Since I am busy with completing chapters from the XSS book as I discussed in the previous post, here is a video that is a must see. Before playing the video, please read the rest of this post.

First of all, a bit of introduction: Vista, the successor of XP, comes by default with builtin speech recognition engine. This is really cool, although security researchers has found that malicious sites can use this feature to instruct the targeted computer to download a particular executable and run it. All you need in order to do that is to make the victim go to a particular website that has embedded audio which plays on page load. If the victim happens to be unlucky and have their speakers on, you can give commands to their PC to perform the desired actions. This concept is very interesting and it kind of reminds of Ghost In the Shell; I am sure that I will use this feature in some of my future consultancy jobs.

Anyway, it seams that although theoretically possible, the attack could be quite unfeasible. In fact, it could end up being one the most funniest things you have ever soon. The footages that I provide in this post is proving exactly that. The damage is obvious.

Check it out. I find it quite amusing. One thing is for sure: Microsoft has definitely hook me into installing their new operating system. It is not the features that I am looking for, it is the fun that I may end up with, and this is something I value quite a lot in todays busy busy world.

I have one thing to say, the new speech recognition engine is awesome. I will definitely try it out.

For those who want to learn more about Vista speech recognition problems check Dailydave from insecure.org. If you are much into exploits, go ahead and record your own payload. It is quite simple in fact. Open the Sound Recorder and pronounce the commands as clearly as you can. I wander whether milw0rm will start publishing audio exploits.