PRTODAY / NewswireToday Free press release distribution service network

Written by / Agency / Source: NeonDrum Ltd

Check Ads Availability|e-mail Article


Are you the owner of this article?, Turn it PREMIUM with your LOGO instead - and make it 3rd party Ads-Free! within the next hour!

Context Highlights Additional WebGL Vulnerabilities and Raises More Questions for Khronos - Researchers at Context Information Security have identified further concerns about early implementations of new WebGL technology - Contextis.com
Context Highlights Additional WebGL Vulnerabilities and Raises More Questions for Khronos

 

NewswireToday - /newswire/ - Reading, Berkshire, United Kingdom, 2011/06/16 - Researchers at Context Information Security have identified further concerns about early implementations of new WebGL technology - Contextis.com.

   
 
Your Banner Ad Here instead - Showing along with ALL Articles covering IT Security/Anti-Spam Announcements

Replace these Affiliate Programs at ANYTIME! Your banner here within the next hour. Learn How!


 

Researchers at Context Information Security who exposed security flaws in WebGL last month have identified further concerns about early implementations of the new technology that allows web pages to draw fast 3D graphics to deliver a much richer experience to web users. In one example, a vulnerability in the Mozilla Firefox browser made it possible for malicious web pages to capture any screenshot from a target PC – including the user’s desktop, other web pages or applications. By revealing that none of the current implementations comply with WebGL conformance standards, Context also raises serious questions for Khronos, the consortium which has drawn up the WebGL specification and conformance tests.

Context’s original investigations discovered design level security issues that provide a ‘back-door’ to low-level parts of the operating system via some graphics cards, which were never designed to defend against this type of threat. Following further investigations, Context researchers have discovered that neither Chrome nor Firefox passed the 144 Khronos conformance tests for WebGL, including a number that are directly related to security.

“While Mozilla has taken steps to mitigate the original vulnerabilities and will fix this latest threat in the new version of its browser, scheduled for release on 21 June, we believe this is the tip of the iceberg for the difficult adoption of this immature technology, leaving users vulnerable,” says Michael Jordon, Research and Development Manager at Context.

“The fact that security-related Khronos conformance tests are not clearly identified has been a contributory factor in security issues being missed by developers of the current browser implementations of WebGL,” adds Jordon. “It would be unreasonable to expect full conformance to the complete specification of any new standard but some areas of WebGL need to be carefully implemented to prevent security issues arising. Browser developers should now start banning non-conformant configurations as they are identified until the security issues that have been highlighted are resolved.”

Context’s research also found that Khronos’ recommended defence against the Denial of Service issue, WebGL_ARB_robustness, is not fit for purpose. It is only supported by certain chipsets and operating systems such as NVidia on Windows and Linux, and the extension only offers mitigation and not a comprehensive solution to WebGLDoS issues.

The risks from WebGL depend on the web browser, operating system and graphics card being used. WebGL is currently supported only on Firefox and Chrome and currently users of Internet Explorer, Safari or Opera are not vulnerable to WebGL issues. “We would advise anyone at risk to disable WebGL until the security vulnerabilities have been addressed,” added Jordon. “We have been working with developers of the Firefox plug-in NoScript to include support to selectively disable WebGL and would recommend this plug-in to protect users from malicious Internet content.”

About Context
Context Information Security (contextis.com) is an independent security consultancy specialising in both technical security and information assurance services. Founded in 1998, the company’s client base has grown steadily based on the value of its product-agnostic, holistic approach and tailored services combined with the independence, integrity and technical skills of its consultants.

The company’s client base now includes some of the most prestigious blue chip companies in the world, as well as government organisations. As best security experts need to bring a broad portfolio of skills to the job, Context staff offer extensive business experience as well as technical expertise to deliver effective and practical solutions, advice and support. Context reports always communicate findings and recommendations in plain terms at a business level as well as in the form of an in-depth technical report.

Issued by: Context Information Security, T: +44 (0)20 7537 7515

For more information for editors, please contact:
Peter Rennison / Allie Andrews - PRPR
T: +44 (0)1442 245030 / 07831 208109

Distributed by NeonDrum.com news distribution service on behalf of PRPR.

 
 
Your Banner Ad Here instead - Showing along with ALL Articles covering IT Security/Anti-Spam Announcements

Replace these Affiliate Programs at ANYTIME! Your banner here within the next hour. Learn How!


 

Written by / Agency / Source: NeonDrum Ltd

 
 

Availability: All Regions (Including Int'l)

 

Traffic Booster: [/] Quick Newswire Today Visibility Checker

 

Distribution / Indexing: [+]

 
 
# # #
 
IT Security Anti-Spam Computer Security - Purchase keywords tags antivirus software firewall spyware removal virus scan computer security IT Security Anti-Spam malware / Banner Ads!.

 
  Your Banner Ad showing on ALL
IT Security/Anti-Spam articles,
CATCH Visitors via Your Competitors Announcements!


Context Highlights Additional WebGL Vulnerabilities and Raises More Questions for Khronos

Company website links NOT available to basic submissions
It is OK to republish and/or LINK any newswire for any legitimate media purpose as long as you name Newswire Today and LINK as the source.
 
  Is this your article?
Activate ALL web links and social stream by Upgrading to Press Release PREMIUM Plan Now!

|
Publisher Contact: Liz Hartney - NeonDrum.com 
+44 7510 518732 news[.]neondrum.com
 
Newswire Today - PRZOOM / PRTODAY disclaims any content contained in this article. If you need/wish to contact the company who published the current release, you will need to contact them - NOT us. Issuers of articles are solely responsible for the accuracy of their content. Our complete disclaimer appears here.
IMPORTANT INFORMATION: Issuance, publication or distribution of this press release in certain jurisdictions could be subject to restrictions. The recipient of this press release is responsible for using this press release and the information herein in accordance with the applicable rules and regulations in the particular jurisdiction. This press release does not constitute an offer or an offering to acquire or subscribe for any NeonDrum Ltd securities in any jurisdiction including any other companies listed or named in this release.

IT Security/Anti-Spam via RSSAdd NewswireToday - PRZOOM Headline News to FeedBurner
Find who RetweetFollow @NewswireTODAY



Are you the owner of this article?, Turn it PREMIUM with your LOGO instead - and make it 3rd party Ads-Free! within the next hour!


Read Latest Articles From NeonDrum Ltd / Company Profile


Read IT Security/Anti-Spam Most Recent Related Newswires:

Frost & Sullivan Acclaims FireEye’s Dominance of the Global Advanced Malware Sandbox Market
High-Tech Bridge and Barracuda Join Efforts to Improve Web Application Security
Barracuda Simplifies Web Application Security for AWS Customers
Dell Unveils High-Performing, Quad Core Wyse 5060 Thin Client Designed for Knowledge Workers
Check Point vSEC Achieves AWS Security Competency
Gatwick Airport Relies on Splunk Cloud to Enhance Performance and Collaboration
For the Fourth Year, Flexera Software Named a Chicago Tribune 2016 Top 100 Workplace
Barracuda Announces Web Security Gateway Updates to Enhance Advanced Threat Protection, and Network Performance
Portnox Wins Top Honors from Frost & Sullivan for its Software-based Network Access Control Solution, the Portnox NAC
Infinera Powers Cloud Scale Networks with New DTN-X Platforms
ForeScout Named as One of the Fastest Growing Companies in North America on Deloitte’s 2016 Technology Fast 500
Comodo Launches New Full-lifecycle Digital Certificate Management Platform
Privatoria.net Launches An Effective Plugin to Simplify its Users’ Experience
Gigamon to Showcase its Innovative Visibility Fabric Solutions At RSA Conference 2016 Abu Dhabi
CenturyLink and Infinera Deliver 2.5 Tb/s of Super-channel DWDM Capacity at Super Computing 2016

Boost Your Social Network
& Crowdfunding Campaigns


LIFETIME SOCIAL MEDIA WALL
NewswireToday Celebrates 10 Years in Business


PREMIUM Members


Visit  Triggr & Bloom

Visit  La Bella Bakery Artisan Bakery Arizona





 
  ©2016 Newswire Today — Limelon Advertising, Co.
Home | About | Advertise/Pricing | Contact | Investors | Privacy/TOS | Sitemap | FRANCAIS
newswire, PR free press releases distribution service magazines engine news alert newsroom press room breaking news public relations articles company news alerts newswiredistribution ezine bizentrepreneur biznewstoday digital business report market search pr firms agencies reports distri-bution today investor relation successful internet entrepreneurs newswire distribution prtoday.com freenewswiredistribution asianewstoday bizwiretoday USA pr UK today - NOT affiliated with PRNewswire as we declined their partnership offer in 2013
 
PRTODAY & NewswireTODAY are NOT affiliated with USA TODAY (usatoday.com)