WebGL Flaw Leaves GPU Exposed To Hackers 120
recoiledsnake writes "Google spent a lot of time yesterday talking up WebGL, but UK security firm Context seems to think users should disable the feature because it poses a serious security threat, and the US Computer Emergency Readiness Team is encouraging people to heed that advice. According to Context, a malicious site could pass code directly to a computer's GPU and trigger a denial of service attack or simply crash the machine. Ne'er-do-wells could also use WebGL and the Canvas element to pull image data from another domain, which could then be used as part of a more elaborate attack. Khronos, the group that organizes the standard, responded by pointing out that there is an extension available to graphics card manufacturers that can detect and protect against DoS attacks, but it did little to satisfy Context — the firm argues that inherent flaws in the design of WebGL make it very difficult to secure."
Re:dupe (Score:4, Insightful)
Do you mean that the article is a dupe, or that Google is duplicating the mistake Microsoft made with ActiveX and the whole "it is so convenient to let anyone in the world do whatever they please on my computer" mentality?
I asked about this at Google I/O! (Score:5, Insightful)
http://www.youtube.com/watch?v=WgbK0ztUkDM&feature=player_detailpage#t=3195s [youtube.com] is the video. In short, I asked the NaCl guy whether they knew what they were doing by letting NaCl clients access GPUs directly. His response was that they were doing everything WebGL does to protect the system from malicious code. That's unfortunately not sufficient.
Re:Horrible Article (Score:3, Insightful)
"A website can not in any way take advantage of crashing a user's computer"
Except those crashes are usually caused by buffer overflows which eventually lead to a well-crafted attack that causes remote code execution.
Re:dupe (Score:3, Insightful)
Don't worry, just like with the previous story they'll just claim it wasn't a flaw in Chrome (despite it bypassing the Chrome sandbox) and downplay it.
The whole thing... (Score:4, Insightful)
The key issue is: Putting your data in the hands of those you don't know is a uniformly bad idea. So is giving control of your computer's execution to those you don't know. There is no remedy for this kind of error, either -- once you hand your data over, you have lost control of it, and in turn, you have lost control over the consequences of random third parties misusing your information.
The good news is that we have a broad set of extremely powerful applications available to us that run well in the local environment. Word processors, spreadsheets, sound, image and video editors, music and video library engines, educational software and a whole host more are all very well populated with traditional applications, so for the thinking user, there is no need to "go to the cloud" for classic compute tasks. Instead, the net can be used for communications, both as its heritage dictates and as the most sensible domain fit, while personal data and execution permissions remain secure in and at the local environment.
To help protect yourself, I suggest beginning by disabling flash, scripting and use only CSS/HTML in the web-facing interface. As a side benefit, surfing is much more pleasant without pop-overs, flash ads, and many other corporate infections of the network.
Neither Google or any other corporation has your best interests in mind. Start from that understanding, and the world will make considerably more sense.
Re:The whole thing... (Score:3, Insightful)
insightful users (a minority, as always) will resist this trend with traditional in-machine applications and fully local storage of data.
Let's hope those insightful users are also insightful enough to actually have backups.
The key issue is: Putting your data in the hands of those you don't know is a uniformly bad idea. So is giving control of your computer's execution to those you don't know.
And it's not possible to avoid both of these, sorry. In fact, it's not possible to avoid the latter at all.
The good news is that we have a broad set of extremely powerful applications available to us that run well in the local environment.
The bad news is that any local application has at least as much access as these web apps do.
To help protect yourself, I suggest beginning by disabling flash,
Thus "protecting" yourself from YouTube, FreeFillableForms (the only way to file US taxes online that I know of), etc.
scripting
Thus "protecting" yourself from things like Gmail, Google Instant Search, and... Do I really need to spell it out? I get the noscript mentality, but disabling these things entirely is both paranoid and backwards. It's a bit like unplugging your machine from the Internet -- sure, it's more secure, but it's also much less useful.
As a side benefit, surfing is much more pleasant without pop-overs, flash ads,
For which we have more specific approaches, like Adblock.
Neither Google or any other corporation has your best interests in mind.
It does help when their interests are aligned with yours, however, and this usually isn't hard to determine. But I'm again at a loss to how you get from that understanding to railing against applications in the browser. The browser application has only the data I allow it. The local application, unless I take great pains to sandbox it, has access to everything I have locally and the network. I can understand wanting to be sure your data is stored safely, whatever "safely" means to you -- I care less about privacy and more about reliability, but you can tweak both knobs as you like. But given the choice between an application that runs locally, and one which runs in the browser, which is already a sandbox, I'll choose the browser app every time unless I have a compelling reason to trust the application and sensitive data I don't want to leave my machine -- and even in that case, it's possible to run some web apps offline and, at the user's discretion, give them more access than any arbitrary web app should.