SoylentNews is people
SoylentNews
From ZDNet:
Around half of the websites that use WebAssembly, a new web technology, use it for malicious purposes, according to academic research published last year.
WebAssembly is a low-level bytecode language that was created after a joint collaboration between all major browser vendors.
[...] However, while the vast majority of samples were used for legitimate purposes, two categories of Wasm code stood out as inherently malicious.
The first category was WebAssembly code used for cryptocurrency-mining. These types of Wasm modules were often found on hacked sites, part of so-called cryptojacking (drive-by mining) attacks.
The second category referred to WebAssembly code packed inside obfuscated Wasm modules that intentionally hid their content. These modules, the research team said, were found [as] part of malvertising campaigns.
(Score: 2) by arslan on Thursday January 09 2020, @10:02PM (8 children)
How is this different to back in the days when folks install random desktop apps downloaded from ICQ or even before then random media people hand around in school/college/office/magazines?
The web and browsers aren't the root of the problem here - banning tech advancement just because it is adds a channel for stupidity/malfeasance isn't really the answer especially when said tech advancement has benefits.
(Score: 2) by Unixnut on Thursday January 09 2020, @10:22PM
> How is this different to back in the days when folks install random desktop apps downloaded from ICQ or even before then random media people hand around in school/college/office/magazines?
Or a more apt example: ActiveX and java applets, which were binaries run straight off the web in your browser. They were really good, but the problem was the lack of clear security and sandboxing for ActiveX (it was a security nightmare) as well as not being cross platform (it was windows only), and Java applets (while cross platform) were so slow to start (because they had to start the entire JVM just for each small browser applet).
As technologies, when properly applied and used, were great, but they were crippled by mistakes made in their development and tech limitations of the time. We have had decades of development and improvement in security/encryption/browser sandboxing, so Webassembly might be an improvement over using Javascript (hell, people "compile" code to java via ASM.js, to emulate an equivalent of webassembly already, but less efficient).
(Score: 3, Insightful) by maxwell demon on Friday January 10 2020, @12:05AM (4 children)
It is different in that those random desktop apps didn't install themselves just from you opening ICQ, Nor did those random media insert themselves into your drives. That is, you needed an action to get this onto the computer. That many people did that action without thinking surely is true, but the point is, you could effectively protect yourself by simply not doing those things. You didn't have to actively defend against them.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by arslan on Friday January 10 2020, @12:19AM (3 children)
Opening the browser and typing in a URL or clicking on a link is an action.
(Score: 0) by Anonymous Coward on Friday January 10 2020, @02:16AM
(Score: 1, Touché) by Anonymous Coward on Friday January 10 2020, @09:00AM
Great, so your solution to webassembly is to stop using the internet?
(Score: 0) by Anonymous Coward on Friday January 10 2020, @03:48PM
If you really are missing the point by saying that, then perhaps you're best left as part of the example of why things are worse today than they were back then.
(Score: 4, Insightful) by shortscreen on Friday January 10 2020, @01:22AM (1 child)
What advancement? Users are losing control of their hardware and it's being handed over to third parties instead. That's not an advancement. Those third parties that build the websites, build the OS, build the applications, and even the hardware vendors themselves are colluding to ensure that all the locks, adware, backdoors, and spying are required to be enabled for any of their stuff to actually work so the user has fewer opportunities to opt out.
Remember the bad old days when nobody gave a hoot about security or the fact that two-digit years might wrap around someday? And we had to workaround those mistakes for years afterward? Many people don't remember and they are making the same mistakes today while claiming that it's an advancement. They are still adding those channels for stupidity/malfeasance. They've been saying all along that they'll make the web faster while it has become orders of magnitude slower, and they'll make it easier to use while the GUIs are now some flat monochrome shit from 1983.
(Score: 2) by arslan on Sunday January 12 2020, @09:39PM
You're describing a world where everyone is at your level and situation. Reality is it is not. I've been working in the financial sector for the last couple decades, I can tell you it is a race to the bottom as tech is a cost center and the profit centers want everything cheap and quick. Even right now when we have Royal Commissions and bank CEOs/Chairmans being fired for negligence here in Oz - it is business as usual.
Control of hardware? I'd rather trust amazon/google than our poorly funded low cost resource center when it comes to plumbing and basic sanitation.