Domain: contextis.co.uk
Stories and comments across the archive that link to contextis.co.uk.
Comments · 5
-
Pixel Perfect Timing Attacks
Easily one of the best technical talks I have ever seen; how timing attacks can be used to break the same origin policy and read the contents of a frame. This talk included demo's of an attacker site loading up a target site in a frame and reading the contents to grab the CSRF token. It was awesome. http://contextis.co.uk/files/Browser_Timing_Attacks.pdf
-
Re:64-bit gives better security
> WebGL gives any website in the world nearly direct access to exploit bugs in GPU drivers, significantly increasing the attack surface of the browser.
You are stating overblown past issues with zero evidence about future possible ones.
Exactly _how_ many bugs and exploits in WebGL has there been? Aside from _THREE_ issues about:
1. CORS / Cross-domain textures (fixed),
2. GPU VRAM reading using as WebGL texture (OSX only!), and
3. DoSI am not aware of any other code "exploiting bugs in the GPU drivers". Frankly , this is not primarily a GPU driver's issues but an OS and Browser issue. The fact that VRAM is not cleared when a WebGL program starts up is the bug, not unfettered access. This is like complaining a program can be run as 'admin/root' and read the memory of ALL processes. I say "like", because there is no concept of separate memory spaces on the GPU's VRAM.
Of course the bigger problem is why the browsers don't pass the Khronos security conformance tests. I am not sure what the _current_ status of modern browsers are.
Anytime "exploits" are mentioned the year/month should be included so we can gauge if we are discussing issues already fixed or relatively new ones.
References:
* http://www.contextis.co.uk/research/blog/webgl-new-dimension-browser-exploitation/
* http://www.contextis.co.uk/research/blog/webgl-more-webgl-security-flaws/
* https://hacks.mozilla.org/2011/06/cross-domain-webgl-textures-disabled-in-firefox-5/ -
Re:64-bit gives better security
> WebGL gives any website in the world nearly direct access to exploit bugs in GPU drivers, significantly increasing the attack surface of the browser.
You are stating overblown past issues with zero evidence about future possible ones.
Exactly _how_ many bugs and exploits in WebGL has there been? Aside from _THREE_ issues about:
1. CORS / Cross-domain textures (fixed),
2. GPU VRAM reading using as WebGL texture (OSX only!), and
3. DoSI am not aware of any other code "exploiting bugs in the GPU drivers". Frankly , this is not primarily a GPU driver's issues but an OS and Browser issue. The fact that VRAM is not cleared when a WebGL program starts up is the bug, not unfettered access. This is like complaining a program can be run as 'admin/root' and read the memory of ALL processes. I say "like", because there is no concept of separate memory spaces on the GPU's VRAM.
Of course the bigger problem is why the browsers don't pass the Khronos security conformance tests. I am not sure what the _current_ status of modern browsers are.
Anytime "exploits" are mentioned the year/month should be included so we can gauge if we are discussing issues already fixed or relatively new ones.
References:
* http://www.contextis.co.uk/research/blog/webgl-new-dimension-browser-exploitation/
* http://www.contextis.co.uk/research/blog/webgl-more-webgl-security-flaws/
* https://hacks.mozilla.org/2011/06/cross-domain-webgl-textures-disabled-in-firefox-5/ -
Re:WebGL getting worse not better :(
The WebGL news is pretty depressing. Found this recently (explained here)
I'm still very excited about having a real drawing API in the browser to work with that's not tied to MS or Adobe. Guess it'll still be a while until this tech is ready for prime time (sigh, been waiting YEARS already).
It's not helping that MS is slinging as much FUD as possible. Claiming that IE is "more secure than Chrome or Firefox" is laughable, but crap like this is not helping our case to the casual observer.
I don't care about IE, that is not really the question here, but do you really think it is a good idea to give web pages access to exploiting graphics drivers, the most buggy piece of software on any platform? This is ActiveX on stereoids.
-
WebGL getting worse not better :(
The WebGL news is pretty depressing. Found this recently (explained here)
I'm still very excited about having a real drawing API in the browser to work with that's not tied to MS or Adobe. Guess it'll still be a while until this tech is ready for prime time (sigh, been waiting YEARS already).
It's not helping that MS is slinging as much FUD as possible. Claiming that IE is "more secure than Chrome or Firefox" is laughable, but crap like this is not helping our case to the casual observer.