nCircle The Lens Blog

Shout hacking?! Oh please...

Somewhere there's someone who hasn't heard about this little Microsoft Voice Recognition issue. It seems that the term "shout hacking" has been surfaced as a label for such activity. Please, collectively, let us shun this name. It's not just a bit silly, but also inaccurate. First of all, no shouting need be involved. A whisper, if sufficiently audible, would be enough. More importantly, perhaps, there is no 'hacking' involved here. It's a feature, doing what it's supposed to do. You tell it to shutdown, it shuts down. If someone comes up with an audio sequence that's inaudible to humans, but causes the Vista box to load a trojan from a remote host, now that would be a hack. Or an audio file that launches itself via voice command, creating a sort of audio LAND attack...

Don't get me wrong. This is nifty and funny, but let's not give it a silly name.

Posted by Tim Erlin on February 2, 2007 5:47 AM |

TrackBack

TrackBack URL for this entry:
http://blog.ncircle.com/cgi-bin/mt-tb.cgi/129

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Verification (needed to reduce spam):


About

This page contains a single entry from the blog posted on February 2, 2007 5:47 AM.

The previous post in this blog was Study: Extended Validation Certificates.

The next post in this blog is Ric Romero Reporting....

Many more can be found on the main index page or by looking through the archives.



Bio

Blog: The Lens
Author: Tim Erlin

Tim Erlin, CISSP, is a Principal Product Manager at nCircle, responsible for vulnerability management and configuration auditing. In his nearly 10 year tenure at nCircle, he has also held the positions of Senior Sales Engineer and QA Engineer. His career in information technology began with systems and network administration.


Search

   


Recent Posts

   

Archives

   

Categories

  • Blog
  • Information Security Market
  • Regulations and Compliance
  • Vulnerability Research