It's not WebSockets it's your broken proxy
blog.pusherapp.comEverything I hear about WebSockets (things like http://www.ietf.org/mail-archive/web/hybi/current/msg02149.h... and http://blogs.webtide.com/gregw/entry/how_to_improve_websocke... and now this) makes me convinced the current draft standard is unworkable.
It doesn't really matter, since it's easier to fix four browsers under active development than it is to fix a myriad of old firewalls and proxies.
I'd expect to see exploits using Flash sockets as the attack vector before seeing attacks using native WebSockets.
A vast majority of the installations with these types of vulnerable firewalls don't allow outbound traffic on port 843 which flash needs to be able to communicate on to get raw socket communication permission.
Where are you getting the 20-30x number from? There is no demonstrated WebSockets attack in the "Transparent Proxies: Threat or Menace?" paper.
You're right, I reread the paper and I'm not even sure what I was thinking... I was going off of memory. Thanks, and corrected.