Comment Re:But ... But ... But ... (Score 0) 523
One of the problems I have with nuclear fission technology is the fact that old plants are still on-line. With new plants we know how to make them secure.
One of the problems I have with nuclear fission technology is the fact that old plants are still on-line. With new plants we know how to make them secure.
No, this law should have tabs!
In firefox, you have various options to disable parts of HTML5:
webgl.disabled: https://bugzilla.mozilla.org/s...
network.websocket.enabled
full-screen-api.enabled
And if there is demand to disable HTML5 for certain websites on a click-to-play basis, either somebody will write an addon or the browser does it already itself. For example getusermedia asks for your permission before giving access to the camera.
Actionscript is only a language just like javascript too. Its only the APIs that make Actionscript as powerful as it is. And lot of those are still proprietary.
but the platform was intentionally designed to make it impossible for security reasons.
Perhaps thats true for some technologies, but as user agents didn't add those features to the web, all of those shiny features landed in flash or silverlight and ended up being less secure and more broken than before. Soon every website told you to install flash because it was so new and so cool.
So browser vendors had the choice: either add the features to the browsers themselfes, or rely on one company (Adobe, silverlight came later) and their "Browser inside a Browser".
Of course HTML5 is less secure, and especially WebGL allows the web (traditionally a very dangerous place) to access the graphics card without a dense safety net. But otherwise you would have unity web player or other technologies, which are basically punching holes exactly there where you build your safety net.
HTML5 isn't less secure because people wanted it to be less secure. They wanted to obsolete plugins, but still meet the Web's users demands. Do you have flash installed?
Getting access to the wire should be only the first step of a successful MITM, but yes the WiFi attack is the easiest if you know your target.
VPN is a good idea whenever using a public Internet service, since not all sites are encrypted and you don't really know who you're connecting to.
And you know your VPN better? You know and trust every of the stations appearing on the traceroute list when run on your VPN-ed network interface?
Yes, I also hate "free" WiFi where you have to login first, or install some stupid app. It should just simply work without all that.
After Goliath's defeat, giants ceased to command respect. - Freeman Dyson