Running Windows 10 Anniversary Edition? Click this link and say yes to the prompts (You’ll, er, have to press CTRL+ALT+DELETE to exit and sign in again).
Back?
You just launched the hidden Take a Test app. Windows 10 Anniversary now includes a chromeless kiosk mode that web pages can launch. Basically any link in the format…
ms-edu-secureassessment:<URL>!enforceLockdown
…will launch the app. Administrators can even create user accounts that are locked down to single web pages where CTRL+ALT+DELETE is the only way out.
Notably there are some extended JavaScript APIs available when running under the kiosk mode – interestingly some even called getIPAddressList, getMACAddress and getProcessList. Yes, with a couple of prompts, a web page can launch the Take a Test app and get a list of the user’s running processes and their MAC address.
Wonder how long until this gets abused.
Article source
↧