Re: Disturbing NVDA Remote Rumor: any ruth or verification?


 

Hi,
Some synthesizers are known to crash under some circumstances. If it can be
reproduced on all synths, then this is something to do with NVDA's speech
module, otherwise I'd question what synth people involved in this rumor were
using. I'll write a formal response to this once I gather more information.
Cheers,
Joseph

-----Original Message-----
From: nvda@nvda.groups.io [mailto:nvda@nvda.groups.io] On Behalf Of Buddy
Brannan
Sent: Monday, October 10, 2016 10:39 AM
To: nvda@nvda.groups.io
Subject: Re: [nvda] Disturbing NVDA Remote Rumor: any ruth or verification?

On a shared copy of the post, he posted a comment to the effect that the
exploit was with NVDA itself, by sending a large amount of text through it
all at once. I don't even know if he's on this list and can elaborate
himself.

--
Buddy Brannan, KB5ELV - Erie, PA
Phone: 814-860-3194
Mobile: 814-431-0962
Email: buddy@brannan.name




On Oct 10, 2016, at 1:27 PM, Joseph Lee <joseph.lee22590@gmail.com> wrote:

Hi,
Okay... I'd like to know where Tyler L is getting this information. Based
on
that post, it appears someone may have told him what's up. I'm keeping an
eye on Twitter to find out what's up as well.
Cheers,
Joseph

-----Original Message-----
From: nvda@nvda.groups.io [mailto:nvda@nvda.groups.io] On Behalf Of Buddy
Brannan
Sent: Monday, October 10, 2016 10:10 AM
To: nvda@nvda.groups.io
Subject: Re: [nvda] Disturbing NVDA Remote Rumor: any ruth or
verification?

This should work:
https://m.facebook.com/story.php?story_fbid=10210482594480519&id=1214464156&
refid=17&ref=m_notif&notif_t=feed_comment_reply&_ft_=top_level_post_id.10210
482594480519%3Atl_objid.10210482594480519%3Athid.1214464156%3A30606112949941
4%3A2%3A0%3A1477983599%3A-8014300897192678334&__tn__=%2As


--
Buddy Brannan, KB5ELV - Erie, PA
Phone: 814-860-3194
Mobile: 814-431-0962
Email: buddy@brannan.name




On Oct 10, 2016, at 1:02 PM, Joseph Lee <joseph.lee22590@gmail.com>
wrote:

Hi everyone,
I was alerted to this by Derek Riemer, and am keeping an eye on this
development. According to what I'm seeing, this is quite disturbing if
the
claims are to be believed. What we need at this point is evidence that
proves what the below Facebook message says (one of the evidence needed
is
the URL to that post).
Cheers,
Joseph

-----Original Message-----
From: nvda@nvda.groups.io [mailto:nvda@nvda.groups.io] On Behalf Of Buddy
Brannan
Sent: Monday, October 10, 2016 7:43 AM
To: nvda@nvda.groups.io
Subject: [nvda] Disturbing NVDA Remote Rumor: any ruth or verification?

Just saw this on Facebook:

All of my blind NVDA friends: If you have used, currently use or plan on
using NVDA remote, I recommend you stop now and remove it. There is at
least
one exploit where someone can crash a system, whether or not it is
enabled
to be controlled. This exploit is being used by Tyler Spivy, one of the
authors of the project. Many more may exist and through an inspection of
the
code probably do. Please circulate this to as many people as possible.
Thanks.


Disturbing if true. Given some of Tyler's past exploits, well, one would
hope he'd grown up since those. If true, this certainly won't help open
source in general, NVDA in particular, or future crowdfunding for AT.

--
Buddy Brannan, KB5ELV - Erie, PA
Phone: 814-860-3194
Mobile: 814-431-0962
Email: buddy@brannan.name














Join nvda@nvda.groups.io to automatically receive all group messages.