It's more of a mischief thing, but if somebody has "voice recognition" enabled on Vista, you can use spoken commands (like, music played on a website) to run commands on the computer. Apparently it doesn't have to be terribly loud or clear, either. You can do anything that doesn't require UAC, for example:
- Install a program (for the current user)
- Delete files, send an email
- Play more audio (for nearby computers?
- Encrypt files (probably with an external program)
It's not terribly important, but it's kind of funny. Ways to fix it:
- Require a unique password
- Prevent feedback (but you could still use other computers)
It was originally posted on the Daily Dave mailing list, though a lot of news sites have picked it up:
http://lists.immunitysec.com/pipermail/dailydave/2007-January/thread.html (near the bottom)
Here's my favorite post:
I can see it now; all you need is one 0wned host every
few feet and you can bark commands to all the others
within earshot. First thing you tell them is to join in
the sing-along. It would make a great movie scene -- with
maybe Richard Clarke looking over his shoulder down a
corridor in the Pentagon and saying "Do you hear that?"
as a crescendo of "halt-and-catch-fire" rises in the
in the distance...
Here's $500 for the first documented case of someone
using the white courtesy phone in an airport to page
Mr Shootdown, Reese Sett, Sleep Now, or whatever and
blanking all the laptops in a concourse. An extra
$500 if it's DC National...
