

It's not WebSockets it's your broken proxy - maxthelion
http://blog.pusherapp.com/2010/12/9/it-s-not-websockets-it-s-your-broken-proxy

======
sedachv
Everything I hear about WebSockets (things like [http://www.ietf.org/mail-
archive/web/hybi/current/msg02149.h...](http://www.ietf.org/mail-
archive/web/hybi/current/msg02149.html) and
[http://blogs.webtide.com/gregw/entry/how_to_improve_websocke...](http://blogs.webtide.com/gregw/entry/how_to_improve_websocket)
and now this) makes me convinced the current draft standard is unworkable.

------
m_eiman
It doesn't really matter, since it's easier to fix four browsers under active
development than it is to fix a myriad of old firewalls and proxies.

------
luigi
I'd expect to see exploits using Flash sockets as the attack vector before
seeing attacks using native WebSockets.

~~~
trotsky
A vast majority of the installations with these types of vulnerable firewalls
don't allow outbound traffic on port 843 which flash needs to be able to
communicate on to get raw socket communication permission.

~~~
mloughran
Where are you getting the 20-30x number from? There is no demonstrated
WebSockets attack in the "Transparent Proxies: Threat or Menace?" paper.

~~~
trotsky
You're right, I reread the paper and I'm not even sure what I was thinking...
I was going off of memory. Thanks, and corrected.

