Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google Chrome Flaw Sets Your PC's Mic Live

timothy posted about 4 months ago | from the lives-of-others dept.

Chrome 152

First time accepted submitter AllTheTinfoilHats (3612007) writes "A security flaw in Google Chrome allows any website you visit with the browser to listen in on nearby conversations. It doesn't allow sites to access your microphone's audio, but provides them with a transcript of the browser's speech-to-text transcriptions of anything in range. It was found by a programmer in Israel, who says Google issued a low-priority label to the bug when he reported it, until he wrote about it on his blog and the post started picking up steam on social media. The website has to keep you clicking for eight seconds to keep the microphone on, and Google says it has no timeline for a fix." However, as discoverer Guy Aharonovsky is quoted, "It seems like they started to look for a way to quickly mitigate this flaw."

cancel ×

152 comments

Flaw? (5, Interesting)

GodfatherofSoul (174979) | about 4 months ago | (#46719105)

Yeah right.

Re:Flaw? (5, Insightful)

fustakrakich (1673220) | about 4 months ago | (#46719389)

Yeah, the flaw is that it wasn't hidden well enough..

Re:Flaw? (2, Interesting)

noh8rz10 (2716597) | about 4 months ago | (#46720037)

WTF WHY IS CHROME TRANSCRIBING EVERYTHING I SAY??? are they looking for keywords to advertise against, like they do in gmail? the bug here is that some websites are gaining access to the transcriptions that are supposed to only go to google?

I admit that sometimes I have my tinfoil hat on, but this is absurdly beyond the scope of anything I could have imagined.

Re:Flaw? (2, Interesting)

Anonymous Coward | about 4 months ago | (#46720329)

WHY are you using a proprietary commercial suite to browse the web??

Captcha: nonsense

Re:Flaw? (0)

Anonymous Coward | about 4 months ago | (#46720669)

It's part of the voice command code? Not that that makes it right.

Re:Flaw? (0)

Anonymous Coward | about 4 months ago | (#46719659)

Easy enough to handle. Just mute your mic in the OS.

Re:Flaw? (3, Insightful)

Anonymous Coward | about 4 months ago | (#46720383)

But why is the browser accessing the microphone in the first place?

Google had to have put this in on purpose (1, Insightful)

Animats (122034) | about 4 months ago | (#46719137)

An "accidental bug" which enables not only the microphone (even when it's supposed to be turned off) but text to speech conversion? No way.

If anyone can find an honest prosecutor, criminal prosecution is in order.

Re:Google had to have put this in on purpose (4, Informative)

MozeeToby (1163751) | about 4 months ago | (#46719239)

Of course it's built in, it's part of the "ok google" keyword that Google Now (recently added to the Chrome browser) uses to detect an incoming command. The flaw is that transcript is kept for any length of time and that it's available to websites being viewed.

Re:Google had to have put this in on purpose (4, Funny)

Actually, I do RTFA (1058596) | about 4 months ago | (#46720397)

Google Now (recently added to the Chrome browser)

That's why it's always more secure to run software 6 or more versions out of date. No zero-day bugs for me!

Re:Google had to have put this in on purpose (1)

R.Mo_Robert (737913) | about 4 months ago | (#46719261)

An "accidental bug" which enables not only the microphone (even when it's supposed to be turned off) but text to speech conversion? No way.

Did you even read the summary? It offers access only to the text-to-speech conversion output, not the microphone itself. (But yes, that was my first thought, and no, this should still not be happening.)

Re:Google had to have put this in on purpose (4, Informative)

Anonymous Coward | about 4 months ago | (#46719317)

speech-to-text

Not sure why everybody keeps writing text-to-speech even though that makes no logical sense in this context :)

Re:Google had to have put this in on purpose (1)

alen (225700) | about 4 months ago | (#46719357)

and i bet google gets a text stream of speech to text data of what people are saying
i'll have to test this

Re:Google had to have put this in on purpose (1)

SumDog (466607) | about 4 months ago | (#46719961)

People can get access to horrible transcripts that vaguely resemble words you said...or random noise it decides are words.

What microphone? (1)

Anonymous Coward | about 4 months ago | (#46719761)

I haven't had a microphone connected to my computer since about 2001.

Re:What microphone? (2)

fnj (64210) | about 4 months ago | (#46720693)

I haven't had a microphone connected to my computer since about 2001.

No laptop? The mid 1990s called. They want to know how you missed the last 20 years.

Re:What microphone? (0)

Anonymous Coward | about 4 months ago | (#46720797)

Just take an old pair of broken head phones snip the wire off and plug it into the mic input.

How conveeeenient! (5, Insightful)

plover (150551) | about 4 months ago | (#46719147)

This flaw, plus heartbleed, makes it sound like all the conspiracy theorists got together for a secret cabal to convince the world that the NSA really is out to get everyone.

Re:How conveeeenient! (4, Insightful)

ArcadeMan (2766669) | about 4 months ago | (#46719285)

The NSA really is out to get everyone! Except themselves, of course. That's private.

Re:How conveeeenient! (3, Insightful)

Wootery (1087023) | about 4 months ago | (#46719451)

What the NSA does with itself in the privacy of the its comically failed oversight process, is its own business.

Re:How conveeeenient! (1)

KliX (164895) | about 4 months ago | (#46720513)

It's not the NSA, it's really /shit/ programmers. We're looking for you :p

Re:How conveeeenient! (3)

cascadingstylesheet (140919) | about 4 months ago | (#46721085)

The NSA really is out to get everyone! Except themselves, of course. That's private.

If only there were some way to rein them in ...

I've got it! "Progressives" could control the Executive branch for over five years. I'd love to see the NSA pull this stuff then!

Re:How conveeeenient! (0)

Anonymous Coward | about 4 months ago | (#46719449)

Green ideas sleep furiously.

Re:How conveeeenient! (0)

Anonymous Coward | about 4 months ago | (#46719463)

I don't think there's anyone in the United States right now, except perhaps cold fjord, who thinks the NSA exists to protect the interests of American citizens.

Re:How conveeeenient! (1)

Anonymous Coward | about 4 months ago | (#46719567)

Echo chamber groupthink. You guys are a minority.

Re:How conveeeenient! (1)

Johann Lau (1040920) | about 4 months ago | (#46719631)

So? People who resisted Hitler were in the minority, too. That just made it more valiant, not less worthwhile. In contrast, do you know what even 7 billion times zero adds up to? I think you might, deep inside, hence

http://en.wikipedia.org/wiki/A... [wikipedia.org]

^ I love how you come with that right after complaing about an "echo chamber", too.

Re:How conveeeenient! (0)

Anonymous Coward | about 4 months ago | (#46720011)

Godwinned!

Re:How conveeeenient! (0)

Anonymous Coward | about 4 months ago | (#46720711)

Godwinned!

Stupid twit.

Re:How conveeeenient! (1)

drolli (522659) | about 4 months ago | (#46719845)

it makes it even believable that the NSA "accidentally" records all infromation which it "accidentally" acquired. You know, in times when even google "accidentally" turns on the microphone and a security library has "accidentally" simple checks deactivated, you know they just "accicentally" forgot the "SELECT" statement.

Good. (0)

Anonymous Coward | about 4 months ago | (#46719155)

Hope they like the Scrubs episode I am watching.

Re:Good. (1)

jtownatpunk.net (245670) | about 4 months ago | (#46721251)

I hope they like belches and farts 'cause that's most of what goes on in front of my laptop.

Fartglob (2)

For a Free Internet (1594621) | about 4 months ago | (#46719225)

Now Gorgol will know that I am a genius who composes poems to myself whyile watchiend inernet movies at breions wiijkmas of the nighnbt! BAD I will SUE THEUR PANETS OFF!!!

What about Beta? (0)

Anonymous Coward | about 4 months ago | (#46719227)

Slashdot Beta sets your eyes on fire.... with rage!

Re:What about Beta? (0)

PopeRatzo (965947) | about 4 months ago | (#46719617)

Oh stop it. You want to see how bad a news aggregation site can be? Go check out this "vox.com" site, put together by people from the NYT and other big-time media outfits. It's the ugliest thing I've ever seen, works like shit, and is insulting to boot. It's like Buzzfeed for a new generation of hipsters who hate Buzzfeed. They must have read somewhere that headlines get more hits if you put a number in them, like, "17 Ways To Watch Game of Thrones More Effectively" or, "9 Secrets To Having a Happy Life".

It the most unpleasant experience I've had with a big new web property. It's not very often that just the design of a web site sets off my gag reflex, but adding in the nonsense and I believe it actually shortened my life to view that mess.

More Open SORES security issues? (-1)

Anonymous Coward | about 4 months ago | (#46719243)

"Gosh - say it ain't so": Spinmasters @ /., your years of b.s. of "Linux = Secure, Windows != Secure" (see ANDROID, a Linux, on that note) is blowing up in your faces. You like? Between this + OpenSSL being screwed too, you morons are wearing egg on your faces, and we're all laughing at you.

Re:More Open SORES security issues? (0)

Anonymous Coward | about 4 months ago | (#46719519)

I've got $10,000 that says you don't weigh an ounce under 350 pounds.

Re:More Open SORES security issues? (0)

Anonymous Coward | about 4 months ago | (#46719607)

Cool! Talking money! What else does it talk about? Amateur cricket? Becky's new sweater?

Re:More Open SORES security issues? (-1)

Anonymous Coward | about 4 months ago | (#46719709)

The open SORES monkeys are struck speechless (other than trolling bullshit).

Don't Worry, Folks. (4, Funny)

IonOtter (629215) | about 4 months ago | (#46719249)

I talk to myself in different voices all the time, and engage in detailed plots to take over the world.

If I haven't been picked up by the Men In White Coats by now, they aren't listening.

Re:Don't Worry, Folks. (0)

Anonymous Coward | about 4 months ago | (#46719465)

Hilarious! ROFL!

Re:Don't Worry, Folks. (0)

Anonymous Coward | about 4 months ago | (#46719489)

It's not the men in white you have to worry about, it's the men in black

Re:Don't Worry, Folks. (0)

Anonymous Coward | about 4 months ago | (#46720243)

Its not the men in black you have to worry about. Its the drones.

Oh really.. EXCELLENT NEWS! (1)

bobbied (2522392) | about 4 months ago | (#46719265)

They are turning on the built in microphone? EXCELLENT! Google can sure do stuff I never imagined possible...

I have an old cheap laptop (still running XP) that doesn't have a microphone built in so somehow I don't think they are doing anything of the kind, at least to me.

Re:Oh really.. EXCELLENT NEWS! (4, Interesting)

noh8rz10 (2716597) | about 4 months ago | (#46720099)

the news here is that the website doesn't turn on the microphone, google turns on the microphone and starts making transcriptions of everything you say. the website just accesses the transcriptions. why is goog recording everything? rhetorical question, they are looking for keywords that they can advertise against. did you just say "cancun"? they will give you hotel and airline ads.

that is super creepy.

Undetectable Heartbleed bug? (2)

DTentilhao (3484023) | about 4 months ago | (#46719273)

"The security flaw in the Chrome browser emerges just as the world is confronting the frightening prospect of an undetectable bug known as Heartbleed, that makes millions of passwords vulnerable to being stolen".

'It is being widely reported in the popular press as well as many technical sites that a Heartbleed exploitation "leaves behind no trace"`. That of course is not true [riverbed.com] .

SSL Server Test [ssllabs.com]

Re:Undetectable Heartbleed bug? (2)

Johann Lau (1040920) | about 4 months ago | (#46719585)

person reporting on toxicologist conference: "What we are dealing with here is a toxin that leaves no traces in the human body, making it impossible to find out the cause of death."

Dwight: "FALSE! If you make a spectral analysis of ever particle of food and air that enters the body, and store them forever, you will find plenty of evidence for this supposedly undetectable poison!"

I'd say they're both right, in a way. For most real world deployments, it's impossible to find out if they have been compromised by this in the past because they didn't have a packet filter installed, so it's best for them to assume that they have been.

Re:Undetectable Heartbleed bug? (0)

Anonymous Coward | about 4 months ago | (#46720325)

Actually, that's not exactly true. There's someone out there that would have just about ALL internet traffic captured....

I'll give you a hint. Its a three letter acronym.... N... S..... give up?

Big packet storage is pretty common (0)

Anonymous Coward | about 4 months ago | (#46721249)

Large corporations often have big packet storage for monitoring and troubleshooting purposes. For inbound Internet traffic, this often translates to multiple days of stored packets for all that inbound traffic. Many companies will have had packet data that stretched back to prior to the public disclosure of Heartbleed, meaning that those stored records of exploits would cover the time from when the cat was out of the bag and the exploit was suddenly known to everyone and their brother. That's not meant to imply that a company would have packet data stretching all the way back to when the bug was first introduced in OpenSSL a couple years ago, but being able to look at recorded packets does help with identifying what happened once the craziness broke loose with Monday's disclosure.

Re:Big packet storage is pretty common (0)

Anonymous Coward | about 4 months ago | (#46721337)

Many companies will have had packet data that stretched back to prior to the public disclosure of Heartbleed, meaning that those stored records of exploits would cover the time from when the cat was out of the bag and the exploit was suddenly known to everyone and their brother.

Here's an example of exactly that for a relatively popular open source site (wireshark.org):

https://blog.wireshark.org/2014/04/heartbleed-traffic/

Re:Undetectable Heartbleed bug? (1)

Swave An deBwoner (907414) | about 4 months ago | (#46721355)

The popular press incorrectly "reports" lots of thing that are just plain wrong. However heartbleed.com [slashdot.org] already explained that such detection was possible if an IDS were looking for the fingerprint:

Can IDS/IPS detect or block this attack?

Although the content of the heartbeat request is encrypted it has its own record type in the protocol. This should allow intrusion detection and prevention systems (IDS/IPS) to be trained to detect use of the heartbeat request. Due to encryption differentiating between legitimate use and attack can not be based on the content of the request, but the attack may be detected by comparing the size of the request against the size of the reply. This seems to imply that IDS/IPS can be programmed to detect the attack but not to block it unless heartbeat requests are blocked altogether.

It's just that now that a patch is available most folks would rather just fix the problem than watch their systems get compromised. And like Johann Lau already noted, not many sites keep an archive of all the network traffic that has passed through their site, so retrospective analysis is extremely unlikely.

Don't worry (1)

Junior J. Junior III (192702) | about 4 months ago | (#46719281)

This is how Batman is going to be able to find the Joker, and we're all going to be glad when he puts a stop to his plot to poison the whole city.

Re:Don't worry (1)

roc97007 (608802) | about 4 months ago | (#46719553)

...and then destroys the eavesdropping tool after he catches the bad guy. Really.

Re:Don't worry (1)

stoploss (2842505) | about 4 months ago | (#46720817)

...and then destroys the eavesdropping tool after he catches the bad guy. Really.

...which is how you know it's fantasy.

Temporary workaround (4, Funny)

Alain Williams (2972) | about 4 months ago | (#46719303)

Get the wife & kids to learn and speak Navajo at home. It worked for the USA in World War II [wikipedia.org] so it can work for you too!

Re:Temporary workaround (2)

mythosaz (572040) | about 4 months ago | (#46719983)

Crazy-aside. I'm in Arizona, and I used to work with one of the 100,000 or so people on the planet who speak Navajo, [hick voice] and let me tell you what [/hick] it's a baffling language.

Not only does it requires sounds I can't make...
http://en.wikipedia.org/wiki/N... [wikipedia.org]

...but I challenge anyone who isn't a linguist to read and even vaguely comprehend the Navajo language Wikipedia article. :/

Re:Temporary workaround (1)

gman003 (1693318) | about 4 months ago | (#46720603)

...but I challenge anyone who isn't a linguist to read and even vaguely comprehend the Navajo language Wikipedia article. :/

Challenge accepted - I'm not a professional linguist, nor do I have even an iota of formal training in the field, but I read most of that just fine, only having to look up "head-marking language". Just don't ask me how to pronounce the ejective consonants... I still can't figure that out. The written language certainly looks complex and intimidating, but that's at least partly because they're using a slightly-modified Latin alphabet rather than one that was designed purely for the needs of their language, making it less efficient.

It actually isn't too weird of a language, from the looks of it. A lot more precise than Romance languages, and the verb construction is complex, but there are no linguistic concepts in Navajo that I haven't seen elsewhere - even the stuff like a fourth-person verb tense or deverbal nouns. The vocabulary is completely unfamiliar, of course - they don't even seem to have many loanwords from any language I would recognize. But that only matters if I were trying to actually understand Navajo, rather than an article about it.

Re:Temporary workaround (0)

Anonymous Coward | about 4 months ago | (#46721283)

Crazy-aside. I'm in Arizona, and I used to work with one of the 100,000 or so people on the planet who speak Navajo, [hick voice] and let me tell you what [/hick] it's a baffling language.

Not only does it requires sounds I can't make...
http://en.wikipedia.org/wiki/N... [wikipedia.org]

...but I challenge anyone who isn't a linguist to read and even vaguely comprehend the Navajo language Wikipedia article. :/

Pfft. That's nothing, try Welsh! (no really, it has been used in modern wars to thwart eavesdroppers)

Re:Temporary workaround (0)

Anonymous Coward | about 4 months ago | (#46719991)

yes, but only because it was a spoken and language with no written documentation. now a days not so much. but I like where you are headed.

Re:Temporary workaround (1)

fnj (64210) | about 4 months ago | (#46720743)

yes, but only because it was a spoken and language with no written documentation. now a days not so much. but I like where you are headed.

I would tell you to use American Sign Language, but then They would just turn on the camera.

Hardware off switches (2)

ArcadeMan (2766669) | about 4 months ago | (#46719307)

This kind of thing should push manufacturers to put hardware on-off switches for both the microphone and the webcam. A simple LED isn't enough, especially if those LEDs aren't directly tied to the power lines of the hardware anymore - I'm looking at you, Apple.

Re:Hardware off switches (0)

Anonymous Coward | about 4 months ago | (#46719407)

How will you know the switch works? Take apart everything you buy?

Re:Hardware off switches (2)

BlazingATrail (3112385) | about 4 months ago | (#46719459)

Just like auto manufacturers put cosmetic do-nothing switches in for disabling the airbags. Also, the emergency air masks in the airplanes are just hooked up to each other, not to oxygen. Take quick panic breaths and see who passes out first!

Reasonable Levels of Paranoia (0)

Anonymous Coward | about 4 months ago | (#46719817)

If you actually believe that you are being specifically targetted for surveillance by a government agency, yes. Followed by re-assembling it, putting glitter glue on every single seal and taking photos to make it virtually impossible to tamper with undetectably again. Meanwhile you should continue to assume that every device you own, and several you don't, are still reporting your every move, and therefore never say anything important online. Fighting for absolute privacy online against a determined foe is as stupid as the MAFIAA anti-copying wars for the same reason: You're trying to make devices whose whole purpose is to record, copy and transmit data... not record, copy and transmit data.

If not, you probably shouldn't assume that every manufacturer out there is part of a conspiracy to listen to your grunting while you fap, and if there was a broader one, someone would discover it during a teardown soon enough.

Re:Hardware off switches (1)

khellendros1984 (792761) | about 4 months ago | (#46719547)

"Should", maybe. But you know it won't. It's a "not our problem" situation; Google's got egg on their face, not the hardware manufacturers. Only the people that actually look bad are going to have any pressure to fix the problem.

Re:Hardware off switches (0)

Anonymous Coward | about 4 months ago | (#46719703)

No, this kind of thing should push lawmakers to make it illegal to sell hardware without physical on-off switches for the microphone and the webcam. Leaving it to the manufacturers just won't work, because none of them are doing it and it's pretty much impossible to get a laptop without a camera+microphone these days.

Re:Hardware off switches (0)

Anonymous Coward | about 4 months ago | (#46719833)

What difference would it make? Someone else will have a phone with enabled camera ("just look at the phone to unlock the screen") and enabled microphone ("Cortana, where can I buy an iPhone?") in the same room. Nevermind the glasshole or the quantified "self" logger uploading everything to Condoleezza's cloud. It's time to turn off the computer and find a nice place with neighbors at least a mile away.

Re:Hardware off switches (1)

exomondo (1725132) | about 4 months ago | (#46720043)

It's time to turn off the computer and find a nice place with neighbors at least a mile away.

You're only just now realizing that any communication can be intercepted?

Re:Hardware off switches (0)

Anonymous Coward | about 4 months ago | (#46720305)

"Any communication can be intercepted" is not the same as "all communication will be intercepted."

Re:Hardware off switches (1)

cavreader (1903280) | about 4 months ago | (#46720081)

The only thing you should push lawmakers towards is a high cliff so they take a flying leap and protect the country from their idiocy and malfeasance. And there are plenty ways to disable a microphone and a little piece of black tape takes care of the camera problem. If you need the government or a corporation to protect your privacy then you really don't deserve any.

Re:Hardware off switches (1)

SumDog (466607) | about 4 months ago | (#46719973)

Apple and Logitech.

Re:Hardware off switches (2)

noh8rz10 (2716597) | about 4 months ago | (#46720115)

I put a little static cling sticker on the lens. it acts like a simple lenscap. I push it aside when I want to take a photo, move it back when I'm done. sometimes the simplest solutions are the best. haven't solved the microphone problem yet though...

Re:Hardware off switches (1)

marciot (598356) | about 4 months ago | (#46720895)

I put a little static cling sticker on the lens.

They are working on bypassing that particular security measure:

https://medium.com/the-physics... [medium.com]

Re:Hardware off switches (1)

noh8rz10 (2716597) | about 4 months ago | (#46721047)

+1 very cool, thanks

8 seconds? (0)

Anonymous Coward | about 4 months ago | (#46719341)

The website has to keep you clicking for eight seconds to keep the microphone on, and Google says it has no timeline for a fix."

8 seconds? That's about all I need when visiting the proper website.

Re:8 seconds? (2)

mythosaz (572040) | about 4 months ago | (#46719993)

Please [diety], let this guy be watching bull riding.

Re:8 seconds? (2)

sexconker (1179573) | about 4 months ago | (#46720091)

Please [diety], let this guy be watching bull riding.

He is, but in my opinion it makes the furious masturbation more disturbing, not less.

Old news? (2)

SmilingBoy (686281) | about 4 months ago | (#46719369)

I assume that this is the same thing as reported a few months ago? If so, then it is not so simple: the attacking website needs to create a pop-under so that the microphone symbol is hidden. And pop-unders are difficult to achieve with Chrome with the popup blocker activated (as is usually the case).

Re:Old news? (1)

SmilingBoy (686281) | about 4 months ago | (#46719397)

This now has a different proof of concept and I get a pop up that asks me to "speak now". Doesn't seem very stealth to me.

Re:Old news? (3, Interesting)

SmilingBoy (686281) | about 4 months ago | (#46719417)

And what a weak article. A link to the Chromium issue tracker but not the actual issue, and a link to Reddit but not the actual submission. Are you kidding me?

Kinect also listening? (2)

SuperKendall (25149) | about 4 months ago | (#46719401)

Since Kinect also has a model where it's always listening in order to be able to execute commands, I wonder if there's any similar vulnerability from the Kinect web browser (not that many people probably use the Xbox One for browsing, but still).

---> Kendall

Re:Kinect also listening? (1)

TrancePhreak (576593) | about 4 months ago | (#46719643)

As far as I could tell, the browser gets no data from the Kinect other than for navigation.

Re:Kinect also listening? (1)

lgw (121541) | about 4 months ago | (#46719867)

I was never willing to connect the Kinect for my Xbone. But the joke's on me: I've since discovered I don't like playing games with a console controller, so the only reason I'll use my Xbone again is if there's a game that plays best through the Kinect. Still hoping for that.

(I really wanted to like the Forza game, as I'm tired of my PC driving games where I just use the arrow keys, but even after a few hours I couldn't guess what laws of physics the game was modeling. Wow, what a stinker.)

Trust no one (1)

BlazingATrail (3112385) | about 4 months ago | (#46719439)

Simple solution, make a personal "cone of silence" around your chair and wear a mask.

Another vulnerability in open source software (0)

Anonymous Coward | about 4 months ago | (#46719483)

My my...how could this be, another vulnerability in open source software...

Re:Another vulnerability in open source software (0)

Anonymous Coward | about 4 months ago | (#46719719)

No, it's another vulnerability in software, full stop.

Now take your agenda and piss off.

Precursor (4, Funny)

FuzzNugget (2840687) | about 4 months ago | (#46719541)

"Let's give web browsers direct access to hardware!", they said, "it'll be great!"

Re:Precursor (1)

mythosaz (572040) | about 4 months ago | (#46720007)

Yeah, how dare they take input from the keyboard and mouse!

Re:Precursor (0)

Anonymous Coward | about 4 months ago | (#46720267)

Do you not understand the word "direct"?

Re:Precursor (0)

Anonymous Coward | about 4 months ago | (#46720945)

I want timing fuzzing for my keyboard.

and the transcripts all say... (0)

Anonymous Coward | about 4 months ago | (#46719667)

"WTF do I have to keep clicking this stupid button for 8 seconds to make this site work???"

Re:and the transcripts all say... (2)

SumDog (466607) | about 4 months ago | (#46719979)

WTF have I dicking miss loopy cotton for eight reconed to take this site to work?

Can they hear the voices in my head? (1)

mmell (832646) | about 4 months ago | (#46719799)

Actually, that's not the problem. The voices in my head are okay. The voices in your head are a bunch of assholes, however. Tell them to shut up, please.

Paranoid? (1)

used2win32 (531824) | about 4 months ago | (#46719859)

Call me paranoid, but I always keep a blank plug in the mic jack, effectively disabling the mic input. When I ~want~ to use the mic, I will remove the plug. (I also have a cover over the camera....)

Re:Paranoid? (0)

Anonymous Coward | about 4 months ago | (#46720033)

does your camera have a mic? you may just want to unplug it until you need it if it does.

Re:Paranoid? (0)

Anonymous Coward | about 4 months ago | (#46720035)

> a blank plug

That doesn't work. On the mac, you can turn off the headphone output even when headphones are plugged in. It is software controlled. Ever notice how when you plug your headphones in when the laptop is doing something that it takes longer for the audio to switch from speakers to headphones? Also, coreaudiod crashing can switch the headphone output off. After all, if you couldn't still enable the mic, how would Apple funnel so much private information to the Republicans?

Did it work for anyone? (0)

Anonymous Coward | about 4 months ago | (#46719947)

First, I didn't drag anything and I got popups saying "speak up now" with a volume meter. When I started dragging "seeds", the popups were gone. But in the end I always got "You didn't say anything", even though I was talking to myself the whole time as I usually do, only this time I was trying to speak loud and clear. My roommate must be convinced by now that I'm crazy.

How is speech-to-text supposed to work in Chrome? Shouldn't you get the "allow microphone access" coathanger?

He only gave Google 2 days before going public? (5, Informative)

Dahan (130247) | about 4 months ago | (#46720049)

So, no thanks to TFA, I found the actual bug report [google.com] , and it turns out the guy went public less than 2 days after reporting the bug to Google. Talk about impatient. And it's not true that "Google issued a low-priority label to the bug when he reported it, until he wrote about it on his blog and the post started picking up steam on social media". It's true that it was originally given a low-severity label at first, it was bumped to medium a day-and-a-half later, then up to high a few hours after that--around the same time that he went to reddit [reddit.com] about it. Not exactly sure if it was before or after, since I don't know the timezone of the times reported on Chrome's issue tracker, but one of the comments from Google says that they had already bumped the severity rating before they knew about him going public.

Re:He only gave Google 2 days before going public? (0)

Anonymous Coward | about 4 months ago | (#46720393)

Apparently "security research" is riddled of impatient newbies. The low hanging fruit (aka public exposure / hype) is way more reachable than the best one (security, indeed).

Why do any of you trust Google ? (0)

Anonymous Coward | about 4 months ago | (#46721155)

THAT is the underlying question which matters most.

I laugh my ass off when I see people upset that Google has done
something which is intrusive. You people won't realize there is a
shark in your swimming pool until it bites your fucking legs off.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...