Security of HTML5 May Not Live Up to Promise

guest · May 25, 2018

Security of HTML5 May Not Live Up to Promise
May 25, 2018
https://www.infosecurity-magazine.com/news/security-of-html5-may-not-live-up/

In a blog posted today, The Media Trust wrote, “The malware, which has produced at least 21 separate incidents affecting dozens of globally recognized digital media publishers and at least 15 ad networks, uses JavaScript commands in order to hide within HTML5 creative and avoid detection. The scale of the infection marks a turning point for HTML5’s presumed security and demonstrates the advances malware developers have made in exploiting the open standards’ basic functionality to launch their attack.”

Introduced as code that enabled an improved user experience when playing multimedia content on computers and mobile devices, HTML5 has served as a viable and more secure alternative to the Flash plugin.

However, the malware team at the Media Trust has discovered that the very attributes that allow HTML5 to deliver the content of popular formats without external plugins are also being used to cloak malware. By breaking it into smaller parts, the malware is harder to detect, but when certain conditions are met, those broken parts are pieced back together.

[...] In addition, no antivirus solutions have been able to stop any previous versions of HTML5 malware.
Click to expand...

guest · Jun 20, 2018

Media Trust warns of malware in HTML5 ads
It’s now booming, says this monitoring service of ads and other third-party code, and marketers need to get control of their ads.
June 18, 2018
https://martechtoday.com/media-trus...c=ml&utm_medium=textlink&utm_campaign=mlxpost

When HTML5 was being promoted as a replacement for Adobe’s Flash, security was a key reason.

But, according to Media Trust CEO Chris Olson, “HTML5 is not this panacea and safe haven.” In fact, his company — which monitors third-party code and advertising for brands — has come across a wave of malware on HTML5 ads on mobile and desktop web, with some wavelets beginning to hit HTML5 ads on apps.

“We are seeing more badness in HTML5,” he told me, such as a higher frequency of incidents and bigger attacks.
The malware does such badness as auto-directs that automatically steer users to unsafe sites, or pop-up windows that urgently ask users for confidential info.

And iOS devices, which have often been spared the worse of previous waves of malicious software, are seeing a huge jump in malware from the cross-platform HTML5 ads, according to the company.
Click to expand...

Minimalist · Jul 16, 2018

HTML5: a devil in disguise

In today’s digital age, online users have become much more demanding about the quality of the websites or applications they are using. They have come to expect an optimized user experience as a basic requirement and HTML5 has played a key role in enabling developers to improve user experience, without the security risks associated with plugins like Flash. Indeed, after the series of reported Adobe Flash vulnerabilities in recent years, browser vendors, publishers and developers have turned to HTML5, which seemed to promise greater security and more advanced features. As a result, the percentage of websites that use HTML5 has grown to 70 percent.

However, despite HTML5 being universally supported on various devices as well as web and mobile platforms, it has a security issue of its own. Over the last couple of months, The Media Trust Digital & Security Operations team discovered numerous malware incidents that calls into question HTML5’s security reputation.
Click to expand...

https://www.csoonline.com/article/3290420/malware/html5-a-devil-in-disguise.html

Rasheed187 · Jul 21, 2018

I've said it for years, the people who design all kind of useless HMTL and JavaScript functions are the people who ruined the web, combined with idiotic web developers of course. The web should have been a place with super fast loading websites, but just look at all of the crap that browsers have to deal with.

Log in or Sign up

Security of HTML5 May Not Live Up to Promise

guest Guest

guest Guest

Minimalist Registered Member

Rasheed187 Registered Member

Log in or Sign up

Security of HTML5 May Not Live Up to Promise

guest Guest

guest Guest

Minimalist Registered Member

Rasheed187 Registered Member

Useful Searches