Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Cortana flaw ... maalicious websites  (Read 352 times)

0 Members and 1 Guest are viewing this topic.

Geek-9pm

    Topic Starter

    Mastermind
  • Geek After Dark
  • Thanked: 961
    • Gekk9pm bnlog
  • Certifications: List
  • Computer: Specs
  • Experience: Expert
  • OS: Windows XP
Cortana flaw ... maalicious websites
« on: March 07, 2018, 05:32:43 PM »
From Digital Trends.
Cortana flaw enables hackers to load malicious websites  ...
https://www.digitaltrends.com/computing/microsoft-fixes-cortana-lock-screen-bug-malware/
Quote
By Kevin Parrish Posted on March 7, 2018
Two independent Israeli researchers recently discovered that anyone with access to a Windows 10 PC could use Cortana and a USB-based network adapter to download and install malware even if the machine remained locked. This was accomplished using voice commands directed to Cortana, which could load up a malicious website in a browser without unlocking Windows. The PC could also be moved to a wireless network controlled by the hacker.
Really?  Hard to believe!  :-\

BC_Programmer


    Mastermind
  • Typing is no substitute for thinking.
  • Thanked: 1074
    • Yes
    • Yes
    • BC-Programming.com
  • Certifications: List
  • Computer: Specs
  • Experience: Beginner
  • OS: Windows 8
Re: Cortana flaw ... maalicious websites
« Reply #1 on: March 07, 2018, 05:54:02 PM »
You find it hard to believe that somebody with physical access to a system could compromise it?
I was trying to dereference Null Pointers before it was cool.

Geek-9pm

    Topic Starter

    Mastermind
  • Geek After Dark
  • Thanked: 961
    • Gekk9pm bnlog
  • Certifications: List
  • Computer: Specs
  • Experience: Expert
  • OS: Windows XP
Re: Cortana flaw ... maalicious websites
« Reply #2 on: March 07, 2018, 06:39:07 PM »
Yes, hard to believe.
Modern computers are protected from even  direct physical use. You can destoy the computer, but not  steal   the data. Or it ought to be that way.
When the machine is locked, you should not be able to do anything in the normal way of controlling the machine. - Right?

Tue  locking  computer locking must mean:
  •   no keyboard
  •   no mouse
  •   no display
  •   no USB auto-sat
  •   no remote command 
  •   no change in network
  •   no use of screwdriver
  •   no use of voice command
On modern computers built with security features even removing the CMOS cell will not grant use of either firmware or the OS.
What exceptions do you know about?

BC_Programmer


    Mastermind
  • Typing is no substitute for thinking.
  • Thanked: 1074
    • Yes
    • Yes
    • BC-Programming.com
  • Certifications: List
  • Computer: Specs
  • Experience: Beginner
  • OS: Windows 8
Re: Cortana flaw ... maalicious websites
« Reply #3 on: March 07, 2018, 07:09:29 PM »
"Locking" refers to a very specific windows feature, it is locking your session not the computer. It's been in Windows NT pretty much since the earliest releases.

Windows Key+L Works on NT4 and later for this. Windows XP depending on the configuration takes you back to the "welcome" screen. Windows 8 and later have a 'Lock Screen'.

"Locking" a computer doesn't suspend running processes, all tasks continue to run in the background. Eg if you connect a USB device, you will hear the USB connect sound and, in the background, necessary drivers will be installed. You can also log in as a different user on the system and have tasks from multiple users running in different sessions at the same time. Screensavers typically still run as well.
I was trying to dereference Null Pointers before it was cool.