facebook rss twitter

Microsoft dismisses WebGL over security concerns

by Hugo Jobling on 17 June 2011, 14:03

Tags: Internet Explorer, Microsoft (NASDAQ:MSFT)

Quick Link: HEXUS.net/qa6ff

Add to My Vault: x

Insecurities

It seems that Internet Explorer won't be getting WebGL support any time soon. In a TechNet blog post Microsoft explained that it will not be supporting WebGL, due to a number of security concerns - none of which are likely to be addressed, as they are fundamental to the working of WebGL.

The problem, as Microsoft sees it, is that WebGL gives web services too unrestricted access to graphics hardware. Moreover, Microsoft has concerts that vendor-specific vulnerabilities could surface (as different GPU manufacturers produce their own drivers, and tweak the hardware in their own way), making for a security nightmare.

As a result, "[Microsoft believes] that WebGL will likely become an ongoing source of hard-to-fix vulnerabilities. In its current form, WebGL is not a technology Microsoft can endorse from a security perspective. We recognize the need to provide solutions in this space however it is our goal that all such solutions are secure by design, secure by default, and secure in deployment."

It's not all bad news, though. Although Microsoft won't support WebGL in its own browser, plenty of others will. Firefox, Chrome, Safari and Opera all either already support the standard, or are adding support in future versions - even iOS 5 will offer some WebGL capabilities, although only to iAd developers, not via the browser proper.

Even Internet Explorer users unable, or unwilling, to change browser can still get a semi-solution, in the form of Google's Chrome Frame. But, really, if you're in an environment where IE is your only option, WebGL support is probably the least of your worries.



HEXUS Forums :: 4 Comments

Login with Forum Account

Don't have an account? Register today!
Well I would have NEVER in a million years said this would happen 10 years ago.

The thing is the are un-doubtedly right. There are hudge security issues with Web GL because no current OS or GPU takes security measures around it.

Calling the drivers bugs is a bit miss leading, because its more a flaw that is required and presto, you've got ring 0.

Still Safari will be OK because 2% isn't worth the effort, but chrome users might find their perfect record tarnished a bit.
“…it is our goal that all such solutions are secure by design, secure by default, and secure in deployment.”
Does this mean they will start salting user passwords now?

Anyway, I agree about WebGL, I have it disabled in every browser until it gets sorted properly.
guessing your meaning the caching of NTLM hashes which weren't salted like the SAM files?

haven't they stopped doing that by default since XP SP2?
Maybe I'm getting confused. But I recently tried and succeeded with little effort to crack an NTLM hash with rainbow tables on XP SP3. Just a little rant of mine - I don't see any reason to not use salts. I've yet to try on a newer OS but out of interest I did some research and heard nothing has changed (except for LM hashes being disabled by default).