognition software could be exploited by bad guys to delete files and even
    shut the computer down. This wacky (and quite clever) hack works something
    like this: A Vista user downloads and plays a malicious audio file, probably
    thinking that it's the latest Toby Keith song. Instead, the audio file
    begins barking commands through the computer's speakers, such as, "Delete
    all files in the 'My Documents' folder," or, "System shut down." These
    verbal commands are picked up by the computer's microphone, processed by the
    built-in speech recognition software, and the computer obeys.
    J.Wilson, Feb 12, 2007
    #1
    1. Advertising

  2. J.Wilson

    Crains Guest

    J.Wilson wrote:
    > From Xpmediacentre forums
    >
    > All the effort Microsoft has put into making sure this Windows would
    > be the most secure ever appears to be somewhat in vain. Iranian
    > hackers, operating through a legitimate software firm, have gotten
    > past all of Microsoft's "anti-copying tricks". These hackers claim
    > they will sell these illegitimate copies of Windows Vista through the
    > firm they work for at approximately $8 USD a copy. What's really
    > interesting, though, is how they managed to give each pirated copy of
    > Vista its own serial number, so that they can register it through
    > Microsoft as a legal copy of Windows Vista.
    > Also Russian hackers posted instructions to an underground forum
    > describing how to implement "privilege escalation," which could
    > bypass some Vista security measures. This hack could escalate the
    > "privileges" of a normal Vista user into that of a "superuser,"
    > allowing him to change anything he desired on the system. This would
    > be particularly dangerous in a corporate environment where normal
    > computer users have limited privileges, in that they cannot install
    > programs, visit certain Web sites, etc. This threat is considered so
    > serious that Microsoft has scrambled its "Security Response Center,"
    > which is ostensibly still trying to figure out what to do.
    > Microsoft also recently acknowledged that Vista's built-in speech
    > recognition software could be exploited by bad guys to delete files
    > and even shut the computer down. This wacky (and quite clever) hack
    > works something like this: A Vista user downloads and plays a
    > malicious audio file, probably thinking that it's the latest Toby
    > Keith song. Instead, the audio file begins barking commands through
    > the computer's speakers, such as, "Delete all files in the 'My
    > Documents' folder," or, "System shut down." These verbal commands are
    > picked up by the computer's microphone, processed by the built-in
    > speech recognition software, and the computer obeys.


    source?
    Crains, Feb 12, 2007
    #2
    1. Advertising

  3. J.Wilson

    J.Wilson Guest

    "Crains" <> wrote in message
    news:eqovrq$kgh$...
    > J.Wilson wrote:
    >> From Xpmediacentre forums
    >>
    >> All the effort Microsoft has put into making sure this Windows would
    >> be the most secure ever appears to be somewhat in vain. Iranian
    >> hackers, operating through a legitimate software firm, have gotten
    >> past all of Microsoft's "anti-copying tricks". These hackers claim
    >> they will sell these illegitimate copies of Windows Vista through the
    >> firm they work for at approximately $8 USD a copy. What's really
    >> interesting, though, is how they managed to give each pirated copy of
    >> Vista its own serial number, so that they can register it through
    >> Microsoft as a legal copy of Windows Vista.
    >> Also Russian hackers posted instructions to an underground forum
    >> describing how to implement "privilege escalation," which could
    >> bypass some Vista security measures. This hack could escalate the
    >> "privileges" of a normal Vista user into that of a "superuser,"
    >> allowing him to change anything he desired on the system. This would
    >> be particularly dangerous in a corporate environment where normal
    >> computer users have limited privileges, in that they cannot install
    >> programs, visit certain Web sites, etc. This threat is considered so
    >> serious that Microsoft has scrambled its "Security Response Center,"
    >> which is ostensibly still trying to figure out what to do.
    >> Microsoft also recently acknowledged that Vista's built-in speech
    >> recognition software could be exploited by bad guys to delete files
    >> and even shut the computer down. This wacky (and quite clever) hack
    >> works something like this: A Vista user downloads and plays a
    >> malicious audio file, probably thinking that it's the latest Toby
    >> Keith song. Instead, the audio file begins barking commands through
    >> the computer's speakers, such as, "Delete all files in the 'My
    >> Documents' folder," or, "System shut down." These verbal commands are
    >> picked up by the computer's microphone, processed by the built-in
    >> speech recognition software, and the computer obeys.

    >
    > source?


    http://www.taliyanews.com/fa/index.php :)
    J.Wilson, Feb 12, 2007
    #3
  4. On Feb 11, 9:01 pm, "J.Wilson" <> wrote:
    > From Xpmediacentre forums
    >
    > All the effort Microsoft has put into making sure this Windows would be the
    > most secure ever appears to be somewhat in vain. Iranian hackers, operating
    > through a legitimate software firm, have gotten past all of Microsoft's
    > "anti-copying tricks". These hackers claim they will sell these illegitimate
    > copies of Windows Vista through the firm they work for at approximately $8
    > USD a copy. What's really interesting, though, is how they managed to give
    > each pirated copy of Vista its own serial number, so that they can register
    > it through Microsoft as a legal copy of Windows Vista.
    >
    > Also Russian hackers posted instructions to an underground forum describing
    > how to implement "privilege escalation," which could bypass some Vista
    > security measures. This hack could escalate the "privileges" of a normal
    > Vista user into that of a "superuser," allowing him to change anything he
    > desired on the system. This would be particularly dangerous in a corporate
    > environment where normal computer users have limited privileges, in that
    > they cannot install programs, visit certain Web sites, etc. This threat is
    > considered so serious that Microsoft has scrambled its "Security Response
    > Center," which is ostensibly still trying to figure out what to do.
    >
    > Microsoft also recently acknowledged that Vista's built-in speech
    > recognition software could be exploited by bad guys to delete files and even
    > shut the computer down. This wacky (and quite clever) hack works something
    > like this: A Vista user downloads and plays a malicious audio file, probably
    > thinking that it's the latest Toby Keith song. Instead, the audio file
    > begins barking commands through the computer's speakers, such as, "Delete
    > all files in the 'My Documents' folder," or, "System shut down." These
    > verbal commands are picked up by the computer's microphone, processed by the
    > built-in speech recognition software, and the computer obeys.


    While it is technically possible, there are some things that should be
    considered when trying to determine what the threat of exposure is to
    your Windows Vista system.

    In order for the attack to be successful, the targeted system would
    need to have the speech recognition feature previously activated and
    configured. Additionally the system would need to have speakers and a
    microphone installed and turned on. The exploit scenario would involve
    the speech recognition feature picking up commands through the
    microphone such as "copy", "delete", "shutdown", etc. and acting on
    them. These commands would be coming from an audio file that is being
    played through the speakers. Of course this would be heard and the
    actions taken would be visible to the user if they were in front of
    the PC during the attempted exploitation. It is not possible through
    the use of voice commands to get the system to perform privileged
    functions such as creating a user without being prompted by UAC for
    Administrator credentials. The UAC prompt cannot be manipulated by
    voice commands by default. There are also additional barriers that
    would make an attack difficult including speaker and microphone
    placement, microphone feedback, and the clarity of the dictation.
    Nathan Mercer, Feb 12, 2007
    #4
  5. The real problem with Vista is that it makes you the untrusted person
    in your own computer.

    Patrick
    Patrick FitzGerald, Feb 12, 2007
    #5
  6. J.Wilson

    Dave Doe Guest

    In article <>,
    says...
    >
    >
    > The real problem with Vista is that it makes you the untrusted person
    > in your own computer.


    About time too.

    --
    Duncan
    Dave Doe, Feb 13, 2007
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ken Briscoe
    Replies:
    0
    Views:
    426
    Ken Briscoe
    Jul 14, 2004
  2. Replies:
    3
    Views:
    636
  3. Luke

    Fun fun fun

    Luke, Oct 7, 2003, in forum: Computer Support
    Replies:
    3
    Views:
    546
    Petit Alexi
    Oct 7, 2003
  4. Consultant

    OT Thursday, uh, fun, yeah, fun!

    Consultant, Feb 8, 2007, in forum: MCSE
    Replies:
    17
    Views:
    632
    TechGeekPro
    Feb 10, 2007
  5. Replies:
    0
    Views:
    234
Loading...

Share This Page