BlueHammer abuses Windows Defender's update process to gain SYSTEM access(hackingpassion.com)
19 pointsby BullsEye06 hours ago5 comments
  • zx80805 hours ago
    Breaking text selection is a VERY user-hostile web development trick. Thank you, seriously.
    • stingraycharles4 hours ago
      This website is one of the most user hostile I’ve encountered in a long time. On mobile it’s miserable.
    • duskdozer4 hours ago
      Is it meant to be ironic? It's also including a smooth-scroll.js, clipboard.js (No Flash. No frameworks. Just 3kb gzipped)
  • smcin5 hours ago
    Interesting but your site renders very badly on mobile; I have to scroll down through four screenfuls of ads or blank padding before I see a single paragraph of article, then more blank page. It is visually indistinguishable from an adfarm. Could you fix that?
    • meandmycode4 hours ago
      More like ads passion, truly a lot of better results from searching using your favourite search index..
  • PeterWhittaker4 hours ago
    Site renders great for me, iOS Safari with blockers; text selection works fine.

    Yeah, I know, karma hit coming, but the other comments are so counter to my experience (I quite like the page and content) that I could not not comment.

    • fenykep3 hours ago
      Same for me (brave android). The blocking of text selection is annoying tho.
  • dist-epoch4 hours ago
    If native code is running on your Windows (as opposed to JavaScript in the browser sandbox), you've already lost.

    It can steal your cookies and browser saved passwords, it can upload your photos or delete them.

    Privilege escalation to SYSTEM is the least of your worries.

    • drum554 hours ago
      More or less, no desktop OS other than Qubes and MacOS (to a very limited extent) can handle the user being even vaguely compromised, much less a user with privilege. Keys to the kingdom are already in the user domain, SSH keys, all your emails and photos, contacts, access to other devices in your network. The user can backdoor themselves to get passwords by modifying their own environment, can escalate by modifying the DNS settings of the users browser to gain more access. Root access by and large is completely irrelevant.
  • redsocksfan454 hours ago
    [dead]