DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 18th June 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,135
Thanked 182 Times in 149 Posts
Default Microsoft says WebGL isn't secure enough

From http://www.h-online.com/security/new...h-1262818.html

Quote:
In the spirit of the famous articlePDF by Edsger Dijkstra, Microsoft says, in a piece entitled "WebGL considered harmful", that the 3D technology is not secure enough for its products. The blog post lists three reasons for this conclusion: first, browser support for WebGL gives web applications direct access to hardware; second, there could be security flaws in third-party software (such as in graphics drivers); and finally, Microsoft says that operating systems do not currently offer any protection against denial-of-service attacks on graphics cards.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #2   (View Single Post)  
Old 18th June 2011
rocket357's Avatar
rocket357 rocket357 is offline
Real Name: Jonathon
Wannabe OpenBSD porter
 
Join Date: Jun 2010
Location: 127.0.0.1
Posts: 317
Thanked 9 Times in 9 Posts
Default

It's got to be pretty insecure for Microsoft to pick on it. I mean, until they enhance it with their own insecurities...
__________________
Linux Admin by Profession. OpenBSD user by choice.
Reply With Quote
  #3   (View Single Post)  
Old 18th June 2011
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Helpful companion
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Thanked 193 Times in 184 Posts
Default

Hmm, they must have acquired a security expert recently.. better late than never.
Reply With Quote
  #4   (View Single Post)  
Old 18th June 2011
comet--berkeley comet--berkeley is offline
Old programmer/hacker
 
Join Date: Apr 2009
Posts: 90
Thanked 1 Time in 1 Post
Default

Quote:
Originally Posted by BSDfan666 View Post
Hmm, they must have acquired a security expert recently.. better late than never.
Is Microsoft worried about our security?

The announcement might have to do with the fact that WebGL is supported by Microsoft Explorer's competition:
Mozilla Firefox, Google Chrome, Opera and Apple Safari

Here is an article from The Register:

Firefox web 3D engine fosters image theft bug


But to be fair, security holes do need to be plugged.
Reply With Quote
  #5   (View Single Post)  
Old 19th June 2011
IdOp's Avatar
IdOp IdOp is offline
Too dumb for a smartphone
 
Join Date: May 2008
Location: twisting on the daemon's fork(2)
Posts: 552
Thanked 14 Times in 13 Posts
Default

Quote:
Originally Posted by Microsoft
there could be security flaws in third-party software (such as in graphics drivers)
Gee. Are there any major desktop operating systems that use third-party graphics drivers? :?
Reply With Quote
  #6   (View Single Post)  
Old 19th June 2011
Ninguem Ninguem is offline
Shell Scout
 
Join Date: Jun 2011
Posts: 136
Thanked 0 Times in 0 Posts
Default

What were the results on BSD and Linux?
Reply With Quote
  #7   (View Single Post)  
Old 20th June 2011
thirdm thirdm is offline
Package Pilot
 
Join Date: May 2009
Posts: 195
Thanked 3 Times in 3 Posts
Default

Quote:
Originally Posted by BSDfan666 View Post
Hmm, they must have acquired a security expert recently.. better late than never.
Not so related to their mainstream products I'd guess, but...

push
http://www.zdnet.com/blog/microsoft/...ri-effort/2463

pop
http://www.zdnet.com/blog/microsoft/...microsoft/5620
Reply With Quote
  #8   (View Single Post)  
Old 22nd June 2011
drhowarddrfine drhowarddrfine is offline
VPN Cryptographer
 
Join Date: May 2008
Posts: 358
Thanked 9 Times in 8 Posts
Default

Microsoft always, always holds back the web and is years behind modern standards and practices.
WebGL security and Microsoft BS
But you knew that.

Last edited by drhowarddrfine; 22nd June 2011 at 12:57 PM.
Reply With Quote
  #9   (View Single Post)  
Old 22nd June 2011
CyberJet's Avatar
CyberJet CyberJet is offline
Real Name: Ramon
BSD Student
 
Join Date: Feb 2009
Location: Miami FL
Posts: 98
Thanked 0 Times in 0 Posts
Default

Good Morning,

Glad to hear the news and all your great comments!
Reply With Quote
Old 22nd June 2011
rocket357's Avatar
rocket357 rocket357 is offline
Real Name: Jonathon
Wannabe OpenBSD porter
 
Join Date: Jun 2010
Location: 127.0.0.1
Posts: 317
Thanked 9 Times in 9 Posts
Default

Quote:
Originally Posted by drhowarddrfine View Post
Interesting read. I wasn't aware that Microsoft was developing Silverlight to have GPU access (I figured they'd fallen behind as usual, to be honest)...that fact makes the situation even more laughable.

Vendor lock-in ftw.
__________________
Linux Admin by Profession. OpenBSD user by choice.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Encrypted == secure? passthejoe OpenBSD Security 13 9th November 2010 05:45 PM
how to secure my ftp? milo974 OpenBSD Security 3 4th August 2009 03:47 PM
Is this secure? Ungenious OpenBSD Security 4 30th November 2008 02:27 AM
The man from Microsoft. diw Other OS 14 15th October 2008 07:31 PM
I would like to secure a system kungfujesus OpenBSD Security 4 28th September 2008 04:30 PM


All times are GMT. The time now is 04:34 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick