Our Belize – Nuestro Belice – Ons Belize – Tonë Belize – Bizim Beliz – Gure Belize – Nostre Belize – Naša Belize – Vores Belize – Meie Belize – Ang aming Belize – Meidän Belize – Notre Belize – Unsere Belize – Nou Beliz – Kami Belize – Ár Bheilís – Musu Beliza – Nosso Belize

Graphics Cards Face Internet-Borne Threats

By On May 12, 2011 · Leave a Comment

Is your graphics card driver an Internet attack vector?

Apparently so, as Context, a British security consultancy, released a security bulletin this week warning that the Web Graphics Library (WebGL) is vulnerable to denial of service (DoS) attacks and cross-domain image theft.

WebGL is a specification that allows Web browsers to use OpenGL–a 3-D, hardware-accelerated graphics API–with HTML5. WebGL is built into Firefox 4 and Chrome, and included with–but not enabled by default–in Safari. Many people see WebGL as a potential open source replacement for Flash, with some added benefits. Notably, WebGL is based on markup language, which means that unlike Flash, WebGL content can be indexed by search engines.

Results of a denial of service attack against WebGL include everything from making a computer unavailable to actually exploiting the machine.

The WebGL documentation itself contains a warning that the specification is subject to denial of service attacks: “It is possible to create, either intentionally or unintentionally, combinations of shaders and geometry that take an undesirably long time to render,” in effect shutting down the graphics card.

So what is WebGL?

It’s a way to let components on webpages display 3D models using the full power of the graphics card in the computer. Effectively this exposes some portions of the graphics card’s software via the browser to the Internet.

US-CERT recommends to turn off WebGL in the browsers that do support it.

How to disable webgl in firefox 4.0.1:

  • Type about:config in the address bar. And toggle the webgl.disabled variable to true.
  • Restart Firefox browser, WebGL is now disabled in Firefox 4.

We can confirm this stops webgl from working on this page. It shows a spinning box if you have webgl, and a rectangle if you don’t.

How to disable webgl in chrome:

  • Right click on Chrome shortcut, click Properties append –disable-webgl after chrome.exe in the Target field.

We can’t confirm this will disable WebGL for Chrome as you may still get “WebGL initialization failed” error prior adding above said string. You can visit Chrome experiments page to test WebGL is still working or not.

References and far more detail:

Related articles
Enhanced by Zemanta
Print Friendly
Tagged with:
 
If you enjoyed this article, please consider sharing it!

Leave a Reply

Your email address will not be published. Required fields are marked *

*


four × 1 =

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="" escaped="" highlight="">