WebGL

win32sux · 05-11-2011, 12:53 AM

Quote:

The US Computer Emergency Readiness Team is advising users of the Mozilla Firefox and Google Chrome browsers to disable a recently added graphics engine that can be exploited to take control of end user computers.

The web standard known as WebGL opens the browsers to serious attacks, including the remote execution of malicious code, independent research consultancy Context Information Security recently warned. The technology made its debut in version 9 of Chrome and was added to the recently released Firefox 4. WebGL is also present in builds of Opera and Apple's Safari.

Complete Article

craigevil · 05-11-2011, 05:49 PM

In Firefox/Iceweasel open about:config and toggle webgl.disabled to true.

sundialsvcs · 05-12-2011, 08:50 AM

This merely emphasizes the point that end-user computers must also be secured. Above all else, this means ... "Windows users shall not run as Administrators!" And, it means that constantly active network-driven backups must be taken.

Pragmatically speaking, you can never completely prevent "rogue software" from being introduced into an end-user machine and running there. But you can prevent that software from successfully doing damage, either to itself or to others.

(Yes, Virginia, even Win-doze

can be made to be quite secure! Too bad that, in literally millions of installed systems, its rather baroque security features are inexplicably .. deliberately .. switched off!)

win32sux · 05-12-2011, 09:49 AM

Okay, but please don't let this become a Windows (or Windows vs. GNU/Linux) thread.