Avatar
Please consider registering
Guest
Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
Register Lost password?
sp_Feed sp_topic_old
WebGL - not all it was cracked up to be??
Avatar
Jim Hillier
Admin
Forum Posts: 2726
Member Since:
August 9, 2011
sp_UserOfflineSmall Offline
1
June 16, 2011 - 9:13 pm
sp_Permalink sp_Print

For the unenlightened: WebGL - short for web-based graphics library is (or perhaps was) the new hope for a universal 3D web graphics standard. Particularly useful for online games which utilize hardware-accelerated 3D graphics and for other visually intensive tasks.

WebGL is already built into the Chrome and Firefox browsers and it was hoped it would become the universal standard across all major browsers. However, as with many experimental technologies, everything worked out just fine under the pristine laboratory conditions but it hasn't fared too well in the real world (once security scrutiny kicked in).

It appears inherent vulnerabilities are the main stumbling block. Context Information Security, a reputable security firm, issued initial warnings in May and have now backed that up with specifics.

Microsoft, who have never been a fan of the proposed new standard, have jumped on the bandwagon issuing the following statement: [i:u4wtln7g]"We believe that WebGL will likely become an ongoing source of hard-to-fix vulnerabilities. In its current form, WebGL is not a technology Microsoft can endorse from a security perspective."[/i:u4wtln7g]

You can read through Microsoft's full statement, bluntly titled "WebGL Considered Harmful", [url=http://blogs.technet.com/b/srd/archive/2011/06/16/webgl-considered-harmful.aspx:u4wtln7g]HERE.[/url:u4wtln7g]

Context Information Security's initial May report (WebGL - A New Dimension for Browser Exploitation) can be viewed [url=http://www.contextis.co.uk/resources/blog/webgl/:u4wtln7g]HERE.[/url:u4wtln7g]

Their recent follow up report (WebGL

Avatar
David Hartsock
Admin
Forum Posts: 1117
Member Since:
August 7, 2011
sp_UserOfflineSmall Offline
2
June 17, 2011 - 3:16 am
sp_Permalink sp_Print

This is really a very interesting story given the big picture. Not much to worry about right now, but think of the future...

A browser is a direct vector into not one, but all, operating systems. Security with both current and future standards needs to be a priority for any browser!

Thanks for the head's up, Jim!

Forum Timezone: America/Indiana/Indianapolis
Most Users Ever Online: 2303
Currently Online: rvdtutors
Guest(s) 40
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Chad Johnson: 867
Mindblower: 701
carbonterry2: 356
Flying Dutchman: 278
grr: 211
Newest Members:
sunny01
snave53
daleoS
annaeat
BjourneX
Forum Stats:
Groups: 8
Forums: 20
Topics: 1974
Posts: 13651

 

Member Stats:
Guest Posters: 11
Members: 3256
Moderators: 7
Admins: 3
Administrators: Jim Hillier, Richard Pedersen, David Hartsock
Moderators: Carol Bratt, dandl, Jason Shuffield, Jim Canfield, Terry Hollett, Stuart Berg, John Durso
Scroll to Top