I hate installing software on Windows
https://twitter.com/ProjectZeroBugs/status/1072615284085796865 …
Hmm, disagree, if they checked the Origin then only another local user could exploit the memory safety issues. If they don't check the origin but do check the JSON is well formed, then you can do things like send keystrokes to other applications 
-
-
FWIW, I think a micropatch that checks the request headers for "Origin:" is totally feasible, I was using breakpoints and `da
@esp..xxx; gc` to dump the headers. -
What would constitute a valid origin?
- 7 more replies
New conversation -
-
-
Oh I thought the app only allows you to reprogram mouse keys to something trivial but are saying you can reprogram them to issue <WIN>calc<ENTER>?
-
Yep, they document some of it here (ctrl-f for plugin registration): https://github.com/Logitech/logi_craft_sdk/blob/master/documentation/Craft_Crown_SDK.md#10-crown-sdk …
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.