RE: Concern about the latest Window Eyes scripting move
- From: "Chris Hofstader" <chris.hofstader@xxxxxxxxxxx>
- To: <programmingblind@xxxxxxxxxxxxx>
- Date: Tue, 5 Feb 2008 06:34:14 -0500
I can but will not demonstrate how to build a JAWS script that will mail you
all of the passwords, logins and email addresses used on a particular
machine using JAWS 3.xx so the hole has been there all the time. GW has
done the right thing by making itself language agnostic so a non-hacker
blink can now ask a friend who knows virtually any programming language to
bang out a quick script or two to handle some tricky situations with no
greater security gaps than one can create on 90% of computers used by people
with vision impairment today.
A few months ago I wrote a blog article on this very matter - specifically
that all screen readers, scriptable or otherwise, produce a security gap
that none of the vendors have figured out how to close. I can think of a
few techniques one might use in a screen reader to increase security but not
all of the way to anything remotely solid.
cdh
From: programmingblind-bounce@xxxxxxxxxxxxx
[mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of John Greer
Sent: Monday, February 04, 2008 2:55 PM
To: programmingblind@xxxxxxxxxxxxx
Subject: Concern about the latest Window Eyes scripting move
Once I got over the initial shock and amazement at GWMicro's decision to
make Window Eyes scriptable. Especially in such a powerful way as to let it
be scriptable with many different scripting languages, I began to think.
Would that not also open Window Eyes and Windows up to a whole new world of
script based viruses? VBScript and Java Script are after all 2 of the
languages that have that sort of power. It just concerns me a bit that in
GWMicro's rush to become the top screen reader, that they may have actually
open the flood gates a bit too wide.
__________ NOD32 2849 (20080205) Information __________
This message was checked by NOD32 antivirus system.
http://www.eset.com
Other related posts:
