The fundamental problem here is that Microsoft "extended" speech to be able to control the Operating System and Applications without considering the full security implications. If Microsoft had merely assigned a user-defined password with an automatic lockout after a certain amount of idle time, it would have made the generic attack impossible but they failed do that. So I'm asking Microsoft to reconsider their stance that "there is little if any need to worry" and implement some sort of safety mechanism rather than relying on the user to be self vigilant.
Real World IT
George Ou's networking and security insights keep enterprise managers in the know and vendors up at night.
George Ou, a former ZDNet blogger, is an IT consultant specializing in Servers, Microsoft, Cisco, Switches, Routers, Firewalls, IDS, VPN, Wireless LAN, Security, and IT infrastructure and architecture.</p>
Anyone interested in IP Telephony or remote video cameras that draw power over an Ethernet cable has to be interested in some cheap 802.3af PoE (Power Over Ethernet) gear.
After my initial reports on the first Vista Remote Exploit, a Microsoft spokesperson responded to me with the following message.Thanks for your patience as I looked into this.
One of the fastest ways for hackers to breech security systems is to circumvent Layer 2 which is your LAN switching infrastructure. Unfortunately that also happens to be one of the most overlooked aspects of Information Security with most security audits focusing on policy and compliance issues on the upper layers of the stack.
Vista speech command system allows remote exploitation because sound files played by from a web browser or any other audio player can interact with the OS. Users should turn off Vista speech command until a patch is available.
Intel announced the next revolution in Microprocessor fabrication by replacing Silicon Dioxide gates with High-K dielectric metal gates. Microprocessor industry analyst David Kanter who contributed a lot of the information in this piece had this in-depth analysis on what this means for Intel and AMD.
Arstechnica is reporting that Windows Vista Upgrade edition will not permit "clean" installs like all previous versions of Windows Upgrade editions. Will Microsoft pick up the extra hour tab from Geek Squad?
David Berlind and Mary Jo Foley have been intensely following the story of QuickBooks incompatibility with Windows Vista. Mary Jo is questioning if Microsoft is responsible for this latest failure of QuickBooks (anything before QuickBooks 2007) incompatibility and went even further to give Intuit a free pass.
South Koreans are being advised by their Government to postpone their adoption of Windows Vista until they're sure they'll be able to bank online and other web activities. The problem it seems is that Korea has almost universally adopted ActiveX technology for all of their "online banks, portals, game sites and malls".
When 802.11b first started getting popular in late 2000, no one imagined that it would still be the most dominant standard 6 years later and continue to dictate the design of the latest wireless LAN products because it is the lowest common denominator.
In summer of last year I wrote a cynical blog about "How to jam your neighbor's Wi-Fi legally". I was referring to the fact that "Draft N" products were achieving their high throughput at the expense of annihilating their neighbor's 802.
SHA-1 is one of the most prevalent forms of a secure hash algorithm used in the legal and security industry. Now that Professor Xiaoyun Wang and her associates in Tsinghua University and Shandong University of Technology have officially cracked the SHA-1 hashing algorithm, the fallout will begin.
When it comes to false advertising I used to think the Wireless LAN industry were the worst offenders, but the flash storage industry seems to be vying for this dubious distinction. With the launch of Windows Vista at the end of this month, flash media performance will become a big issue for ordinary consumers because of Vista's ReadyBoost feature which will boost the performance of Vista.
Conventional wisdom says that affordable and high performance don't go together, but here's an article I'd like to share with you that does just that. Not only is this architecture affordable, but this distributed design maintains single device manageability while eliminating the need for distribution patch panels.
This may surprise you, but I'm going to order an AppleTV as soon as I can. Some of you might be wondering "who are you and what have you done with George" but no, I didn't get kidnapped at last week's MacWorld and I am the real George Ou.