Hackers are after sensitive data, because exploiting it can lead to big payoffs. Even if your company is small, it can still be a lucrative target for cyber thieves. While it’s impossible for the business owner or risk manager to understand all the cyber dangers out there – as they constantly change and evolve – acquiring basic knowledge of the different sources of those dangers is time well spent.
One of the growing threats comes from the increased adoption of HTML5, the most recent version of the programming language used to construct web sites. A CNN report explains the big advancement of HTML5 is that it allows the browser software – Internet Explorer, Firefox, Chrome, Safari, etc. – to perform functions that used to be accomplished only through installing additional applications into the browser. So for example, before HTML5, part of a web site might not be displayed correctly or have interactivity without a Java plug-in.
HTML5 also allows a web programmer to create a similar visual interface across devices, meaning that constructing a robust web site for a smart phone no longer necessitates creating a mobile app.
Most current versions of Internet browsers already include some functionality for HTML5, and it will become ubiquitous in the future.
But there are problems with the architecture of HTML5. In their 2013 Threat Predictions report, the security experts at McAfee explain that despite the many new features of HTML5, it will also leave your computer more vulnerable to attack. One reason for this is the way HTML5 handles commands.
Old browsers essentially acted as a barrier or layer of protection between content coming in from the outside world and the computer’s operating system and hardware. But by sidestepping the need for third-party plug-ins, HTML5 allows potentially damaging data to pass through the browser and directly into the core of the computer.
According to McAfee, it has already been proven that the bad guys can use this fact to remotely break into a computer’s graphics memory and steal screenshots from the computer. There are other nefarious commands that a rogue web site could execute on an unknowing victim’s computer as well, including performing reconnaissance on files stored on the hard drive.
It’s important to note that the security vulnerabilities in HTML5 are not simply bugs that can be easily patched. Rather, they are the outflow of the intent and design of HTML5 to make the computer’s job of rendering web content into the browser more efficient and advanced.
Essentially, with the good of an advanced HTML language comes the bad of increased points of potential hacking attacks.