This is not just an isolated incident, it's the whole trend of limiting capabilities in the name of security and that's what I was referring to.
replyHowever in this particular case, even the security argument doesn't hold, either I:
a) know that I want to use USB - in that case I'll switch browsers or download a native binary (even more unsafe), it's not that I'd decide that I no longer want to flash my smartphone
b) I don't understand what's happening but I follow arbitrary instructions anyway - WebUSB changes nothing.
A native binary can be verified by anti malware systems, and once installed and working, poses no security risk.
replyA 0day in a browser for the WebUSB system would allow any website to mess with arbitrary USB devices connected to your computer.
While the browser sandbox is generally safe, it is also a huge target, and with a security risk like that, it wouldn't surprise me if it's a prime target for black hats.
So instead of using trusted vendors or requiring tools with auditable code, we just allow everyone to be able to access the user’s devices?
replyWhat a concept. We could call it "Personal Computing."
replyNot really that personal when every webpage is itching to put their hands on it.
reply