Threat: Web Assembly Language

This is not for the faint of heart, but you should at least be aware that Big Tech has foisted upon us yet one more way they can seize control of our computers at their whims.

We’ve already seen how JScript (AKA EcmaScript) has been used to seize control of web browsers and engage in all manner of evil. For example, websites can read contents of your browser cache and even your computer file system. They can also force your web browser to perform various computational services for them, because most web browsers come pre-configured to surrender that control. The problem is not the use of JScript, but that the protocol itself is riddled with security holes and we cannot convince the faceless bureaucrats who control this stuff to close those holes. This is the “industry standard” and you have no say. I’ve discussed on this blog various ways to avoid surrendering that control, simply because no one out there is doing a darned thing to protect you from criminals who can also craft JScripts that will harm you.

Well now comes yet another protocol with the same nasty power over your browser: Web Assembly (WASM). A recent survey of sites noted that, so far, very few sites are using it. Yet, of those few sites already using it, half are up to no good. These WASM modules are used for crypto-currency mining with your computer resources. Just what we need: a whole new class of malware!

Thanks to the Open Source community, there is a defense from this abuse. But it’s not simple. Since I tend to use Mozilla-based browsers for most surfing, it’s easy to turn it off and forget about it. Pale Moon browser has it disabled by default, by the way. Chrome-based browsers require a commandline switch, which should indicate to you how Google is involved in promoting this kind of abuse. On Windows, for example, you have to add that switch to the icon properties for launching the application.

And people wonder why I am such a curmudgeon to accept the hassle of preferring browsers that are “crippled” — I still use Links2 for most of my surfing, and Lynx or Elinks for some of it. All those bells and whistles are just another way to prey on you.

Hat tip to Slashdot and the community of commentators there.

About Ed Hurst

Avid cyclist, Disabled Veteran, Bible History teacher, and wannabe writer; retired.
This entry was posted in computers and tagged , , , , . Bookmark the permalink.

1 Response to Threat: Web Assembly Language

  1. Jay DiNitto says:

    I’ve been out of the JavaScript game for a few years now, but it’s my understanding that the new versions of js (ECMA6) is more secure than the previous version. That is, if you program it correctly. It’s always better to write your own scripts, but just about every web dev uses some kind of js framework, and who knows what kind of vulnerabilities you’re taking on when you do that.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.