haha

I am sure this is the same as any Voice Recognition software. Like on Mac OS.

I like mentioned you will be told to elevate privlidges by UAC, unless you turned that feature off and if you got attacked you are the idiot in the first place.

Ahh - Matthew - how sympathetic:

"if you got attacked you are the idiot in the first place."

But Vista is a consumer product. Who in consumer land will be expert ?

We're all idiots now, right ?

---* Bill

open command enter
format c: /u /autotest enter
yes enter

bye bye windows with speech recognition ;)

Nice free publicity for Vista. Nice touch.

It was a quiet Friday afternoon--Frank's last day. The last week training his replacement was miserable. As he picked up his small box of belongings from his cubicle in the middle of the work area, he startled everyone around him by yelling out at the top of his lungs, "delete star dot star!!", then ran for the exit.

Although I don't see this happening too often, it seems to me this could be pretty easy to accomplish.

First gain the confidence of the person whose computer you intend to mess up. There are countless ways of doing this.

Then persuade them to switch on speech recognition - "it makes your IM more efficient", or something of that sort.

Then while they're away cause havock.

Easy. Probably far easier to exploit than just about any IE or OS hack. Often I look at these so-called exploits and think, someone wants some media attention and is blowing up a big huge nothing. But this is actually feasible - because it has more to do with con artistry and trickery rather than technical know-how.

The only defense would be to alway make sure your cam and microphone are off when your done. Even if you implement Linux/Unix style account practices, copying and deleting files would still be quite a low level procedure. You don't need to delete things from system folders to break Windows. Renaming files would be enough.

Sigh...
Pretty lame, isn't it? This is not a Vista vul. - it relates to any voice command OS.

A completely secure way to prevent this is to use headphones.

Sigh...
Pretty lame, isn't it? This is not a Vista vul. - it relates to any voice command OS.

A completely secure way to prevent this is to use headphones.

This is pretty paranoid. With UAC on by default in addition to speech recognition not on by default, I see this vulnerability affecting exactly 12 people. Would a "hacker" really waste time trying to exploit this? Probably not.

Though this is funny to think about, serious vulnerability? I think not.

Now this one is just silly. This is no different than if you left someone at your computer and they typed format c:. Speech recognition is an input just like a keyboard and a mouse and we generally don't concider the latter to be vulnerabilities. And if we do, we lock the machine or log off when going away from the computer.

Sorry, who ever reported this one, how lame!

Has this supposed exploit actually been demonstrated? The reason I ask is that I thought all speech-recognition systems used acoustic echo cancellation (AEC) to filter out noise from the speakers.

Microsoft has certainly implemented AEC in its voice-conferencing software (this was explained in a presentation recently given by Henri Malvar at MIT), as otherwise the feedback would render the software unusable. It's hard to imagine why they wouldn't use the same stuff in their voice recognition.

See also this Ars Technica article on Vista's audio software, which precisely states that Vista uses AEC to improve speech recognition: http://arstechnica.com/news.ars/post/20060907-7682.html

OS/2 Warp had voice recognition/voice type years ago. It was not a problem then.

http://www.os2ecs.org
http://www.os2world.com

Listen Joe Wilcox (or who ever felt like talking about this); Your whole talk in this article is almost useless, it's just writing to get attention.

See, everything of what you are saying is almost impossible to happen. I tried it myself with the RTM version of Vista, and guess what? It doesnt work that way, lamer.

The speech recognition in windows vista is far too complicated in it's making to the point that you will NEVER get any full commands happening through the speakers and then again through the mic, and if you practice your PC to recognize your voice better, then it is only your voice and way of speaking that can do a huge task of any type.

In lame theory it can work, but guess what again? testing it is a different thing, and I tested it in every way possible, saying start can work, but not everything you say can be done by the PC.

Another thing man, Why the hick do you assume that every single vista user is going to use the speech recognition? And why to assume that every speech recognition user is going to have his mic PERFECTLY loud enough, and speaker PERFECTLY loud enough and his speech recognition ALWAYS ready to listen and then leave their PC and go for a sleep?? Man, you are full of sh*t. At this stage of technology, nothing is as close as what vista has, adding to the fact that this feature was intended first and for most for the handicaps who can't use the keyboard easily.

So, stop this lame talk, and be useful by using the system in the right way.

And for MAC users: Have fun using a mac, enjoy it. I really mean it. now let go buy my own Vista OS.

Bye.

Joe Wilcox
Up to your old tricks hey ??
If there is a chance of a story going against "Windows Vista" you will go and do it !!
The only thing is in this case with the voice recognition software there is actually "NO PROBLEM" due to the UAC !
And not only that I have seen on "expert" sites (not like here) like Windows Now (for one) that the so called "flaw" cannot work anyway, even if the UAC was not even activated !
You are only trying to scare people away from Windows Vista, people who are interested in it should look elsewhere than here!
As "Anderson Imes" said "Would a "hacker" really waste time trying to exploit this? Probably not."
Congratulations Joe ... another MOUNTAIN out of a mole hill" !!
Try and be a real journalist and "REPORT THE NEWS" and stop trying to make "supposed" news !

Oh ! by the way Joe, you are right on one thing ...your heading "Vista, please don't listen to me".
NO ONE SHOULD LISTEN TO YOU !
Why because you are biased against Windows Vista and so is your "pal" Scot Peterson (Vista Ready? Not for me !) !

Anything for a sensational article.

The difference between Windows and Mac voice recognition is that the Mac requires a keyword (such as "computer" or "Mac") to be recognized before a command gets executed. This keyword is also user-definable, making it next to impossible to create a widespread exploit against the Mac voice recognition feature.

By contrast, Windows Vista requires no such keyword and can by tricked (either on purpose or by accident) into executing a command. And since there is no "user definable" keyword, it is possible to craft a shout-hacking exploit to hit multiple Windows Vista PCs.

So no, this isn't a problem inherent with all OSes with voice recognition.

I demand the 3 minutes of my life back that I just wasted reading your pile of nonsense! Are you really afraid that someone would actually try this? What about the fact that the speech recognition in Vista has to be TRAINED TO THE SPECIFIC USERS VOICE!!!!IDIOT!!!! If the program hasn't learned your voice, you can talk to it all day and it wont do anything!!!
The odds are better that someone would pick up your computer and throw it out the window. You should write a piece on that, I am sure you would find some way of blaming it on Vista as well. Idiot.
That's the problem with the internet, any moron who fancies himself a journalist can slap up a blog and call himself one. I call retard on you!