classic security mistake

One of the most obvious (and yet most common) computer security mistakes is to take input from an untrusted (and potentially hostile) source. A classic example of this is in Windows Vista where audio output from the system speakers can be taken as input to the speech recognition system. According to the BBC article an MS representative said “it would be unlikely the user would not be in the room to hear the file with malicious instructions being played“.

It seems that according to MS it’s OK for your computer security to be breached, just as long as you are around to witness it!

Comments are closed.