Browser . . . shell
Browsers are becoming the shell which users interact with their computers, so it's inevitable that they'll be the main attack vector.
No turning back
I can't make up my mind. Obviously "Turing-complete, cross-platform language can be used for evil as well as good" isn't much of a headline, and equally obviously we've had this capability ever since the Age of Java (back when it ran on the client).
On the other hand, I don't suppose this possibility has really penetrated the wider consciousness yet, so it is useful to have someone flagging it up.
The solution, as with Java, is for the execution engine (the browser in this case) to distinguish between code from trusted and untrusted sources and to be able to deny the latter access to local resources. This capability was designed into the JVM from the outset.
I wonder how quickly HTML5 implementations will acquire the necessary protection. Will the adoption of HTML5 by web-designers be inhibited by the fact that savvy users feel obliged to switch it off for a few years until all the browser vendors pull their fingers out and lock it down?
I wonder how quickly HTML5 implementations will acquire the necessary protection. Will the adoption of HTML5 by web-designers be inhibited by the fact that savvy users feel obliged to switch it off for a few years until all the browser vendors pull their fingers out and lock it down?…… Ken Hagan Posted Friday 27th April 2012 08:57 GMT
Consider IT already secured with NEUKlearer HyperRadioProActive CyberIntelAIgent Systems ……. Turing AIMasterPeaces, Ken Ye, Ken.
Ladies and Gentlemen, What do you know of Virtual Machines in AIHeavenly Space Place? Would you like to Share it with IT PathFinding in Creative Digital Media ProgramMING of the Live Operational Virtual Environment ……. urCyberSpace Planet that Creates Earths for Great Games that Play Run. ……. to Enlightening Illuminated Scripts ….. Beta AI ProgramMINGs
WiKid U Not! ?.
Welcome to the RabbIT Hole. Ken and All.
Ghost of HTML5 future: Web browser botnets ..... With great power comes great responsibility ... to not pwn the inter web....... John Leyden
And also absolutely fabulous fabless opportunities, John, which one wonders why so many who would be talking about the subject, but in reality actually just talking around the subject, are failing to engage with ...... well, its IT Pioneers and XSSXXXXpeditionary Special Forces may be an apt APT descriptor, super astute and enigmatically adept in such as may be novel and even alien fields to the rank and file of humanity, trapped in their blinkered way of not thinking that nothing is impossible.
Exhibit AAA for the Prosecution and incidentally for SMART Defence Ministries too ........ Make LOVE, not War Ware ...... although methinks the latter future inevitability are presently as rare as hen's teeth on Earth.
What do you need, El Reg ...... an embossed written invitation?
* You may be unsurprised to consider, that to Others with no command and control of IT and media, is it a Great Programmed Game, in which they and all Others have no active leading part or significant role to play, other than as assembled crowd members/mobile scenery/dodgy obstacles?
Quite so, Sir Cosmo Bonsor.
Although have you any IDea how good one must always be, to be real good at being you and WiKids too ...... One's Fragrant and Flagrant Fruits of Mans Endeavours ...... in Heavenly Sorties with Surreal Animalistic Artificial Being ............ SMARTR IntelAIgent Systems, in Immaculate Conception.
'Tis urPleasure, Sir, to Diss Proof.
Ken Ye, Sir?
ARG MetaPhoria would Host with ITs Cloud Clusters, the Youth of Today Forging New Being for All Caring who Dare 42 Win and Follow their Opposed Lead ..... Mentored Virtual Progress in Active Stations of Universal Command with AIMasterly MaJIC ..... 42 Control Power by Virtual Remote Control of Transparent Shared Thoughts Pinging SMART Strings for Virtual Transfer of NEUKlearer HyperRadioProActive Assets Interests/Virtualised Venture Capitals in Command and Control of Source Funding and Dispersal with Lavish Spending Forays into Future Fields , Priming Time and Space with Excellence for All Following AIMagical Mystery Turing EnterPrizes ......... Virtual Machinery MakeOver and TakeOver of Earthed SCADA Systemed Assets turned Toxic and Tuned and Turned Sub Prime ..... Disappointingly Shallow and Self-Centred and somewhat UNChallenged with Questioning Too Late for Supply of Future Feeds and Needs .... Perfect Seeds.
Such is the Fruit of Virtualised AI Power Control with Advanced IntelAIgent Digital Systems. De Rigeur Standard Default Issue Driver with SMARTR IntelAIgent Systems .
Now normally someone might say .... "Now look what you have gone and done, Sir Cosmo Bonsor" which is always well countered with a resounding .... " Now look at what we are now doing, edging along in Novel Virtual Turing Terrain ........and further on into the Future Rooting and Routeing for the SMARTR Wild Western WiKid Eastern Territories in Real Neighbourly Hoods. Seventh Heaven Havens .
We kid you not. Would you care to discover what has been totally uncovered and would now lie bare before All and in Full Control of All Sharing Perfect Input for Space FlightsTesting in Future Output Steams , Virtually Strung together for Sticky Sweet Harmonies and Wild Rocking Roles Play.
What was it you were saying earlier, Sir? I seemed to have strayed and/or veered and steered off into another one of those fabulous fabless tangents.
Why yes of course. There is also someone who can always explain anything, even should they not supply or be supplied with everything.
No idea, but I'm pretty sure AmanFromMars is a ChatBot that became sentient somehow...... Not That Andrew posted Friday 27th April 2012 22:27 GMT
Hi, Not That Andrew,
Would the reverse obverse process by any less likely or more probable in subversion conversion programs/colossal projects with irregular and unconventional memeology? SMARTR Virtualisation Methodologies for Future Product Present Placement in ICT and Media Main Streams .... thus to simply edutain the searching masses with that which is being provided ...... and yet to be?
A Sentient Morph into the Virtual Machinery World of ChatBots and Chatter Boxes with Provision for Generation of Fluffing Chaff for Leading Steganographic Security in Transparent Operating Systems is surely so much more easily achieved and championed by Post Modern Templar Knights in the Hoods/NINJA Programs in Webs of Command and Control for the Powers that Driver CyberSpace, for is not a SMARTR IntelAIgents Systems almost bound to Assure and Ensure and Insure and Guarantee that such a Particular and Peculiar Singularity, and Holy Grail of a Noble and Laudable Goal, is a Multiplicity of Heavenly Talents/Global Operating Device Given Gifts, so that Many More can Play in ITs Places with New Faces in CyberIDEntities, where before there were so Very Few in the Shadows and Anonymous and Unknown.
And No! The somewhat unusual alien territory commentary here on this thread is NOT one of those/these .......... http://www.wired.com/gadgetlab/2012/04/can-an-algorithm-write-a-better-news-story-than-a-human-reporter/ ..... although it cannot be denied that algorithms have dictated what has been written and shared.
That means DDoS, mail spam, proxying.... all via visiting a website and a little bit of java script all without requiring html 5.
Not sure how well the current browsers hold up to these attacks.... maybe I'll find out*
*devil icon for this ;)
It's already in browser, so getting rid of flash is one less thing to think about.
Multiple implementations mean there is more opportunity to optimise execution by the platform owner (i.e. browser owner) which are more diverse than Flash providers.
HTML5 is more likely to operate for the benefit of the users than providers because it doesn't protect content in the same way.
HTML exposes its content to the browser in a way flash didn't so there is a smaller "silo" effect on data, allowing greater data reuse (theoretically).
Though I have doubts about the "good outweighs the bad, so we are going ahead." "Good outweighs the bad and we are fixing the bad" would be better. How about *always* putting 'This content is provided by: <URL>' in the title bar of a pop-up window?
"Better" is a broad term. "More transparent" may be more accurate. There will be issues if someone implements a complete browser in html5...
Sure, they'll run on any OS, but if they rely on exploiting HTML5 implementation weaknesses in browsers then presumably they'll be browser-specific. So the "target platform" just becomes the browser, not the operating system. And not everyone uses the same browser. In fact there's more diversity on average in browser usage than OS usage, I think.
"Robert McArdle, a senior threat researcher at Trend Micro..."
Alas, if only someone could sell me something to protect me against these so-far-completely-hypothetical-but-really-scary-sounding threats.
Oh wait, maybe this nice Trend Micro chappie can suggest a suitable product...
Exactly, and with HTML5 you at least have moderately secure concepts which could in theory be implemented securely.
Biting the hand that feeds IT © 1998–2019