WebSockets offer the promise of faster communications than traditional TCP -- but according to a pair of security researchers, there is a hidden risk. Speaking at the Black Hat conference last week, Qualys engineers Sergey Shekyan and Vaagn Toukharian detailed how WebSockets could be exploited for malicious gain.
Support for WebSockets is currently available in the latest Chrome, Firefox, Safari, and IE 10 web browsers. According to the two researchers, WebSockets are already in use by websites and embedded applications around the world today, and often without proper security.
Computer type PC/Desktop System Manufacturer/Model Number Home Built OS Windows 7 HP 64bit, Windows 8 Pro w/Media Center 64bit CPU Phenom II X6 1100T Motherboard ASUS M5A99X EVO Memory Crucial Balistic 8gb DDR3-1866 CL9 Graphics Card MSI R6850 Cyclone IGD5 PE Sound Card On Board Monitor(s) Displays ASUS VE258Q 25" LED with DVI-HDMI-DisplayPort Screen Resolution 1920 x 1080
Keyboard Logitech K120 Mouse Logitech Marble Mouse USB, Logitech Precision Game Pad PSU Seasonic X650 80 Plus GOLD Modular Case Corsair 400R Cooling Antec Kuhler H2O 620, Two 120mm and four 140mm Hard Drives Two WD Cavier Black 2TB Sata III, WD My Book Essential 2TB USB 3.0 Internet Speed 15MB Antivirus Norton IS 2012, Malwarebytes Pro Browser IE-10, FF-19 Other Info APC UPS ES 750, Netgear WNR3500L Gigabit & Wireless N Router with SamKnows Test Program, Motorola SB6120 Gigabit Cable Modem. Brother HL-2170W Laser Printer, Epson V300 Scanner
HTML5 WebSockets Identified As Security Risk problems?