I hate installing software on Windows
https://twitter.com/ProjectZeroBugs/status/1072615284085796865 …
AFAIK, they have office/photoshop/etc plugins, so you can have photoshop-specific functions when photoshop is focussed (e.g. color selection), and excel specific when excel is focussed (e.g. increment cell). Those native plugins talk json over websockets, because it's 2018 
-
-
Got it. So local apps make local ws requests to configure your mouse. Can we be sure none of them send an Origin header? Also, is the web server only listening on localhost or is it accessible remotely?

-
I didn't check them all, but I didn't see one in testing. It's localhost only, but a website can open a websocket to ws://127.0.0.1, so just visiting a malicious website is enough to screw with your peripherals, exploit memory safety issues, spy on apps, etc.
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.