HTML5 with Plentiful Holes can be Hacked with Old Tactics

Software giants all over the globe are eagerly looking forward to the about to be introduced web-standard -HTML5 that's supposed to help unite web-content presentation, expectedly soon. However, there's a difficulty with this standard i.e. it'll put end-users at the risk of innumerable security flaws. Goldsea reported this on August 11, 2011.

Announcing that there are too many flaws inside the upcoming HTML (Hypertext Markup Language) version, lecturer Ming Chow at Tufts University's department of computer science stated that these flaws could enable malware writers to easily insert malware into software programs or websites.

Chow further stated that the attack platform had recently become wider, adding that presently with HTML5, innumerable victims were possible to reach without difficulty because of the complications characterizing the fresh browser. VentureBeat published this on August 11, 2011.

Indeed, speaking at the Las Vegas-held Defcon Hacker Conference during the 1st-week of August 2011, Chow described the flaws' character. Briefly, the data-storage make of HTML5 opens doors to malware developers for injecting harmful code into software applications as also websites so that end-users' PCs along with other devices can be infected.

Moreover, Chow elaborated on data space volume related to cookies, confidential information and the like which aided in identifying an end-user. According to him, unlike the earlier 4KB of data space the present size would expand to 5MB, allowing malware developers to have plentiful space for storing any sort of hostile software that they could use for exploiting end-users' tools or gaining admission into their private data.

Significantly, a hacker might craft a bogus web-page for logging into a site within an end-user's PC through its client-side data space and thereafter utilize that web-page for filching his credentials. This appears similar to an erstwhile attack technique getting applied within one fresh attack environment; however, clues of the assault are as well simpler in concealing.

Meanwhile HTML5, which's yet being worked on, enjoys vital support from Apple, Microsoft and Google.

Eventually, while Chow isn't certain of easy patches for the security flaws, he suggests developers to just remain wary of the issues as also customize to the maximum possible extent.

Related article: Hotmail Account Holders Vulnerable to Latest E-mail Scam

» SPAMfighter News - 8/23/2011