November 23rd, 2014

Vista speech commands hack

I thought this was a pretty clever hack. Windows Vista apparently has a speech command feature where you can speak commands that are to be executed by your computer. The idea is to have a webpage that plays an audio file of commands to download a remote file and execute it.

George Ou went off to research the concept and, at the risk of spoiling the surprise, here is the result in George’s fine words:

“I recorded a sound file that would engage speech command on Vista, then engaged the start button, and then I asked for the command prompt. When I played back the sound file with the speakers turned up loud, it actually engaged the speech command system and fired up the start menu. I had to try a few more times to get the audio recording quality high enough to get the exact commands I wanted but the shocking thing is that it worked!”


The new-ish online computer security journal Uninformed now has volume three out. It has some interesting and in depth material on topics like reverse engineering, fuzzing and Rootkit technique evolution (from both sides).

PHP 5.0.5 released when you weren’t looking

It has come to the attention of MRL that many of you are still running vulnerable versions of PHP 5. Maybe now is a good time to upgrade to 5.0.5, hmm?

Why do you care? Because metasploit has had an exploit for the problem since July. But, it’s not like, you know, there are HACKERS on the Intarwebs or anything. I’m just sayin’.

Verizon screwing with v710 customers again

Remember the whole fiasco over the v710 handset from Verizon? Well, I got this on August 29th:

Dear Verizon Customer:

A national settlement has been reached in the claims against Verizon
Wireless over the Motorola V710 cell phone. Details will be available
shortly at

But “shortly” never happened. On September 22nd, I got this:

Dear Verizon Customer:

We apologize for the delay. Verizon has advised us that details of the settlement will be posted on by Monday, September 26, 2005. In addition, claim forms will be mailed out
to Verizon customers on October 3rd and 4th.

And today, I got this:

Good job, Verizon… FOR ME TO POOP ON!

Intel C/C++ 9.0 now freely available

Intel has released version 9.0 of their C/C++ and FORTRAN compilers to the community. The release is Linux only. Ports to other platforms with Linux emulation are not yet widely available (this includes FreeBSD).

Here’s a link to the software. And here is my Linux-elitists post from a while back demonstrating icc’s superior floating-point performance.


We got linked from for SurveySays. w00t. Thanks Eliot. :)

SOAP TTS phone gateway

CDYNE has a SOAP gateway which allows users to place phone calls with arbitrary caller ID. The machine then reads some text via TTS. There’s a free demo of the service available; just enter 0 for the license key.

Using 911 as the caller ID doesn’t work, by the way :)

irpet and surveysays release!

The first two of hopefully many more projects to come, is now released, yea!:

* SurveySays – This is software (can perl really be considered software??) to intercept IR signals with (LIRC) sent by test-taking devices used in the classroom. It will display the most common given answer, and also has a trigger to send this same answer back as your own if you want. After the test/quiz/survey or whatever is complete, it will output a html report of all answers given.
* IRpet – IR protocol examination tools. These are a few scripts to help visualize IR signals. It contains irpet, irpet-graph, irpet-grabber, and irpet-simulator.

And it’s just in time for Toorcon!, =)


**Midnight Research Labs.** Here it is, all fresh and steamy, and this is what we’re all about, check it out:

Midnight Research Labs is a newly formed computer research group based
primarily in the San Francisco bay area. With a focus on security and novel
computing, MRL has monthly meetings to discuss and
stimulate new development on sponsored projects.

Midnight Research Labs was formed as a way to bring structure and motivation to
a loosely coupled group of computer professionals. It is also a way to
formalize and publicize the projects that we work on as individuals, but by
working on them as a group, we’re able to produce more useful, interesting and
quality work.

Imhotep theme designed by Chris Lin. Proudly powered by Wordpress.
XHTML | CSS | RSS | Comments RSS