(peabee.substack.com)

1192 points gniting | 1 comments | 29 Mar 25 21:26 UTC | HN request time: 0.199s | source

Show context

cheschire ◴[29 Mar 25 23:43 UTC] No.43519772[source]▶

Can windows apps (not installed from the MS store) enumerate through the window titles of all open windows? How hard would it be for an app to monitor all of your web traffic based on the title alone?

Legit question. ChatGPT isn't super helpful here since it agrees with everything when I'm really looking for someone to say why this isn't really feasible in the real world.

replies(8): >>43519783 #>>43519798 #>>43519847 #>>43519871 #>>43520382 #>>43520475 #>>43521311 #>>43521404 #

bcoates ◴[30 Mar 25 01:42 UTC] No.43520475[source]▶

>>43519772 #

Windows has a whole different (looser, older) security model. There are no security barriers between windows running on the same desktop. (In particular, "UAC is [still] not a security barrier"--when you hit ok/type in a password to elevate a process, you’re effectively elevating the whole desktop and everything you're running.)

replies(2): >>43520653 #>>43520707 #

1. SpaghettiCthulu ◴[30 Mar 25 02:28 UTC] No.43520707[source]▶

>>43520475 #

Can you inject into an elevated process from a non-elevated one?

↑

Everyone knows all the apps on your phone