Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Security Issues Call for Disabling WebGL

Context Information Security a security consulting firm stated that the WebGL standard for the Web with which 3D-graphics could be turned on any PC running a suitable Web-browser was risky since it let the content in that browser to nearly straight away gain admission into the graphics hardware of the system. V3.co.uk published this on May 9, 2011.

Often the said graphics hardware isn't developed because of security reasons; therefore the associated API regards all software as trustworthy, while really that mayn't be so which puts the computer in danger of attack.

And when such an attack is executed, it can wholly stop the end-user from managing to access his PC thus resulting in the OS (operating system) to collapse via the proliferation of malware, or become benign to programs wherein driver code may've been erroneous leading to possible exploitable situations.

Incidentally, by designing dubious programs, online-crooks can execute DDoS (distributed denial-of-service) assaults alternatively, by intentionally drawing complicated three-dimensional geometry too that results in more time for GPU hardware to render. Actually, the objective of WebGL is for starting a 3D-API inside the browser after deriving it from an OpenGL, with this API being accessible via a JavaScript of a website that maybe employing it.

States Senior Security Consultant James Forshaw at Context, it's not difficult to make client DDoS assaults trivial, with solely the browser being impacted. Nevertheless, within the current instance, the assault wholly stops an end-user from gaining admission into his PC; consequently, making it significantly severe, adds Forshaw. V3.co.uk published this.

Actually a very familiar security problem affecting WebGL is the denial-of-service condition, which's even recognized within the latest standards documentation. Primarily due to the nearly straight admission into graphics hardware by the API derived from WebGL, it's feasible for designing dubious programs alternatively certain complicated 3D-geometry that's capable of making the hardware render only over a long time-frame, thus leading to the DDoS condition.

Eventually according to Forshaw, since research in WebGL is currently limited, Context believes that it can't yet be widely used instead IT managers and consumers require deactivating it within their browsers, thus reported V3.co.uk.

Related article: Securities Push Up A Must For Web Companies

ยป SPAMfighter News - 5/13/2011

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page