[GTALUG] Mozilla XUL is dead
Christopher Browne
cbbrowne at gmail.com
Mon Aug 24 13:02:08 EDT 2020
On Mon, 24 Aug 2020 at 12:10, Russell Reiter <rreiter91 at gmail.com> wrote:
> Not specifically XUL related but I find this quick read interesting. It
> seems that API's used for managing IoT endpoints are coming under ever
> increasing threat of attack from botnets during the pandemic and probably
> from now on.
>
>
> https://www.cequence.ai/blog/tales-from-the-front-lines-attackers-on-lockdown-focus-on-apis/
>
>
Not XUL-related, but I can see why you'd go there.
Yeah, if internal application APIs can cross network boundaries, then
they'll make nice targets for security attacks.
And the "XUL-like" aspect is that it's easy for these APIs to emerge, get
used in applications, head out onto the InterWebz, and then moulder away,
not being upgraded based on modern security exploits (e.g. - if there's any
crypto in XUL, it's easily plausible for its design to be circa 1997, when
XUL came about, and certainly wouldn't have fixes for exploits post-2017,
when it started getting deprecated).
I suppose that's much the same problem as with Flash. Much hated, but much
used, and people kept needing to run it even well after it got deprecated.
The more that APIs are auto-generated, such that the programmers might not
even be aware that anything *is* getting generated, yeah, I see that making
for good targets for those looking for vulnerabilities.
--
When confronted by a difficult problem, solve it by reducing it to the
question, "How would the Lone Ranger handle this?"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/talk/attachments/20200824/09dfad55/attachment.html>
More information about the talk
mailing list