Posts tagged with "security"
Chrome is the only browser up to date, which honors plugin opactity setting. Thus, it is succeptible to clickjacking attack, which allows remote site to access the victim's webcam.
p.s.: it has a subproject dedicated to finding out if the script was obfuscated or not, sounds nice for automated submission systems in app stores and so on.
- Browser support for WebGL directly exposes hardware functionality to the web in a way that we consider to be overly permissive - The security of WebGL as a whole depends on lower levels of the system, including OEM drivers, upholding security guarantees they never really need to worry about before.
- Browser support for WebGL security servicing responsibility relies too heavily on third parties to secure the web experience - Without an efficient security servicing model for video card drivers (eg: Windows Update), users may either choose to override the protection in order to use WebGL on their hardware, or remain insecure if a vulnerable configuration is not properly disabled. Users are not accustomed to ensuring they are up-to-date on the latest graphics card drivers. [...] In some cases where OEM graphics products are included with PCs, retail drivers are blocked from installing. OEMs often only update their drivers once per year, a reality that is just not compatible with the needs of a security update process.
- Problematic system DoS scenarios - Modern operating systems and graphics infrastructure were never designed to fully defend against attacker-supplied shaders and geometry. [...] it will be possible for any web site to freeze or reboot systems at will.
Its nice to see that at least Microsoft is mature enough to not let a 3D hype threaten web landscape security. Hopefully, other vendors understand that too.
Facebook in particular is the most appalling spying machine that has ever been invented. Here we have the world’s most comprehensive database about people, their relationships, their names, their addresses, their locations and the communications with each other, their relatives, all sitting within the United States, all accessible to US intelligence. Facebook, Google, Yahoo – all these major US organizations have built-in interfaces for US intelligence. It’s not a matter of serving a subpoena. They have an interface that they have developed for US intelligence to use.
Now, is it the case that Facebook is actually run by US intelligence? No, it’s not like that. It’s simply that US intelligence is able to bring to bear legal and political pressure on them. And it’s costly for them to hand out records one by one, so they have automated the process. Everyone should understand that when they add their friends to Facebook, they are doing free work for United States intelligence agencies in building this database for them.
p.s.: and do not forget, CIA is by far not the worst possible information collector so when you [plan] to use any social network site, think about it.
- A number of serious security issues have been identified with the specification and implementations of WebGL.
- These issues can allow an attacker to provide malicious code via a web browser which allows attacks on the GPU and graphics drivers. These attacks on the GPU via WebGL can render the entire machine unusable.
- Additionally, there are other dangers with WebGL that put users’ data, privacy and security at risk.
- These issues are inherent to the WebGL specification and would require significant architectural changes in order to remediate in the platform design. Fundamentally, WebGL now allows full (Turing Complete) programs from the internet to reach the graphics driver and graphics hardware which operate in what is supposed to be the most protected part of the computer (Kernel Mode).
- Browsers that enable WebGL by default put their users at risk to these issues.
WebGL is not yet ready for production, and hopefully more people will see it before 3D mania will force vendors rolling out untested features into the wild.
|November 2013January 2014|
The best site for the coder on the Net. Browsers, CSS, DOM for the people.
Official Microsoft Internet Explorer developers' blog.
IE Library at MSDN
Internet Explorer Developer Center
Mozilla Developer Center
Opera Developer Resources
Google Chromium Project Blog
The WebKit Blog
More stuff about Chromium/Blink
- Stoyan Stefanov
Firefox Nightly News
Hire me! - at Freelance sites
c69 at Free-lance.Ru
If you want a professional CSS / HTML / JS / Consulting service for your site, dont hesitate to contact me.
- c69 at Weblancer.Net
c69 at oDesk.Com
**oDesk profile is visible to Authenticated oDesk users only
- c69 at StackCareers
c69 at LinkedIn
just write to linked in, i dont visit other sites.