It's not WebSockets it's your broken proxy

43 points by maxthelion 14 years ago | 6 comments
  • sedachv 14 years ago
    Everything I hear about WebSockets (things like http://www.ietf.org/mail-archive/web/hybi/current/msg02149.h... and http://blogs.webtide.com/gregw/entry/how_to_improve_websocke... and now this) makes me convinced the current draft standard is unworkable.
    • m_eiman 14 years ago
      It doesn't really matter, since it's easier to fix four browsers under active development than it is to fix a myriad of old firewalls and proxies.
      • luigi 14 years ago
        I'd expect to see exploits using Flash sockets as the attack vector before seeing attacks using native WebSockets.
        • trotsky 14 years ago
          A vast majority of the installations with these types of vulnerable firewalls don't allow outbound traffic on port 843 which flash needs to be able to communicate on to get raw socket communication permission.
          • mloughran 14 years ago
            Where are you getting the 20-30x number from? There is no demonstrated WebSockets attack in the "Transparent Proxies: Threat or Menace?" paper.
            • trotsky 14 years ago
              You're right, I reread the paper and I'm not even sure what I was thinking... I was going off of memory. Thanks, and corrected.