WebGL - not all it was cracked up to be??

Avatar

Please consider registering
Guest

Search

— Forum Scope —






— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

Register Lost password?
sp_Feed sp_topic_old
WebGL - not all it was cracked up to be??
Avatar
Jim Hillier
Admin
Forum Posts: 2505
Member Since:
August 9, 2011
sp_UserOfflineSmall Offline
1
June 16, 2011 - 9:13 pm
sp_Permalink sp_Print

For the unenlightened: WebGL - short for web-based graphics library is (or perhaps was) the new hope for a universal 3D web graphics standard. Particularly useful for online games which utilize hardware-accelerated 3D graphics and for other visually intensive tasks.

WebGL is already built into the Chrome and Firefox browsers and it was hoped it would become the universal standard across all major browsers. However, as with many experimental technologies, everything worked out just fine under the pristine laboratory conditions but it hasn't fared too well in the real world (once security scrutiny kicked in).

It appears inherent vulnerabilities are the main stumbling block. Context Information Security, a reputable security firm, issued initial warnings in May and have now backed that up with specifics.

Microsoft, who have never been a fan of the proposed new standard, have jumped on the bandwagon issuing the following statement: [i:u4wtln7g]"We believe that WebGL will likely become an ongoing source of hard-to-fix vulnerabilities. In its current form, WebGL is not a technology Microsoft can endorse from a security perspective."[/i:u4wtln7g]

You can read through Microsoft's full statement, bluntly titled "WebGL Considered Harmful", [url=http://blogs.technet.com/b/srd/archive/2011/06/16/webgl-considered-harmful.aspx:u4wtln7g]HERE.[/url:u4wtln7g]

Context Information Security's initial May report (WebGL - A New Dimension for Browser Exploitation) can be viewed [url=http://www.contextis.co.uk/resources/blog/webgl/:u4wtln7g]HERE.[/url:u4wtln7g]

Their recent follow up report (WebGL

Avatar
David Hartsock
Admin
Forum Posts: 1111
Member Since:
August 7, 2011
sp_UserOfflineSmall Offline
2
June 17, 2011 - 3:16 am
sp_Permalink sp_Print

This is really a very interesting story given the big picture. Not much to worry about right now, but think of the future...

A browser is a direct vector into not one, but all, operating systems. Security with both current and future standards needs to be a priority for any browser!

Thanks for the head's up, Jim!

Forum Timezone: America/Indiana/Indianapolis

Most Users Ever Online: 188

Currently Online: Richard Pedersen
18 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Member Stats:

Guest Posters: 10

Members: 1323

Moderators: 3

Admins: 4

Forum Stats:

Groups: 8

Forums: 19

Topics: 1556

Posts: 11930

Administrators: Jim Hillier, Richard Pedersen, David Hartsock, Marc Thomas

Moderators: Judy Novotny, Jason Shuffield, Mail Poet